Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.01.2013, 23:05   #1
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Hallo, bitte helft mir! Ich habe nach dem mein Laptop eine neue Festplatte bekommen hat, alte Sachen von einer alten FB kopiert und z.T. neue Treiber herunter laden wollen. Heute beim avira scan sind mir oben genannte Trojaner begegnet. Wenn sie verschoben oder gelöscht werden sollen, tauchen sie dennoch ständig wieder auf, das gleiche bei dem Virus, der sich angebllich in system32 befindet. Auch Malwarebytes habe ich drüberlaufen lassen, Ergebnis war ähnlich.

Vor allem, aber findet es bei avira nur der Echtzeitscan, nicht der normale. Weiß nicht mehr, was ich noch tun soll, bitte helft mir!

Beim Schnelltest von Malwarebytes kam folgendes log heraus:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.07.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [Administrator]

Schutz: Aktiviert

07.01.2013 22:53:30
mbam-log-2013-01-07 (22-53-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204178
Laufzeit: 2 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 10
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search (PUP.ProtectedSearch) -> Keine Aktion durchgeführt.

Infizierte Dateien: 2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search\Protected Search Settings.lnk (PUP.ProtectedSearch) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Ich lasse noch einen langen Scan laufe und poste dann noch einmal was ich habe.

Alt 07.01.2013, 23:06   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 07.01.2013, 23:35   #3
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Ich habe weiter erst einmal keine weiteren Logs, nur immer wieder die Hinweise. Bei dem services.exe virus zeigt mir avira im echtzeitscan, folgendes: W32/Patched.UC.

Soll ich den laufenden Scan von Malwarebytes abbrechen?
Habe ich den Code oben falsch hineingeschrieben?

Edit habe Scan zu ende laufen lassen, am Ende kamen folgende Logs:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.07.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [Administrator]

Schutz: Aktiviert

07.01.2013 23:14:51
MBAM-log-2013-01-08 (00-19-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 345592
Laufzeit: 1 Stunde(n), 4 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search (PUP.ProtectedSearch) -> Keine Aktion durchgeführt.

Infizierte Dateien: 2
C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search\Protected Search Settings.lnk (PUP.ProtectedSearch) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
2013/01/07 22:01:44 +0100	USER-PC	User	MESSAGE	Executing scheduled update:  Daily
2013/01/07 22:01:48 +0100	USER-PC	User	MESSAGE	Starting protection
2013/01/07 22:01:48 +0100	USER-PC	User	MESSAGE	Protection started successfully
2013/01/07 22:01:48 +0100	USER-PC	User	MESSAGE	Starting IP protection
2013/01/07 22:01:48 +0100	USER-PC	User	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2013/01/07 22:02:00 +0100	USER-PC	User	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.12.14.11 to version v2013.01.07.09
2013/01/07 22:02:00 +0100	USER-PC	User	MESSAGE	Starting database refresh
2013/01/07 22:02:02 +0100	USER-PC	User	MESSAGE	Database refreshed successfully
2013/01/07 22:02:06 +0100	USER-PC	User	MESSAGE	Starting database refresh
2013/01/07 22:02:09 +0100	USER-PC	User	MESSAGE	Database refreshed successfully
2013/01/07 22:04:49 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 22:09:00 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 22:13:15 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 22:17:58 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 22:22:38 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 22:26:41 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 22:30:42 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 22:34:43 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 22:38:44 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 22:42:45 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 22:49:04 +0100	USER-PC	User	MESSAGE	Starting protection
2013/01/07 22:49:04 +0100	USER-PC	User	MESSAGE	Protection started successfully
2013/01/07 22:49:04 +0100	USER-PC	User	MESSAGE	Starting IP protection
2013/01/07 22:49:04 +0100	USER-PC	User	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2013/01/07 22:49:12 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 22:49:41 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 22:53:09 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 22:53:36 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 22:57:52 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 22:58:11 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:01:56 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:02:14 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:06:13 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:06:15 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:10:12 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:10:16 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:14:45 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:15:17 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:18:45 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:19:18 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:23:04 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:23:19 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:27:16 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:27:20 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:31:32 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:32:22 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:36:05 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:36:23 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:40:20 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:40:24 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:44:20 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:44:25 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:48:36 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:49:26 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:52:54 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:53:27 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/07 23:57:08 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/07 23:57:28 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
         
Code:
ATTFilter
2013/01/08 00:01:40 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/08 00:02:29 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/08 00:05:57 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/08 00:06:30 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/08 00:10:12 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/08 00:10:31 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/08 00:14:29 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/08 00:14:32 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/08 00:18:45 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/08 00:19:33 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
2013/01/08 00:23:03 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@	Rootkit.0Access	QUARANTINE
2013/01/08 00:23:34 +0100	USER-PC	User	DETECTION	C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@	Trojan.Clicker	QUARANTINE
         
__________________

Geändert von kiranoris (08.01.2013 um 00:25 Uhr)

Alt 08.01.2013, 19:33   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.01.2013, 21:23   #5
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Hallo danke, hier die Antwort von combofix

Code:
ATTFilter
ComboFix 13-01-08.01 - User 08.01.2013  21:06:48.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3957.2956 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Acer Bio Protection\PwdFilterV64.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\@
c:\windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\L\00000004.@
c:\windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\L\201d3dde
c:\windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\L\76603ac3
c:\windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\00000004.@
c:\windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\00000008.@
c:\windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\000000cb.@
c:\windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000000.@
c:\windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000032.@
c:\windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U\80000064.@
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-08 bis 2013-01-08  ))))))))))))))))))))))))))))))
.
.
2013-01-07 21:01 . 2013-01-07 21:01	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-07 21:01 . 2013-01-07 21:01	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-07 21:01 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-04 22:58 . 2013-01-04 22:58	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2013-01-04 22:46 . 2013-01-04 22:46	1060864	----a-w-	c:\windows\SysWow64\mfc71.dll
2013-01-04 22:45 . 2013-01-04 22:45	--------	d-----w-	c:\program files (x86)\Dll-Files.com Fixer
2013-01-04 21:46 . 2013-01-04 21:46	--------	d-----w-	c:\program files (x86)\eSobi
2013-01-04 21:29 . 2013-01-04 21:29	--------	d-----w-	c:\program files (x86)\Electronic Arts
2013-01-04 21:29 . 2013-01-04 21:29	--------	d-----w-	c:\program files (x86)\EgisTec IPS
2013-01-04 21:29 . 2013-01-04 21:29	--------	d-----w-	c:\program files (x86)\EgisTec Egis Software Update
2013-01-04 21:26 . 2013-01-04 21:26	--------	d-----w-	c:\program files (x86)\EgisTec
2013-01-04 21:23 . 2013-01-04 21:26	--------	d-----w-	c:\program files (x86)\DivX
2013-01-04 21:23 . 2013-01-04 21:23	--------	d-----w-	c:\program files (x86)\Cyberlink
2013-01-04 21:23 . 2013-01-04 21:23	--------	d-----w-	c:\program files (x86)\Conduit
2013-01-04 21:23 . 2013-01-04 21:23	--------	d-----w-	c:\program files (x86)\BS_Player
2013-01-04 21:23 . 2013-01-04 21:23	--------	d-----w-	c:\program files (x86)\Bonjour
2013-01-04 21:23 . 2013-01-04 21:23	--------	d-----w-	c:\program files (x86)\Bing Bar Installer
2013-01-04 21:20 . 2013-01-04 21:20	--------	d-----w-	c:\program files (x86)\Apple Software Update
2013-01-04 21:08 . 2013-01-04 21:08	--------	d-----w-	c:\program files (x86)\Acer Inc
2013-01-04 20:47 . 2013-01-04 21:08	--------	d-----w-	c:\program files (x86)\Acer GameZone
2013-01-04 20:28 . 2013-01-04 20:28	--------	d-----w-	c:\programdata\McAfee Security Scan
2013-01-04 20:28 . 2013-01-04 20:28	--------	d-----w-	c:\programdata\McAfee
2013-01-04 20:28 . 2013-01-04 20:28	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2013-01-04 20:26 . 2013-01-04 20:43	--------	d-----w-	c:\program files (x86)\Acer Arcade Deluxe
2013-01-04 20:23 . 2013-01-04 20:24	--------	d-----w-	c:\program files (x86)\Acer
2013-01-04 20:21 . 2013-01-04 20:23	--------	d-----w-	c:\program files (x86)\Google
2013-01-04 20:20 . 2013-01-04 20:21	--------	d-----w-	c:\program files\Paint.NET
2013-01-04 20:20 . 2013-01-04 20:20	--------	d-----w-	c:\program files\iTunes
2013-01-04 20:20 . 2013-01-04 20:20	--------	d-----w-	c:\program files\iPod
2013-01-04 20:20 . 2013-01-04 20:20	--------	d-----w-	c:\program files\Intel
2013-01-04 20:19 . 2013-01-04 20:19	--------	d-----w-	c:\program files\HP
2013-01-04 20:19 . 2013-01-04 20:19	--------	d-----w-	c:\program files\Google
2013-01-04 20:19 . 2011-09-01 15:43	--------	d-----w-	c:\program files\Doom Shareware for Windows 95
2013-01-04 20:19 . 2013-01-04 20:19	--------	d-----w-	c:\program files\DivX
2013-01-04 20:19 . 2013-01-04 20:19	--------	d-----w-	c:\program files\DIFX
2013-01-04 20:18 . 2013-01-04 20:18	--------	d-----w-	c:\program files\Broadcom
2013-01-04 20:18 . 2013-01-04 20:18	--------	d-----w-	c:\program files\Bonjour
2013-01-04 20:18 . 2013-01-04 20:18	--------	d-----w-	c:\program files\Acer Accessory Store
2013-01-04 20:16 . 2013-01-04 20:18	--------	d-----w-	c:\program files\Acer
2013-01-04 20:16 . 2010-11-02 15:51	12441960	----a-w-	c:\program files\install_icq7.exe
2013-01-04 20:16 . 2013-01-04 20:16	--------	d-----w-	c:\program files\WinRAR
2013-01-04 20:15 . 2009-12-14 09:06	206072	----a-w-	c:\windows\PLFSetI.exe
2013-01-04 20:15 . 2009-09-18 01:02	741	----a-w-	c:\windows\NewDeployWinRE.cmd
2013-01-04 20:15 . 2009-12-16 17:45	632056	----a-w-	c:\windows\Image.dll
2013-01-04 20:15 . 2009-04-10 11:41	309768	----a-w-	c:\windows\GVUni.exe
2013-01-04 20:15 . 2009-09-30 11:08	1892184	----a-w-	c:\windows\d3dx9_42.dll
2013-01-04 20:15 . 2009-12-16 17:45	1664248	----a-w-	c:\windows\Acer Crystal Eye webcam.EXE
2013-01-04 20:15 . 2013-01-04 20:15	--------	d-----w-	c:\windows\dsi
2013-01-04 20:14 . 2013-01-04 20:14	--------	d-----w-	c:\windows\Downloaded Installations
2013-01-04 20:14 . 2013-01-04 20:14	--------	d---a-w-	c:\windows\DeployWinRE2
2013-01-04 20:14 . 2009-07-10 12:10	307568	----a-w-	c:\windows\WLXPGSS.SCR
2013-01-04 20:14 . 2009-12-14 09:05	25848	----a-w-	c:\windows\USB_VIDEO_REG.exe
2013-01-04 20:14 . 2009-11-12 09:29	9168	----a-w-	c:\windows\Suyin.reg
2013-01-04 20:14 . 2009-09-09 06:41	348680	----a-w-	c:\windows\UNINST32.EXE
2013-01-04 20:13 . 2013-01-04 20:13	--------	d-----w-	c:\program files\WIDCOMM
2013-01-04 20:12 . 2013-01-04 20:12	--------	d-----w-	c:\program files (x86)\fotokasten comfort
2013-01-04 20:07 . 2013-01-04 20:07	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2013-01-04 19:54 . 2013-01-04 19:54	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2013-01-04 19:39 . 2013-01-04 20:55	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-04 19:39 . 2013-01-04 20:54	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-04 19:39 . 2013-01-04 19:39	--------	d-----w-	c:\windows\SysWow64\Macromed
2013-01-04 19:39 . 2013-01-04 19:39	--------	d-----w-	c:\windows\system32\Macromed
2013-01-04 19:17 . 2013-01-04 19:17	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2013-01-04 19:17 . 2013-01-04 19:17	--------	d-----w-	c:\windows\PCHEALTH
2013-01-04 19:17 . 2013-01-04 19:17	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2013-01-04 19:17 . 2013-01-04 19:17	--------	d-----w-	c:\program files (x86)\Microsoft Sync Framework
2013-01-04 19:17 . 2013-01-04 19:17	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-01-04 19:14 . 2013-01-04 19:14	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2013-01-04 19:14 . 2013-01-04 19:14	--------	d-----w-	c:\program files\Microsoft Office
2013-01-04 19:14 . 2013-01-04 19:14	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2013-01-04 19:13 . 2013-01-04 19:19	--------	d-----w-	c:\programdata\Microsoft Help
2013-01-04 19:13 . 2013-01-04 19:13	--------	d-----r-	C:\MSOCache
2013-01-04 19:12 . 2012-12-03 01:54	11264	----a-w-	c:\windows\Launcher.exe
2013-01-04 19:12 . 2013-01-04 19:12	--------	d-----w-	c:\program files (x86)\Protected Search
2013-01-04 19:12 . 2013-01-04 19:12	--------	d-----w-	c:\program files (x86)\Red Sky
2013-01-04 18:55 . 2013-01-04 18:55	--------	d-----w-	c:\program files (x86)\mIRC
2013-01-04 18:51 . 2013-01-04 18:51	--------	d-----w-	c:\programdata\UAB
2013-01-04 18:41 . 2013-01-04 18:41	--------	d-----w-	c:\programdata\Driver Whiz
2013-01-04 18:40 . 2013-01-04 18:40	--------	d-----w-	c:\program files (x86)\Driver Whiz
2013-01-04 18:17 . 2013-01-04 18:17	--------	d-----r-	c:\program files (x86)\Skype
2013-01-04 18:17 . 2013-01-04 18:17	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-01-04 18:17 . 2013-01-04 18:17	--------	d-----w-	c:\programdata\Skype
2013-01-04 18:15 . 2013-01-04 18:15	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-01-04 09:30 . 2013-01-04 09:31	--------	d-----w-	c:\program files (x86)\Common Files\Intel Corporation
2013-01-04 09:27 . 2013-01-04 09:27	--------	d-----w-	c:\programdata\ATI
2013-01-04 09:25 . 2013-01-04 09:25	0	----a-w-	c:\windows\ativpsrm.bin
2013-01-04 09:23 . 2009-06-18 15:38	952683	----a-w-	c:\windows\system32\VMC3KAPI.dll
2013-01-04 09:23 . 2008-12-10 18:03	123392	----a-w-	c:\windows\system32\VCryptAPI.dll
2013-01-04 09:22 . 2013-01-08 20:10	--------	d-----w-	c:\program files (x86)\Acer Bio Protection
2013-01-04 09:22 . 2013-01-04 09:22	469552	----a-w-	c:\windows\SysWow64\NBMatS1SDK.dll
2013-01-04 09:22 . 2013-01-04 09:22	36400	----a-w-	c:\windows\system32\drivers\FPSensor.sys
2013-01-04 09:17 . 2013-01-04 09:17	--------	d-----w-	c:\program files (x86)\Common Files\postureAgent
2013-01-04 09:14 . 2012-11-19 11:10	652344	----a-w-	c:\windows\system32\drivers\iaStorA.sys
2013-01-04 09:14 . 2012-11-19 11:10	28216	----a-w-	c:\windows\system32\drivers\iaStorF.sys
2013-01-04 09:12 . 2013-01-04 09:17	--------	d-----w-	c:\program files (x86)\Intel
2013-01-04 09:12 . 2012-11-03 01:41	53248	----a-w-	c:\windows\SysWow64\CSVer.dll
2013-01-04 09:12 . 2013-01-04 09:12	--------	d-----w-	C:\Intel
2013-01-04 09:11 . 2013-01-04 09:11	--------	d-----w-	c:\program files (x86)\Qualcomm Atheros WiFi Driver Installation
2013-01-04 09:11 . 2012-11-26 19:18	2811904	----a-w-	c:\windows\system32\drivers\athrx.sys
2013-01-04 09:11 . 2012-11-26 19:18	2811904	------w-	c:\windows\system32\athrx.sys
2013-01-04 09:09 . 2013-01-04 09:09	--------	d-----w-	c:\programdata\Qualcomm Atheros
2013-01-04 09:03 . 2013-01-04 09:03	--------	d-----w-	c:\windows\SysWow64\RTCOM
2013-01-04 09:01 . 2013-01-04 09:01	--------	d-----w-	c:\program files\Realtek
2013-01-04 09:00 . 2013-01-04 09:00	--------	d-----w-	c:\program files (x86)\Nuvoton Technology Corporation
2013-01-04 09:00 . 2013-01-07 19:11	--------	d-sh--w-	c:\windows\Installer
2013-01-04 08:59 . 2013-01-04 08:59	--------	d-----w-	c:\program files\Synaptics
2013-01-04 08:42 . 2013-01-04 08:59	--------	d-----w-	c:\programdata\DriverGenius
2013-01-04 08:41 . 2013-01-04 08:41	--------	d-----w-	c:\program files (x86)\Driver-Soft
2013-01-04 08:35 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2013-01-04 08:35 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2013-01-04 08:35 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2013-01-04 08:35 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2013-01-04 08:35 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2013-01-04 08:35 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2013-01-04 08:35 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2013-01-03 19:02 . 2013-01-04 08:34	--------	d-----w-	c:\windows\Panther
2012-12-25 04:05 . 2012-10-16 00:09	435512	----a-w-	c:\windows\system32\drivers\k57nd60a.sys
2012-12-13 16:38 . 2012-12-13 16:38	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-13 16:38 . 2012-12-13 16:38	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-13 16:38 . 2012-12-13 16:38	3151872	----a-w-	c:\windows\system32\win32k.sys
2012-12-13 16:38 . 2012-12-13 16:38	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-13 16:38 . 2012-12-13 16:38	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-13 16:36 . 2012-12-13 16:36	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 16:39 . 2012-11-24 18:29	66048	----a-w-	c:\windows\system32\WinToolkitRunOnce.exe
2012-12-13 16:37 . 2012-12-13 16:37	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-12-13 16:37 . 2012-12-13 16:37	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-12-13 16:37 . 2012-12-13 16:37	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-12-13 16:37 . 2012-12-13 16:37	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-24 18:29 . 2012-11-24 18:29	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-11-23 19:30 . 2012-11-23 19:30	190856	----a-w-	c:\windows\system32\drivers\storport.sys
2012-11-23 19:29 . 2012-11-23 19:29	442368	----a-w-	c:\windows\system32\winspool.drv
2012-11-23 19:29 . 2012-11-23 19:29	320000	----a-w-	c:\windows\SysWow64\winspool.drv
2012-11-23 19:29 . 2012-11-23 19:29	424960	----a-w-	c:\windows\system32\rastls.dll
2012-11-23 19:29 . 2012-11-23 19:29	372736	----a-w-	c:\windows\SysWow64\rastls.dll
2012-11-23 19:29 . 2012-11-23 19:29	275456	----a-w-	c:\windows\system32\rdpdd.dll
2012-11-23 19:29 . 2012-11-23 19:29	753152	----a-w-	c:\windows\system32\drivers\http.sys
2012-11-23 19:29 . 2012-11-23 19:29	65536	----a-w-	c:\windows\system32\cryptdll.dll
2012-11-23 19:29 . 2012-11-23 19:29	58368	----a-w-	c:\windows\SysWow64\cryptdll.dll
2012-11-23 19:28 . 2012-11-23 19:28	1867776	----a-w-	c:\windows\system32\ExplorerFrame.dll
2012-11-23 19:28 . 2012-11-23 19:28	1499648	----a-w-	c:\windows\SysWow64\ExplorerFrame.dll
2012-11-23 19:28 . 2012-11-23 19:28	1495040	----a-w-	c:\windows\system32\wsecedit.dll
2012-11-23 19:28 . 2012-11-23 19:28	1294336	----a-w-	c:\windows\SysWow64\wsecedit.dll
2012-11-23 19:28 . 2012-11-23 19:28	1687920	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-11-23 19:27 . 2012-11-23 19:27	316416	----a-w-	c:\windows\system32\tapisrv.dll
2012-11-23 19:27 . 2012-11-23 19:27	242176	----a-w-	c:\windows\SysWow64\tapisrv.dll
2012-11-23 19:27 . 2012-11-23 19:27	570880	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-11-23 19:27 . 2012-11-23 19:27	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-11-23 19:27 . 2012-11-23 19:27	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-11-23 19:26 . 2012-11-23 19:26	3929600	----a-w-	c:\windows\system32\sppsvc.exe
2012-11-23 19:26 . 2012-11-23 19:26	1091584	----a-w-	c:\windows\system32\sppobjs.dll
2012-11-23 19:26 . 2012-11-23 19:26	346624	----a-w-	c:\windows\system32\WSManMigrationPlugin.dll
2012-11-23 19:26 . 2012-11-23 19:26	310272	----a-w-	c:\windows\system32\WsmWmiPl.dll
2012-11-23 19:26 . 2012-11-23 19:26	266240	----a-w-	c:\windows\system32\WSManHTTPConfig.exe
2012-11-23 19:26 . 2012-11-23 19:26	248832	----a-w-	c:\windows\SysWow64\WSManMigrationPlugin.dll
2012-11-23 19:26 . 2012-11-23 19:26	214016	----a-w-	c:\windows\SysWow64\WsmWmiPl.dll
2012-11-23 19:26 . 2012-11-23 19:26	2023424	----a-w-	c:\windows\system32\WsmSvc.dll
2012-11-23 19:26 . 2012-11-23 19:26	198656	----a-w-	c:\windows\SysWow64\WSManHTTPConfig.exe
2012-11-23 19:26 . 2012-11-23 19:26	181760	----a-w-	c:\windows\system32\WsmAuto.dll
2012-11-23 19:26 . 2012-11-23 19:26	146432	----a-w-	c:\windows\SysWow64\WsmAuto.dll
2012-11-23 19:26 . 2012-11-23 19:26	1178112	----a-w-	c:\windows\SysWow64\WsmSvc.dll
2012-11-23 19:26 . 2012-11-23 19:26	512512	----a-w-	c:\windows\system32\rpcss.dll
2012-11-23 19:25 . 2012-11-23 19:25	8192	----a-w-	c:\windows\system32\KBDTUQ.DLL
2012-11-23 19:25 . 2012-11-23 19:25	8192	----a-w-	c:\windows\system32\KBDTUF.DLL
2012-11-23 19:25 . 2012-11-23 19:25	800256	----a-w-	c:\windows\system32\usp10.dll
2012-11-23 19:25 . 2012-11-23 19:25	7680	----a-w-	c:\windows\SysWow64\KBDTUQ.DLL
2012-11-23 19:25 . 2012-11-23 19:25	7680	----a-w-	c:\windows\SysWow64\KBDTUF.DLL
2012-11-23 19:25 . 2012-11-23 19:25	626176	----a-w-	c:\windows\SysWow64\usp10.dll
2012-11-23 19:25 . 2012-11-23 19:25	1077248	----a-w-	c:\windows\system32\Narrator.exe
2012-11-23 19:25 . 2012-11-23 19:25	114688	----a-w-	c:\windows\system32\AxInstSv.dll
2012-11-23 19:25 . 2012-11-23 19:25	428032	----a-w-	c:\windows\SysWow64\wlanmsm.dll
2012-11-23 19:25 . 2012-11-23 19:25	414208	----a-w-	c:\windows\system32\wlanmsm.dll
2012-11-23 19:24 . 2012-11-23 19:24	140656	----a-w-	c:\windows\system32\drivers\msdsm.sys
2012-11-23 19:24 . 2012-11-23 19:24	334704	----a-w-	c:\windows\system32\drivers\acpi.sys
2012-11-23 19:24 . 2012-11-23 19:24	965120	----a-w-	c:\windows\system32\localspl.dll
2012-11-23 19:23 . 2012-11-23 19:23	223744	----a-w-	c:\windows\system32\profsvc.dll
2012-11-23 19:23 . 2012-11-23 19:23	14176768	----a-w-	c:\windows\system32\shell32.dll
2012-11-23 19:23 . 2012-11-23 19:23	5561200	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-11-23 19:23 . 2012-11-23 19:23	3971976	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-11-23 19:23 . 2012-11-23 19:23	3916656	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-11-23 19:22 . 2012-11-23 19:22	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-11-23 19:22 . 2012-11-23 19:22	52224	----a-w-	c:\windows\SysWow64\nlaapi.dll
2012-11-23 19:22 . 2012-11-23 19:22	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-11-23 19:22 . 2012-11-23 19:22	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-11-23 19:22 . 2012-11-23 19:22	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-11-23 19:22 . 2012-11-23 19:22	288648	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-11-23 19:22 . 2012-11-23 19:22	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-11-23 19:22 . 2012-11-23 19:22	1902472	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-11-23 19:22 . 2012-11-23 19:22	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-11-23 19:22 . 2012-11-23 19:22	18944	----a-w-	c:\windows\system32\netevent.dll
2012-11-23 19:22 . 2012-11-23 19:22	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-11-23 19:22 . 2012-11-23 19:22	669696	----a-w-	c:\windows\system32\wiaaut.dll
2012-11-23 19:22 . 2012-11-23 19:22	544256	----a-w-	c:\windows\SysWow64\wiaaut.dll
2012-11-23 19:22 . 2012-11-23 19:22	80384	----a-w-	c:\windows\system32\certprop.dll
2012-11-23 19:22 . 2012-11-23 19:22	66048	----a-w-	c:\windows\SysWow64\SCardDlg.dll
2012-11-23 19:22 . 2012-11-23 19:22	29696	----a-w-	c:\windows\system32\drivers\scfilter.sys
2012-11-23 19:22 . 2012-11-23 19:22	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-11-23 19:22 . 2012-11-23 19:22	195584	----a-w-	c:\windows\system32\SCardSvr.dll
2012-11-23 19:22 . 2012-11-23 19:22	680448	----a-w-	c:\windows\system32\termsrv.dll
2012-11-23 19:21 . 2012-11-23 19:21	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-11-23 19:21 . 2012-11-23 19:21	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-11-23 19:21 . 2012-11-23 19:21	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-11-23 19:21 . 2012-11-23 19:21	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-11-23 19:21 . 2012-11-23 19:21	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2012-11-23 19:21 . 2012-11-23 19:21	613376	----a-w-	c:\windows\system32\psisdecd.dll
2012-11-23 19:21 . 2012-11-23 19:21	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2012-11-23 19:21 . 2012-11-23 19:21	108032	----a-w-	c:\windows\system32\psisrndr.ax
2012-11-23 19:21 . 2012-11-23 19:21	408576	----a-w-	c:\windows\system32\drivers\srv2.sys
2012-11-23 19:20 . 2012-11-23 19:20	855552	----a-w-	c:\windows\system32\IKEEXT.DLL
2012-11-23 19:20 . 2012-11-23 19:20	832000	----a-w-	c:\windows\system32\nshwfp.dll
2012-11-23 19:20 . 2012-11-23 19:20	706560	----a-w-	c:\windows\system32\BFE.DLL
2012-11-23 19:20 . 2012-11-23 19:20	657920	----a-w-	c:\windows\SysWow64\nshwfp.dll
2012-11-23 19:20 . 2012-11-23 19:20	324096	----a-w-	c:\windows\system32\FWPUCLNT.DLL
2012-11-23 19:20 . 2012-11-23 19:20	216576	----a-w-	c:\windows\SysWow64\FWPUCLNT.DLL
2012-11-23 19:20 . 2012-11-23 19:20	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-11-23 19:20 . 2012-11-23 19:20	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-11-23 19:20 . 2012-11-23 19:20	2871296	----a-w-	c:\windows\explorer.exe
2012-11-23 19:20 . 2012-11-23 19:20	2616320	----a-w-	c:\windows\SysWow64\explorer.exe
2012-11-23 19:20 . 2012-11-23 19:20	99328	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2012-11-23 19:20 . 2012-11-23 19:20	7936	----a-w-	c:\windows\system32\drivers\usbd.sys
2012-11-23 19:20 . 2012-11-23 19:20	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2012-11-23 19:20 . 2012-11-23 19:20	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2012-11-23 19:20 . 2012-11-23 19:20	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2012-11-23 19:20 . 2012-11-23 19:20	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17888944]
"icq"="c:\users\User\AppData\Roaming\ICQM\icq.exe" [2013-01-04 26606072]
"Driver Whiz"="c:\program files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe" [2012-11-12 3527608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-09 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-11-11 3569152]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-23 19456]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-15 40712]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-11-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-23 30208]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 46592]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-19 652344]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-19 28216]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-10 202752]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2013-01-04 36400]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-19 14904]
S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-11-11 3450368]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-04-15 2533400]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2012-10-16 435512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-08-31 48128]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-06 c:\windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-01-04 09:56]
.
2013-01-06 c:\windows\Tasks\DLL-Files.Com Fixer_Updates.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-01-04 09:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-11-19 13260944]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p3n96zvx.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://sf-hq-forum.de/index.php|hxxp://www.gmx.net/|hxxp://w2.de.mymagictales.com/xhodon/chat.php|https://account.live.com/ResetPassword.aspx?wreply=https%3A%2F%2Flogin%2Elive%2Ecom%2Fppsecure%2Fpost%2Esrf%3Fwa%3Dwsignin1%2E0%26rpsnv%3D11%26rver%3D6%2E1%2E6206%2E0%26wp%3DMBI%26wreply%3Dhttp%3A%252F%252Fmail%2Elive%2Ecom%252Fdefault%2Easpx%26id%3D64855%26cbcxt%3Dmai%26snsc%3D1%26wa%3Dwsignin1%2E0%26rpsnv%3D11%26ct%3D1357408218%26rver%3D6%2E1%2E6206%2E0%26wp%3DMBI%26wreply%3Dhttp%3A%252F%252Fmail%2Elive%2Ecom%252Fdefault%2Easpx%26id%3D64855%26cbcxt%3Dmai%26snsc%3D1%26cred%3Dotc%26bk%3D1357470929%26vv%3D1400%26mkt%3DDE%2DDE%26lc%3D1031&id=64855&uiflavor=web&mkt=DE%2DDE&lc=1031&bk=1357470936|hxxp://play.cultures-online.de/co/bin/index.php|hxxp://fliplife.com/companies/15/projects/1821082728|hxxp://www.kinox.to/Stream/Superman-Die_Abenteuer_von_Lois-Clark.html|hxxp://www.sockshare.com/file/8B8487170FF07CAD#|hxxp://forum.starfleetonline.de/search.php?search_id=newposts|hxxp://dualingo.dyndns.org/exchange/|hxxp://www.zaubereinmaleins.de/startseite/home..../
FF - prefs.js: keyword.URL - hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=
FF - ExtSQL: 2013-01-04 19:17; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-05 17:01; youtubeunblocker@unblocker.yt; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p3n96zvx.default\extensions\youtubeunblocker@unblocker.yt.xpi
FF - ExtSQL: 2013-01-05 17:20; {c95a4e8e-816d-4655-8c79-d736da1adb6d}; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p3n96zvx.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe
c:\program files (x86)\Protected Search\ProtectedSearch.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-08  21:16:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-08 20:16
.
Vor Suchlauf: 7 Verzeichnis(se), 61.274.312.704 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 61.043.077.120 Bytes frei
.
- - End Of File - - 9F5AA55DAF675CD5DA9669ED8F9C99CE
         


Alt 08.01.2013, 21:28   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus

Alt 08.01.2013, 22:45   #7
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Also das Program wollte keinen Neustart, habe dennoch noch einmal gescannt. Beim ersten Scan wurde geloggt:
Code:
ATTFilter
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.08.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

08.01.2013 22:07:45
mbar-log-2013-01-08 (22-07-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29967
Time elapsed: 29 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\L (Backdoor.0Access) -> Delete on reboot.
C:\Windows\Installer\{c363b00a-0fa4-cdcd-4c94-342c7cc08ab6}\U (Backdoor.0Access) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

(end)
         
Und beim Zweiten wurde nichts gefunden:
Code:
ATTFilter
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.08.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

08.01.2013 22:40:29
mbar-log-2013-01-08 (22-40-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30003
Time elapsed: 29 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 09.01.2013, 10:37   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.01.2013, 16:22   #9
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



hier das log von aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-09 16:19:19
-----------------------------
16:19:19.424    OS Version: Windows x64 6.1.7601 Service Pack 1
16:19:19.424    Number of processors: 4 586 0x2502
16:19:19.425    ComputerName: USER-PC  UserName: User
16:19:20.086    Initialize success
16:19:27.143    AVAST engine defs: 13010900
16:19:39.288    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
16:19:39.292    Disk 0 Vendor: ATA_____ AC90 Size: 476940MB BusType: 11
16:19:39.321    Disk 0 MBR read successfully
16:19:39.325    Disk 0 MBR scan
16:19:39.330    Disk 0 Windows 7 default MBR code
16:19:39.338    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:19:39.360    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       153599 MB offset 206848
16:19:39.390    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       323239 MB offset 314777600
16:19:39.425    Disk 0 scanning C:\Windows\system32\drivers
16:19:47.384    Service scanning
16:20:22.048    Modules scanning
16:20:22.057    Disk 0 trace - called modules:
16:20:22.103    
16:20:22.110    Scan finished successfully
16:21:13.568    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
16:21:13.573    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
         
TDSS-Killer führe ich gleich noch aus

Kaspersky kann ich nicht einfügen, weil die nachricht zu lang wäre

scheint auch zu groß zum anhängen

ich habe versucht die datei mit 7zip zu verzippen, aber das ging nicht, weil die möglichkeit nicht zur verfügung stand

Code:
ATTFilter
16:23:56.0644 3828  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:23:56.0750 3828  ============================================================
16:23:56.0750 3828  Current date / time: 2013/01/09 16:23:56.0750
16:23:56.0751 3828  SystemInfo:
16:23:56.0751 3828  
16:23:56.0751 3828  OS Version: 6.1.7601 ServicePack: 1.0
16:23:56.0751 3828  Product type: Workstation
16:23:56.0751 3828  ComputerName: USER-PC
16:23:56.0751 3828  UserName: User
16:23:56.0751 3828  Windows directory: C:\Windows
16:23:56.0751 3828  System windows directory: C:\Windows
16:23:56.0751 3828  Running under WOW64
16:23:56.0751 3828  Processor architecture: Intel x64
16:23:56.0751 3828  Number of processors: 4
16:23:56.0751 3828  Page size: 0x1000
16:23:56.0751 3828  Boot type: Normal boot
16:23:56.0751 3828  ============================================================
16:23:58.0093 3828  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:23:58.0099 3828  ============================================================
16:23:58.0099 3828  \Device\Harddisk0\DR0:
16:23:58.0099 3828  MBR partitions:
16:23:58.0099 3828  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:23:58.0099 3828  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x12BFF800
16:23:58.0099 3828  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x12C32000, BlocksNum 0x27753800
16:23:58.0099 3828  ============================================================
16:23:58.0167 3828  C: <-> \Device\Harddisk0\DR0\Partition2
16:23:58.0232 3828  D: <-> \Device\Harddisk0\DR0\Partition3
16:23:58.0232 3828  ============================================================
16:23:58.0232 3828  Initialize success
16:23:58.0232 3828  ============================================================
16:24:43.0981 2596  ============================================================
16:24:43.0981 2596  Scan started
16:24:43.0981 2596  Mode: Manual; SigCheck; TDLFS; 
16:24:43.0981 2596  ============================================================
16:24:44.0531 2596  ================ Scan system memory ========================
16:24:44.0531 2596  System memory - ok
16:24:44.0531 2596  ================ Scan services =============================
16:24:44.0931 2596  [ 0B94DF0DB9DCA3EDB2B57747D5433E7F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:24:45.0019 2596  1394ohci - ok
16:24:45.0060 2596  [ 114ACFE781B214B95F53D52020466CFD ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:24:45.0090 2596  ACPI - ok
16:24:45.0096 2596  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:24:45.0135 2596  AcpiPmi - ok
16:24:45.0160 2596  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:24:45.0193 2596  adp94xx - ok
16:24:45.0221 2596  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:24:45.0247 2596  adpahci - ok
16:24:45.0280 2596  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:24:45.0301 2596  adpu320 - ok
16:24:45.0330 2596  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:24:45.0470 2596  AeLookupSvc - ok
16:24:45.0513 2596  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:24:45.0562 2596  AFD - ok
16:24:45.0591 2596  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:24:45.0609 2596  agp440 - ok
16:24:45.0660 2596  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:24:45.0688 2596  ALG - ok
16:24:45.0702 2596  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:24:45.0714 2596  aliide - ok
16:24:45.0766 2596  [ 41A0813F22D3330C0CA71CE5BBD42B12 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:24:45.0826 2596  AMD External Events Utility - ok
16:24:45.0858 2596  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:24:45.0875 2596  amdide - ok
16:24:45.0881 2596  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:24:45.0906 2596  AmdK8 - ok
16:24:45.0912 2596  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:24:45.0939 2596  AmdPPM - ok
16:24:45.0951 2596  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:24:45.0971 2596  amdsata - ok
16:24:45.0991 2596  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:24:46.0014 2596  amdsbs - ok
16:24:46.0020 2596  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:24:46.0036 2596  amdxata - ok
16:24:46.0067 2596  [ AB4CD625EDA2E4D3E5B84EEDAD404B1A ] AppID           C:\Windows\system32\drivers\appid.sys
16:24:46.0110 2596  AppID - ok
16:24:46.0133 2596  [ 8875F1952F885275E8EB3A004890C3F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:24:46.0177 2596  AppIDSvc - ok
16:24:46.0196 2596  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:24:46.0268 2596  Appinfo - ok
16:24:46.0315 2596  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
16:24:46.0332 2596  arc - ok
16:24:46.0346 2596  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:24:46.0365 2596  arcsas - ok
16:24:46.0384 2596  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:24:46.0451 2596  AsyncMac - ok
16:24:46.0454 2596  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:24:46.0464 2596  atapi - ok
16:24:46.0566 2596  [ B28998D019340B333A106316D8B7D8DA ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:24:46.0675 2596  athr - ok
16:24:46.0855 2596  [ 37456BE85384E4CC38DC899F07F88C45 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:24:47.0032 2596  atikmdag - ok
16:24:47.0092 2596  [ A78697675C6B34E20C013C0741510627 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:24:47.0150 2596  AudioEndpointBuilder - ok
16:24:47.0192 2596  [ A78697675C6B34E20C013C0741510627 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:24:47.0219 2596  AudioSrv - ok
16:24:47.0245 2596  [ CDA9ED9AEE49BB4076B0FAF5DBE3B666 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:24:47.0274 2596  AxInstSV - ok
16:24:47.0307 2596  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:24:47.0337 2596  b06bdrv - ok
16:24:47.0349 2596  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:24:47.0377 2596  b57nd60a - ok
16:24:47.0400 2596  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:24:47.0429 2596  BDESVC - ok
16:24:47.0481 2596  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:24:47.0539 2596  Beep - ok
16:24:47.0598 2596  [ CC538A4EF546EA402A70965EE05E131E ] BFE             C:\Windows\System32\bfe.dll
16:24:47.0643 2596  BFE - ok
16:24:47.0741 2596  [ DB3159AA87392A6098C4343D47C7C2D7 ] BITS            C:\Windows\system32\qmgr.dll
16:24:47.0791 2596  BITS - ok
16:24:47.0806 2596  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:24:47.0836 2596  blbdrive - ok
16:24:47.0842 2596  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:24:47.0875 2596  bowser - ok
16:24:47.0896 2596  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:24:47.0924 2596  BrFiltLo - ok
16:24:47.0929 2596  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:24:47.0952 2596  BrFiltUp - ok
16:24:47.0981 2596  [ 2DAF3AA72B540FE9FEDFDCF1DECD82F1 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
16:24:48.0013 2596  BridgeMP - ok
16:24:48.0053 2596  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:24:48.0073 2596  Browser - ok
16:24:48.0093 2596  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:24:48.0129 2596  Brserid - ok
16:24:48.0181 2596  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:24:48.0223 2596  BrSerWdm - ok
16:24:48.0228 2596  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:24:48.0262 2596  BrUsbMdm - ok
16:24:48.0293 2596  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:24:48.0326 2596  BrUsbSer - ok
16:24:48.0373 2596  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
16:24:48.0433 2596  BthEnum - ok
16:24:48.0450 2596  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:24:48.0485 2596  BTHMODEM - ok
16:24:48.0525 2596  [ 55D70925E9B9376103AC593CDB6D0D53 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:24:48.0560 2596  BthPan - ok
16:24:48.0616 2596  [ E704C4597BBB3EB4E5D450F26B357CE2 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
16:24:48.0658 2596  BTHPORT - ok
16:24:48.0685 2596  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:24:48.0751 2596  bthserv - ok
16:24:48.0794 2596  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
16:24:48.0826 2596  BTHUSB - ok
16:24:48.0842 2596  catchme - ok
16:24:48.0861 2596  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:24:48.0928 2596  cdfs - ok
16:24:48.0947 2596  [ E5F4FD3D59B9141560D4174AAE6E66E0 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:24:48.0987 2596  cdrom - ok
16:24:49.0016 2596  [ DF5A9401E268EBB7F9A73B4D65887965 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:24:49.0043 2596  CertPropSvc - ok
16:24:49.0077 2596  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:24:49.0125 2596  circlass - ok
16:24:49.0151 2596  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:24:49.0181 2596  CLFS - ok
16:24:49.0290 2596  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:24:49.0307 2596  clr_optimization_v2.0.50727_32 - ok
16:24:49.0436 2596  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:24:49.0453 2596  clr_optimization_v2.0.50727_64 - ok
16:24:49.0479 2596  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:24:49.0503 2596  CmBatt - ok
16:24:49.0509 2596  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:24:49.0524 2596  cmdide - ok
16:24:49.0547 2596  [ 90A633E6B4D13BF40918E3206B0E33EC ] CNG             C:\Windows\system32\Drivers\cng.sys
16:24:49.0584 2596  CNG - ok
16:24:49.0612 2596  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:24:49.0623 2596  Compbatt - ok
16:24:49.0627 2596  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:24:49.0657 2596  CompositeBus - ok
16:24:49.0661 2596  COMSysApp - ok
16:24:49.0680 2596  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:24:49.0689 2596  crcdisk - ok
16:24:49.0728 2596  [ 7E7D2DACF65D750D466F36BD3D09AE20 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:24:49.0752 2596  CryptSvc - ok
16:24:49.0783 2596  [ 83D5AD7CFDB1F9D42C3CD102B20FFA0A ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:24:49.0806 2596  DcomLaunch - ok
16:24:49.0833 2596  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:24:49.0883 2596  defragsvc - ok
16:24:49.0893 2596  [ 9FCDC4EEBCE39173122F9FEE53A054FC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:24:49.0938 2596  DfsC - ok
16:24:49.0969 2596  [ 3249F4E4DBF1BD24B40DFF385F2511D4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:24:50.0022 2596  Dhcp - ok
16:24:50.0049 2596  [ 9ED290A1E8FDBCF269B26CDA541DDC84 ] discache        C:\Windows\system32\drivers\discache.sys
16:24:50.0084 2596  discache - ok
16:24:50.0091 2596  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
16:24:50.0110 2596  Disk - ok
16:24:50.0138 2596  [ 138A622CB3A5A892441D71874E26C41C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:24:50.0173 2596  Dnscache - ok
16:24:50.0182 2596  [ A5E97B8E11AC35F2C5DAF85FF95B1E52 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:24:50.0213 2596  dot3svc - ok
16:24:50.0237 2596  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:24:50.0304 2596  DPS - ok
16:24:50.0364 2596  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:24:50.0408 2596  drmkaud - ok
16:24:50.0446 2596  [ ED5DE02656654EF1270908C5456A110B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:24:50.0489 2596  DXGKrnl - ok
16:24:50.0519 2596  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:24:50.0587 2596  EapHost - ok
16:24:50.0667 2596  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:24:50.0787 2596  ebdrv - ok
16:24:50.0808 2596  [ 4319CBF7C54D53F5C592A794127A6276 ] EFS             C:\Windows\System32\lsass.exe
16:24:50.0835 2596  EFS - ok
16:24:50.0926 2596  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:24:50.0974 2596  ehRecvr - ok
16:24:50.0980 2596  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:24:51.0009 2596  ehSched - ok
16:24:51.0046 2596  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:24:51.0077 2596  elxstor - ok
16:24:51.0082 2596  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:24:51.0110 2596  ErrDev - ok
16:24:51.0163 2596  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:24:51.0247 2596  EventSystem - ok
16:24:51.0265 2596  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:24:51.0310 2596  exfat - ok
16:24:51.0315 2596  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:24:51.0370 2596  fastfat - ok
16:24:51.0408 2596  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:24:51.0447 2596  Fax - ok
16:24:51.0470 2596  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
16:24:51.0506 2596  fdc - ok
16:24:51.0530 2596  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:24:51.0604 2596  fdPHost - ok
16:24:51.0608 2596  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:24:51.0647 2596  FDResPub - ok
16:24:51.0661 2596  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:24:51.0671 2596  FileInfo - ok
16:24:51.0675 2596  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:24:51.0737 2596  Filetrace - ok
16:24:51.0746 2596  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:24:51.0756 2596  flpydisk - ok
16:24:51.0763 2596  [ BAD52A4449DB51D70826EBDE87D84E22 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:24:51.0777 2596  FltMgr - ok
16:24:51.0826 2596  [ 5B92E2B067F64DC53698EB84966B3F0D ] FontCache       C:\Windows\system32\FntCache.dll
16:24:51.0876 2596  FontCache - ok
16:24:51.0912 2596  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:24:51.0926 2596  FontCache3.0.0.0 - ok
16:24:51.0971 2596  [ 305380D5D33BFDEAAF14D73E969239FC ] FPSensor        C:\Windows\system32\Drivers\FPSensor.sys
16:24:51.0997 2596  FPSensor - ok
16:24:52.0023 2596  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:24:52.0042 2596  FsDepends - ok
16:24:52.0047 2596  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:24:52.0063 2596  Fs_Rec - ok
16:24:52.0071 2596  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:24:52.0097 2596  fvevol - ok
16:24:52.0104 2596  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:24:52.0122 2596  gagp30kx - ok
16:24:52.0190 2596  [ B205AA45B2D23EA65EB42542D571EA4E ] gpsvc           C:\Windows\System32\gpsvc.dll
16:24:52.0234 2596  gpsvc - ok
16:24:52.0244 2596  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:24:52.0271 2596  hcw85cir - ok
16:24:52.0317 2596  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:24:52.0359 2596  HdAudAddService - ok
16:24:52.0403 2596  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:24:52.0432 2596  HDAudBus - ok
16:24:52.0466 2596  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
16:24:52.0483 2596  HECIx64 - ok
16:24:52.0503 2596  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:24:52.0537 2596  HidBatt - ok
16:24:52.0547 2596  [ FDF5EAD19FD8B2D0C50A9CCDD7836F9E ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:24:52.0574 2596  HidBth - ok
16:24:52.0608 2596  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:24:52.0630 2596  HidIr - ok
16:24:52.0675 2596  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
16:24:52.0743 2596  hidserv - ok
16:24:52.0758 2596  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:24:52.0789 2596  HidUsb - ok
16:24:52.0797 2596  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:24:52.0866 2596  hkmsvc - ok
16:24:52.0908 2596  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:24:52.0934 2596  HomeGroupListener - ok
16:24:52.0962 2596  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:24:52.0992 2596  HomeGroupProvider - ok
16:24:53.0011 2596  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:24:53.0027 2596  HpSAMD - ok
16:24:53.0044 2596  [ 30C2ABEA8C73FE17292420D6AF68822E ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:24:53.0080 2596  HTTP - ok
16:24:53.0095 2596  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:24:53.0110 2596  hwpolicy - ok
16:24:53.0133 2596  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:24:53.0162 2596  i8042prt - ok
16:24:53.0201 2596  [ AE0C5DF7E7DA3E7AC29B64CFA8C4F044 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
16:24:53.0231 2596  iaStorA - ok
16:24:53.0424 2596  [ 777788D9B63CCEEEF2DB353BA4EDD454 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:24:53.0439 2596  IAStorDataMgrSvc - ok
16:24:53.0452 2596  [ 711241EA1BA9DB44F34D03D2AD00ED08 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
16:24:53.0467 2596  iaStorF - ok
16:24:53.0508 2596  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:24:53.0537 2596  iaStorV - ok
16:24:53.0587 2596  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:24:53.0625 2596  idsvc - ok
16:24:53.0719 2596  [ D70B2BADBC951B2DDBFEEBBBA846BE98 ] IGBASVC         C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
16:24:53.0850 2596  IGBASVC ( UnsignedFile.Multi.Generic ) - warning
16:24:53.0850 2596  IGBASVC - detected UnsignedFile.Multi.Generic (1)
16:24:53.0873 2596  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:24:53.0886 2596  iirsp - ok
16:24:53.0946 2596  [ AF66C7B1D07DC6DE415F5F32BA1F92A7 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:24:53.0999 2596  IKEEXT - ok
16:24:54.0047 2596  [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
16:24:54.0101 2596  Impcd - ok
16:24:54.0297 2596  [ 91B61589BB2915E81D436EFE07548507 ] int15           C:\Windows\SysWOW64\drivers\int15_64.sys
16:24:54.0312 2596  int15 - ok
16:24:54.0421 2596  [ 5C0BBE779BA3D6F84EB5AE3CB8793E11 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:24:54.0577 2596  IntcAzAudAddService - ok
16:24:54.0640 2596  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:24:54.0658 2596  intelide - ok
16:24:54.0663 2596  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:24:54.0697 2596  intelppm - ok
16:24:54.0728 2596  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:24:54.0787 2596  IPBusEnum - ok
16:24:54.0833 2596  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:24:54.0902 2596  IpFilterDriver - ok
16:24:54.0947 2596  [ 8150AE980990BC43C577D5FBA0C98F1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:24:54.0990 2596  iphlpsvc - ok
16:24:55.0001 2596  [ 3CB3DBEECB9672698B5C1A6EAB2940B0 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:24:55.0030 2596  IPMIDRV - ok
16:24:55.0035 2596  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:24:55.0111 2596  IPNAT - ok
16:24:55.0124 2596  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:24:55.0203 2596  IRENUM - ok
16:24:55.0248 2596  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:24:55.0263 2596  isapnp - ok
16:24:55.0284 2596  [ D9A95CE8A8C0735D2DAD0BAFEA1E0382 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:24:55.0307 2596  iScsiPrt - ok
16:24:55.0378 2596  [ 9D946134848CC59246704DCB5FC53BB8 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
16:24:55.0408 2596  k57nd60a - ok
16:24:55.0427 2596  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:24:55.0445 2596  kbdclass - ok
16:24:55.0458 2596  [ 3985332405FA64D8E679A1DB24901596 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:24:55.0482 2596  kbdhid - ok
16:24:55.0497 2596  [ 4319CBF7C54D53F5C592A794127A6276 ] KeyIso          C:\Windows\system32\lsass.exe
16:24:55.0515 2596  KeyIso - ok
16:24:55.0546 2596  [ B2AFE62AF2BCAE582DDD2327C57EA85E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:24:55.0566 2596  KSecDD - ok
16:24:55.0573 2596  [ 64E80C2BFFC733B9ECC6D9436D454128 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:24:55.0591 2596  KSecPkg - ok
16:24:55.0607 2596  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:24:55.0665 2596  ksthunk - ok
16:24:55.0703 2596  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:24:55.0780 2596  KtmRm - ok
16:24:55.0834 2596  [ BB1F14C43241F880D23B1A8BB0B76DD0 ] LanmanServer    C:\Windows\System32\srvsvc.dll
16:24:55.0867 2596  LanmanServer - ok
16:24:55.0908 2596  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:24:55.0979 2596  LanmanWorkstation - ok
16:24:56.0005 2596  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:24:56.0051 2596  lltdio - ok
16:24:56.0077 2596  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:24:56.0136 2596  lltdsvc - ok
16:24:56.0140 2596  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:24:56.0181 2596  lmhosts - ok
16:24:56.0260 2596  [ 73A1F958FCAC3438046DBB829DC92FE6 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:24:56.0282 2596  LMS - ok
16:24:56.0296 2596  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:24:56.0316 2596  LSI_FC - ok
16:24:56.0336 2596  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:24:56.0354 2596  LSI_SAS - ok
16:24:56.0360 2596  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:24:56.0377 2596  LSI_SAS2 - ok
16:24:56.0384 2596  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:24:56.0400 2596  LSI_SCSI - ok
16:24:56.0405 2596  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:24:56.0461 2596  luafv - ok
16:24:56.0485 2596  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:24:56.0499 2596  MBAMProtector - ok
16:24:56.0547 2596  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:24:56.0567 2596  MBAMScheduler - ok
16:24:56.0597 2596  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:24:56.0626 2596  MBAMService - ok
16:24:56.0698 2596  [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
16:24:56.0721 2596  McComponentHostService - ok
16:24:56.0753 2596  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:24:56.0783 2596  Mcx2Svc - ok
16:24:56.0816 2596  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:24:56.0835 2596  megasas - ok
16:24:56.0845 2596  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:24:56.0870 2596  MegaSR - ok
16:24:57.0024 2596  Microsoft SharePoint Workspace Audit Service - ok
16:24:57.0047 2596  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:24:57.0122 2596  MMCSS - ok
16:24:57.0144 2596  [ BFFB0C93D9FB43CA42EF11C9240BFF7F ] Modem           C:\Windows\system32\drivers\modem.sys
16:24:57.0171 2596  Modem - ok
16:24:57.0176 2596  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:24:57.0207 2596  monitor - ok
16:24:57.0212 2596  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:24:57.0229 2596  mouclass - ok
16:24:57.0234 2596  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:24:57.0252 2596  mouhid - ok
16:24:57.0261 2596  [ B3F55C20008956239A2190DBD7CC4C31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:24:57.0278 2596  mountmgr - ok
16:24:57.0334 2596  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:24:57.0353 2596  MozillaMaintenance - ok
16:24:57.0361 2596  [ 5F236E59025CD356972D2F004AB25BF4 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:24:57.0382 2596  mpio - ok
16:24:57.0409 2596  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:24:57.0426 2596  mpsdrv - ok
16:24:57.0485 2596  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:24:57.0537 2596  MpsSvc - ok
16:24:57.0555 2596  [ DD80994515CD82EE196ECCFE8AD19E41 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:24:57.0585 2596  MRxDAV - ok
16:24:57.0614 2596  [ 2D521B23095AC3A2CABEA27D5535C58C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:24:57.0654 2596  mrxsmb - ok
16:24:57.0662 2596  [ B92EC59CE0666CBAE68DCA5EC03CDE1C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:24:57.0713 2596  mrxsmb10 - ok
16:24:57.0730 2596  [ 48E3A44542A83AF769897C8836EB9A87 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:24:57.0762 2596  mrxsmb20 - ok
16:24:57.0785 2596  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:24:57.0803 2596  msahci - ok
16:24:57.0810 2596  [ 96A665A120150D1DE9D4C84AEAE01D0D ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:24:57.0829 2596  msdsm - ok
16:24:57.0844 2596  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:24:57.0871 2596  MSDTC - ok
16:24:57.0899 2596  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:24:57.0952 2596  Msfs - ok
16:24:57.0956 2596  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:24:58.0001 2596  mshidkmdf - ok
16:24:58.0006 2596  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:24:58.0016 2596  msisadrv - ok
16:24:58.0051 2596  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:24:58.0127 2596  MSiSCSI - ok
16:24:58.0133 2596  msiserver - ok
16:24:58.0171 2596  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:24:58.0238 2596  MSKSSRV - ok
16:24:58.0258 2596  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:24:58.0323 2596  MSPCLOCK - ok
16:24:58.0339 2596  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:24:58.0415 2596  MSPQM - ok
16:24:58.0436 2596  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:24:58.0452 2596  MsRPC - ok
16:24:58.0458 2596  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:24:58.0468 2596  mssmbios - ok
16:24:58.0502 2596  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:24:58.0578 2596  MSTEE - ok
16:24:58.0591 2596  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:24:58.0620 2596  MTConfig - ok
16:24:58.0636 2596  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:24:58.0653 2596  Mup - ok
16:24:58.0705 2596  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:24:58.0787 2596  napagent - ok
16:24:58.0836 2596  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:24:58.0885 2596  NativeWifiP - ok
16:24:58.0919 2596  [ 37060C2BFFFBF8235AB8021D33807AEC ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:24:58.0961 2596  NDIS - ok
16:24:58.0980 2596  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:24:59.0054 2596  NdisCap - ok
16:24:59.0068 2596  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:24:59.0085 2596  NdisTapi - ok
16:24:59.0099 2596  [ 4948435B96A6FA63914DA3B4090E6700 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:24:59.0126 2596  Ndisuio - ok
16:24:59.0150 2596  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:24:59.0201 2596  NdisWan - ok
16:24:59.0205 2596  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:24:59.0231 2596  NDProxy - ok
16:24:59.0251 2596  [ BB14215BBAF8EBB5E5FFAA3B6B04D177 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:24:59.0293 2596  NetBIOS - ok
16:24:59.0314 2596  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:24:59.0377 2596  NetBT - ok
16:24:59.0386 2596  [ 4319CBF7C54D53F5C592A794127A6276 ] Netlogon        C:\Windows\system32\lsass.exe
16:24:59.0402 2596  Netlogon - ok
16:24:59.0429 2596  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:24:59.0497 2596  Netman - ok
16:24:59.0505 2596  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:24:59.0551 2596  netprofm - ok
16:24:59.0579 2596  [ 9C94A532F53198B59ADB2EB5033008D7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:24:59.0591 2596  NetTcpPortSharing - ok
16:24:59.0609 2596  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:24:59.0620 2596  nfrd960 - ok
16:24:59.0652 2596  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:24:59.0686 2596  NlaSvc - ok
16:24:59.0710 2596  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:24:59.0754 2596  Npfs - ok
16:24:59.0786 2596  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:24:59.0823 2596  nsi - ok
16:24:59.0829 2596  [ F7DAC05B4067C8D9DD1FF2FCF7E33291 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:24:59.0853 2596  nsiproxy - ok
16:24:59.0911 2596  [ 35987934C56F2D56EA2994D20462994B ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:24:59.0960 2596  Ntfs - ok
16:24:59.0964 2596  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:25:00.0008 2596  Null - ok
16:25:00.0043 2596  [ 4F990BD111CF94891104193F8787788F ] nuvotoncir      C:\Windows\system32\DRIVERS\nuvotoncir.sys
16:25:00.0084 2596  nuvotoncir - ok
16:25:00.0114 2596  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:25:00.0130 2596  nvraid - ok
16:25:00.0135 2596  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:25:00.0152 2596  nvstor - ok
16:25:00.0159 2596  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:25:00.0173 2596  nv_agp - ok
16:25:00.0179 2596  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:25:00.0193 2596  ohci1394 - ok
16:25:00.0247 2596  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:25:00.0259 2596  ose - ok
16:25:00.0429 2596  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:25:00.0589 2596  osppsvc - ok
16:25:00.0636 2596  [ 8830D42427D05B15B032108EBBDBD289 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:25:00.0658 2596  p2pimsvc - ok
16:25:00.0677 2596  [ 5B7BADED6943AA6F4B6C1ABA5FCCB25F ] p2psvc          C:\Windows\system32\p2psvc.dll
16:25:00.0711 2596  p2psvc - ok
16:25:00.0739 2596  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
16:25:00.0767 2596  Parport - ok
16:25:00.0772 2596  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:25:00.0786 2596  partmgr - ok
16:25:00.0814 2596  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:25:00.0845 2596  PcaSvc - ok
16:25:00.0868 2596  [ 9CE2B541DEBE8DCA0ECD251584540703 ] pci             C:\Windows\system32\drivers\pci.sys
16:25:00.0884 2596  pci - ok
16:25:00.0888 2596  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:25:00.0901 2596  pciide - ok
16:25:00.0908 2596  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:25:00.0925 2596  pcmcia - ok
16:25:00.0929 2596  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:25:00.0942 2596  pcw - ok
16:25:00.0952 2596  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:25:01.0014 2596  PEAUTH - ok
16:25:01.0045 2596  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:25:01.0073 2596  PerfHost - ok
16:25:01.0138 2596  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:25:01.0192 2596  pla - ok
16:25:01.0232 2596  [ 34B06971CA5A740B32A63646C60BA3FC ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:25:01.0272 2596  PlugPlay - ok
16:25:01.0297 2596  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:25:01.0321 2596  PNRPAutoReg - ok
16:25:01.0330 2596  [ 8830D42427D05B15B032108EBBDBD289 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:25:01.0352 2596  PNRPsvc - ok
16:25:01.0397 2596  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:25:01.0472 2596  PolicyAgent - ok
16:25:01.0484 2596  [ A6D45EB5FC8DBA8EBF3ABE2481C942B9 ] Power           C:\Windows\system32\umpo.dll
16:25:01.0512 2596  Power - ok
16:25:01.0533 2596  [ D8874711B6C3DD308F84E42BA6EFF179 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:25:01.0565 2596  PptpMiniport - ok
16:25:01.0582 2596  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
16:25:01.0617 2596  Processor - ok
16:25:01.0648 2596  [ 390785362AC2D607A104CC562B7779CD ] ProfSvc         C:\Windows\system32\profsvc.dll
16:25:01.0685 2596  ProfSvc - ok
16:25:01.0697 2596  [ 4319CBF7C54D53F5C592A794127A6276 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:25:01.0714 2596  ProtectedStorage - ok
16:25:01.0727 2596  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:25:01.0791 2596  Psched - ok
16:25:01.0845 2596  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:25:01.0905 2596  ql2300 - ok
16:25:01.0911 2596  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:25:01.0925 2596  ql40xx - ok
16:25:01.0965 2596  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:25:01.0988 2596  QWAVE - ok
16:25:02.0014 2596  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:25:02.0043 2596  QWAVEdrv - ok
16:25:02.0047 2596  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:25:02.0097 2596  RasAcd - ok
16:25:02.0122 2596  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:25:02.0167 2596  RasAgileVpn - ok
16:25:02.0198 2596  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:25:02.0256 2596  RasAuto - ok
16:25:02.0285 2596  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:25:02.0327 2596  Rasl2tp - ok
16:25:02.0348 2596  [ 8AB012D47B12630A72F56E26A1B5E63C ] RasMan          C:\Windows\System32\rasmans.dll
16:25:02.0367 2596  RasMan - ok
16:25:02.0372 2596  [ 77682DE44B334E6AAFCD0ED61FB7404F ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:25:02.0389 2596  RasPppoe - ok
16:25:02.0400 2596  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:25:02.0463 2596  RasSstp - ok
16:25:02.0486 2596  [ 3FD90FB6C68BFA78A819B7A073FB5A20 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:25:02.0515 2596  rdbss - ok
16:25:02.0529 2596  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:25:02.0556 2596  rdpbus - ok
16:25:02.0560 2596  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:25:02.0618 2596  RDPCDD - ok
16:25:02.0623 2596  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:25:02.0680 2596  RDPENCDD - ok
16:25:02.0696 2596  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:25:02.0740 2596  RDPREFMP - ok
16:25:02.0746 2596  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:25:02.0765 2596  RdpVideoMiniport - ok
16:25:02.0771 2596  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:25:02.0796 2596  RDPWD - ok
16:25:02.0812 2596  [ A115F49BEA840A5F049BC6310F35F776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:25:02.0829 2596  rdyboost - ok
16:25:02.0857 2596  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:25:02.0880 2596  RemoteAccess - ok
16:25:02.0905 2596  [ 44A031C50D6E8077A034D59E094AB1E2 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:25:02.0928 2596  RemoteRegistry - ok
16:25:02.0962 2596  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:25:03.0008 2596  RFCOMM - ok
16:25:03.0034 2596  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:25:03.0097 2596  RpcEptMapper - ok
16:25:03.0121 2596  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:25:03.0156 2596  RpcLocator - ok
16:25:03.0195 2596  [ 83D5AD7CFDB1F9D42C3CD102B20FFA0A ] RpcSs           C:\Windows\system32\rpcss.dll
16:25:03.0220 2596  RpcSs - ok
16:25:03.0249 2596  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:25:03.0319 2596  rspndr - ok
16:25:03.0377 2596  [ C435AC77704EB16E85C9D630F4D4B4F7 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
16:25:03.0399 2596  RTHDMIAzAudService - ok
16:25:03.0419 2596  [ 4319CBF7C54D53F5C592A794127A6276 ] SamSs           C:\Windows\system32\lsass.exe
16:25:03.0437 2596  SamSs - ok
16:25:03.0451 2596  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:25:03.0471 2596  sbp2port - ok
16:25:03.0502 2596  [ 3998013C9FA81B3FDAC7A394DD996E10 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:25:03.0529 2596  SCardSvr - ok
16:25:03.0562 2596  [ B8565E5DBBCE2B7DFD49A7A6C03F6A90 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:25:03.0592 2596  scfilter - ok
16:25:03.0642 2596  [ CB23169AD1CEAEFF97DD76AD105B24C3 ] Schedule        C:\Windows\system32\schedsvc.dll
16:25:03.0696 2596  Schedule - ok
16:25:03.0726 2596  [ DF5A9401E268EBB7F9A73B4D65887965 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:25:03.0743 2596  SCPolicySvc - ok
16:25:03.0764 2596  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:25:03.0795 2596  SDRSVC - ok
16:25:03.0823 2596  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:25:03.0881 2596  secdrv - ok
16:25:03.0908 2596  [ EA764FF72CD57F69B6E1E1A4F713708C ] seclogon        C:\Windows\system32\seclogon.dll
16:25:03.0924 2596  seclogon - ok
16:25:03.0934 2596  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
16:25:03.0983 2596  SENS - ok
16:25:04.0002 2596  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:25:04.0026 2596  SensrSvc - ok
16:25:04.0034 2596  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:25:04.0045 2596  Serenum - ok
16:25:04.0059 2596  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
16:25:04.0081 2596  Serial - ok
16:25:04.0097 2596  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:25:04.0130 2596  sermouse - ok
16:25:04.0165 2596  [ 4D7226D0B485C8AE5BCD8E0DCC1066AB ] SessionEnv      C:\Windows\system32\sessenv.dll
16:25:04.0197 2596  SessionEnv - ok
16:25:04.0225 2596  [ C3D57658C34C68DB5D8970A1CF96284E ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:25:04.0242 2596  sffdisk - ok
16:25:04.0246 2596  [ 21EACBEFFFB0FB4999D3D10245CF10A5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:25:04.0275 2596  sffp_mmc - ok
16:25:04.0280 2596  [ AF660EA3039E8FE3C2051D7224C82F34 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:25:04.0312 2596  sffp_sd - ok
16:25:04.0326 2596  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:25:04.0359 2596  sfloppy - ok
16:25:04.0438 2596  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:25:04.0513 2596  SharedAccess - ok
16:25:04.0556 2596  [ EA9092F3DB26EDC7199AB64C9EF0D2D7 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:25:04.0583 2596  ShellHWDetection - ok
16:25:04.0617 2596  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:25:04.0636 2596  SiSRaid2 - ok
16:25:04.0642 2596  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:25:04.0663 2596  SiSRaid4 - ok
16:25:04.0806 2596  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:25:04.0938 2596  Skype C2C Service - ok
16:25:04.0979 2596  [ 65F9539E506D43FCD7CB59F8FD5CCABC ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:25:04.0996 2596  SkypeUpdate - ok
16:25:05.0031 2596  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:25:05.0111 2596  Smb - ok
16:25:05.0138 2596  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:25:05.0167 2596  SNMPTRAP - ok
16:25:05.0250 2596  [ A415C67B40DFB903ACCC1D40FBEE3269 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
16:25:05.0337 2596  SNP2UVC - ok
16:25:05.0366 2596  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:25:05.0385 2596  spldr - ok
16:25:05.0420 2596  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:25:05.0458 2596  Spooler - ok
16:25:05.0564 2596  [ 53952A2A89985D1A3486F9FC661BA538 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:25:05.0720 2596  sppsvc - ok
16:25:05.0746 2596  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:25:05.0808 2596  sppuinotify - ok
16:25:05.0827 2596  [ 218F6F1BD7ED3F2167759E6A9C9DDD53 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:25:05.0876 2596  srv - ok
16:25:05.0908 2596  [ 89B174820864672CDB4D8B0EC27A11B9 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:25:05.0952 2596  srv2 - ok
16:25:05.0960 2596  [ 896BEAAF23419696E73469DC207B4D26 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:25:05.0992 2596  srvnet - ok
16:25:06.0026 2596  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:25:06.0086 2596  SSDPSRV - ok
16:25:06.0093 2596  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:25:06.0131 2596  SstpSvc - ok
16:25:06.0140 2596  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:25:06.0150 2596  stexstor - ok
16:25:06.0190 2596  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:25:06.0237 2596  stisvc - ok
16:25:06.0254 2596  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:25:06.0272 2596  swenum - ok
16:25:06.0312 2596  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:25:06.0395 2596  swprv - ok
16:25:06.0450 2596  [ 0A535B4F638D5BBCF3EE6C997BF33892 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:25:06.0480 2596  SynTP - ok
16:25:06.0552 2596  [ 7BE4CDEA6BC7832BFE3112A350D8B9EA ] SysMain         C:\Windows\system32\sysmain.dll
16:25:06.0607 2596  SysMain - ok
16:25:06.0617 2596  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:25:06.0647 2596  TabletInputService - ok
16:25:06.0695 2596  [ 8B9FD32C71F29DF235A27CE9FF4F19DC ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
16:25:06.0713 2596  taphss6 - ok
16:25:06.0751 2596  [ D583628BEAD52E4E78E5A8FA338D0E02 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:25:06.0783 2596  TapiSrv - ok
16:25:06.0813 2596  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:25:06.0875 2596  TBS - ok
16:25:06.0939 2596  [ D5707FC2300AA5B04B7BFE86D40C0133 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:25:07.0025 2596  Tcpip - ok
16:25:07.0059 2596  [ D5707FC2300AA5B04B7BFE86D40C0133 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:25:07.0136 2596  TCPIP6 - ok
16:25:07.0160 2596  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:25:07.0179 2596  tcpipreg - ok
16:25:07.0186 2596  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:25:07.0202 2596  TDPIPE - ok
16:25:07.0206 2596  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:25:07.0222 2596  TDTCP - ok
16:25:07.0242 2596  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:25:07.0284 2596  tdx - ok
16:25:07.0294 2596  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:25:07.0304 2596  TermDD - ok
16:25:07.0308 2596  [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt        C:\Windows\system32\drivers\terminpt.sys
16:25:07.0330 2596  terminpt - ok
16:25:07.0391 2596  [ BDE1750384AD85C10DC41D05A28ED863 ] TermService     C:\Windows\System32\termsrv.dll
16:25:07.0423 2596  TermService - ok
16:25:07.0434 2596  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:25:07.0462 2596  Themes - ok
16:25:07.0481 2596  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:25:07.0538 2596  THREADORDER - ok
16:25:07.0569 2596  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:25:07.0608 2596  TrkWks - ok
16:25:07.0664 2596  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:25:07.0729 2596  TrustedInstaller - ok
16:25:07.0755 2596  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:25:07.0810 2596  tssecsrv - ok
16:25:07.0814 2596  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:25:07.0833 2596  TsUsbFlt - ok
16:25:07.0836 2596  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:25:07.0847 2596  TsUsbGD - ok
16:25:07.0870 2596  [ 5AF0E7D020F6CA55AC57CD89AE089673 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:25:07.0899 2596  tunnel - ok
16:25:07.0905 2596  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:25:07.0924 2596  uagp35 - ok
16:25:07.0946 2596  [ 7397C449E1C74AC9F41A9004BCAD6CB0 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:25:07.0980 2596  udfs - ok
16:25:08.0031 2596  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:25:08.0063 2596  UI0Detect - ok
16:25:08.0079 2596  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:25:08.0102 2596  uliagpkx - ok
16:25:08.0116 2596  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:25:08.0142 2596  umbus - ok
16:25:08.0146 2596  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:25:08.0170 2596  UmPass - ok
16:25:08.0257 2596  [ F51C224B79D338BDE125FD8035D2418B ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:25:08.0345 2596  UNS - ok
16:25:08.0387 2596  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:25:08.0466 2596  upnphost - ok
16:25:08.0493 2596  [ 420DB638C062BFB1B8D4CDCD476A0782 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:25:08.0515 2596  usbccgp - ok
16:25:08.0521 2596  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:25:08.0551 2596  usbcir - ok
16:25:08.0555 2596  [ 1D6AAF87C20364DDBF74DE0EC95C72FC ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:25:08.0575 2596  usbehci - ok
16:25:08.0608 2596  [ D5DCE1430A3BAE0FACDD45CC433197AF ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:25:08.0644 2596  usbhub - ok
16:25:08.0674 2596  [ 481EAA39275E96A2C87FD1E0619A9476 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:25:08.0706 2596  usbohci - ok
16:25:08.0726 2596  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
16:25:08.0762 2596  usbprint - ok
16:25:08.0767 2596  [ 73B84C8CE467E81A94D4194F8009F2A0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:25:08.0785 2596  USBSTOR - ok
16:25:08.0790 2596  [ 983EEFBF4D05B2E7634ABBA92095CD16 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:25:08.0806 2596  usbuhci - ok
16:25:08.0828 2596  [ AB1D839BBB0560EBD981854B7B6769E4 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:25:08.0864 2596  usbvideo - ok
16:25:08.0889 2596  [ 81D8645AC588E7A6D9755D8FD84E6FDD ] UxSms           C:\Windows\System32\uxsms.dll
16:25:08.0914 2596  UxSms - ok
16:25:08.0931 2596  [ 4319CBF7C54D53F5C592A794127A6276 ] VaultSvc        C:\Windows\system32\lsass.exe
16:25:08.0947 2596  VaultSvc - ok
16:25:08.0962 2596  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:25:08.0978 2596  vdrvroot - ok
16:25:09.0008 2596  [ 44082C4A89ABDAC0C4B08AA8834270B4 ] vds             C:\Windows\System32\vds.exe
16:25:09.0048 2596  vds - ok
16:25:09.0074 2596  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:25:09.0097 2596  vga - ok
16:25:09.0103 2596  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:25:09.0177 2596  VgaSave - ok
16:25:09.0184 2596  [ 2E9907E787CDAFA2AAA7F928853B7142 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:25:09.0205 2596  vhdmp - ok
16:25:09.0211 2596  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:25:09.0227 2596  viaide - ok
16:25:09.0233 2596  [ B7962BD45492837173E0EF274E691C1F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:25:09.0251 2596  volmgr - ok
16:25:09.0270 2596  [ 0904EF550B3D3FEB326638A4BAD9937E ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:25:09.0296 2596  volmgrx - ok
16:25:09.0304 2596  [ A56F2326CE33646CDA95E7A9E7163FFA ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:25:09.0329 2596  volsnap - ok
16:25:09.0340 2596  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:25:09.0360 2596  vsmraid - ok
16:25:09.0412 2596  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:25:09.0512 2596  VSS - ok
16:25:09.0522 2596  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:25:09.0561 2596  vwifibus - ok
16:25:09.0579 2596  [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:25:09.0596 2596  vwififlt - ok
16:25:09.0632 2596  [ C7B83BD98BA3560374569C0C13EA3685 ] W32Time         C:\Windows\system32\w32time.dll
16:25:09.0670 2596  W32Time - ok
16:25:09.0689 2596  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:25:09.0718 2596  WacomPen - ok
16:25:09.0724 2596  [ 226028D956C43CE4D8DDFFA89873E890 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:25:09.0740 2596  WANARP - ok
16:25:09.0745 2596  [ 226028D956C43CE4D8DDFFA89873E890 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:25:09.0761 2596  Wanarpv6 - ok
16:25:09.0813 2596  [ F91B8969183F3461BD3D3438052AEAD0 ] wbengine        C:\Windows\system32\wbengine.exe
16:25:09.0877 2596  wbengine - ok
16:25:09.0886 2596  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:25:09.0928 2596  WbioSrvc - ok
16:25:09.0958 2596  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:25:10.0008 2596  wcncsvc - ok
16:25:10.0013 2596  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:25:10.0038 2596  WcsPlugInService - ok
16:25:10.0059 2596  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
16:25:10.0074 2596  Wd - ok
16:25:10.0092 2596  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:25:10.0133 2596  Wdf01000 - ok
16:25:10.0161 2596  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:25:10.0180 2596  WdiServiceHost - ok
16:25:10.0183 2596  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:25:10.0202 2596  WdiSystemHost - ok
16:25:10.0208 2596  [ D0AA40E108D4D404DFE9F3C4FA323432 ] WebClient       C:\Windows\System32\webclnt.dll
16:25:10.0223 2596  WebClient - ok
16:25:10.0238 2596  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:25:10.0321 2596  Wecsvc - ok
16:25:10.0340 2596  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:25:10.0396 2596  wercplsupport - ok
16:25:10.0414 2596  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:25:10.0473 2596  WerSvc - ok
16:25:10.0488 2596  [ 009604986BAE004733728282BD98BB03 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:25:10.0498 2596  WfpLwf - ok
16:25:10.0502 2596  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:25:10.0512 2596  WIMMount - ok
16:25:10.0550 2596  [ 54D68B92DC59FBBA95919C804A7C3E07 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys
16:25:10.0573 2596  winbondcir - ok
16:25:10.0604 2596  WinDefend - ok
16:25:10.0609 2596  WinHttpAutoProxySvc - ok
16:25:10.0710 2596  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:25:10.0768 2596  Winmgmt - ok
16:25:10.0828 2596  [ 5A91D5A0BBACA4B2FD9171CDD5BDC71B ] WinRM           C:\Windows\system32\WsmSvc.dll
16:25:10.0909 2596  WinRM - ok
16:25:10.0951 2596  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:25:11.0000 2596  Wlansvc - ok
16:25:11.0033 2596  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:25:11.0049 2596  WmiAcpi - ok
16:25:11.0077 2596  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:25:11.0105 2596  wmiApSrv - ok
16:25:11.0146 2596  WMPNetworkSvc - ok
16:25:11.0163 2596  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:25:11.0184 2596  WPCSvc - ok
16:25:11.0191 2596  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:25:11.0224 2596  WPDBusEnum - ok
16:25:11.0244 2596  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:25:11.0317 2596  ws2ifsl - ok
16:25:11.0359 2596  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
16:25:11.0399 2596  wscsvc - ok
16:25:11.0404 2596  WSearch - ok
16:25:11.0475 2596  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:25:11.0580 2596  wuauserv - ok
16:25:11.0602 2596  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:25:11.0634 2596  WudfPf - ok
16:25:11.0650 2596  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:25:11.0680 2596  WUDFRd - ok
16:25:11.0708 2596  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:25:11.0728 2596  wudfsvc - ok
16:25:11.0741 2596  [ 37612EAB55BCCBE5F7825E6A00A190CF ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:25:11.0777 2596  WwanSvc - ok
16:25:11.0799 2596  ================ Scan global ===============================
16:25:11.0840 2596  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:25:11.0871 2596  [ CC44EBC3E04E76AABE19EB4A16663E4A ] C:\Windows\system32\winsrv.dll
16:25:11.0882 2596  [ CC44EBC3E04E76AABE19EB4A16663E4A ] C:\Windows\system32\winsrv.dll
16:25:11.0906 2596  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:25:11.0942 2596  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:25:11.0948 2596  [Global] - ok
16:25:11.0949 2596  ================ Scan MBR ==================================
16:25:11.0961 2596  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:25:12.0297 2596  \Device\Harddisk0\DR0 - ok
16:25:12.0298 2596  ================ Scan VBR ==================================
16:25:12.0302 2596  [ 012315393678359ED9CB100DB88B66FC ] \Device\Harddisk0\DR0\Partition1
16:25:12.0303 2596  \Device\Harddisk0\DR0\Partition1 - ok
16:25:12.0329 2596  [ 6813EB3B0C705CF1560E865C55BA4E13 ] \Device\Harddisk0\DR0\Partition2
16:25:12.0331 2596  \Device\Harddisk0\DR0\Partition2 - ok
16:25:12.0348 2596  [ 85FD7C09CC8C05B03C42C0BD676B3C50 ] \Device\Harddisk0\DR0\Partition3
16:25:12.0349 2596  \Device\Harddisk0\DR0\Partition3 - ok
16:25:12.0350 2596  ============================================================
16:25:12.0350 2596  Scan finished
16:25:12.0350 2596  ============================================================
16:25:12.0362 2600  Detected object count: 1
16:25:12.0363 2600  Actual detected object count: 1
16:25:22.0002 2600  IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:22.0002 2600  IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:25:41.0388 3188  ============================================================
16:25:41.0388 3188  Scan started
16:25:41.0388 3188  Mode: Manual; SigCheck; TDLFS; 
16:25:41.0388 3188  ============================================================
16:25:41.0921 3188  ================ Scan system memory ========================
16:25:41.0921 3188  System memory - ok
16:25:41.0922 3188  ================ Scan services =============================
16:25:42.0322 3188  [ 0B94DF0DB9DCA3EDB2B57747D5433E7F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:25:42.0356 3188  1394ohci - ok
16:25:42.0365 3188  [ 114ACFE781B214B95F53D52020466CFD ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:25:42.0384 3188  ACPI - ok
16:25:42.0389 3188  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:25:42.0407 3188  AcpiPmi - ok
16:25:42.0417 3188  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:25:42.0441 3188  adp94xx - ok
16:25:42.0449 3188  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:25:42.0467 3188  adpahci - ok
16:25:42.0473 3188  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:25:42.0490 3188  adpu320 - ok
16:25:42.0520 3188  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:25:42.0569 3188  AeLookupSvc - ok
16:25:42.0578 3188  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:25:42.0600 3188  AFD - ok
16:25:42.0626 3188  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:25:42.0644 3188  agp440 - ok
16:25:42.0661 3188  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:25:42.0682 3188  ALG - ok
16:25:42.0686 3188  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:25:42.0702 3188  aliide - ok
16:25:42.0734 3188  [ 41A0813F22D3330C0CA71CE5BBD42B12 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:25:42.0756 3188  AMD External Events Utility - ok
16:25:42.0782 3188  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:25:42.0797 3188  amdide - ok
16:25:42.0802 3188  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:25:42.0819 3188  AmdK8 - ok
16:25:42.0826 3188  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:25:42.0842 3188  AmdPPM - ok
16:25:42.0848 3188  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:25:42.0865 3188  amdsata - ok
16:25:42.0873 3188  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:25:42.0899 3188  amdsbs - ok
16:25:42.0903 3188  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:25:42.0913 3188  amdxata - ok
16:25:42.0917 3188  [ AB4CD625EDA2E4D3E5B84EEDAD404B1A ] AppID           C:\Windows\system32\drivers\appid.sys
16:25:42.0928 3188  AppID - ok
16:25:42.0957 3188  [ 8875F1952F885275E8EB3A004890C3F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:25:42.0976 3188  AppIDSvc - ok
16:25:42.0982 3188  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:25:43.0045 3188  Appinfo - ok
16:25:43.0054 3188  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
16:25:43.0071 3188  arc - ok
16:25:43.0096 3188  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:25:43.0113 3188  arcsas - ok
16:25:43.0118 3188  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:25:43.0177 3188  AsyncMac - ok
16:25:43.0182 3188  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:25:43.0197 3188  atapi - ok
16:25:43.0280 3188  [ B28998D019340B333A106316D8B7D8DA ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:25:43.0334 3188  athr - ok
16:25:43.0477 3188  [ 37456BE85384E4CC38DC899F07F88C45 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:25:43.0570 3188  atikmdag - ok
16:25:43.0614 3188  [ A78697675C6B34E20C013C0741510627 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:25:43.0634 3188  AudioEndpointBuilder - ok
16:25:43.0644 3188  [ A78697675C6B34E20C013C0741510627 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:25:43.0662 3188  AudioSrv - ok
16:25:43.0679 3188  [ CDA9ED9AEE49BB4076B0FAF5DBE3B666 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:25:43.0691 3188  AxInstSV - ok
16:25:43.0717 3188  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:25:43.0732 3188  b06bdrv - ok
16:25:43.0749 3188  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:25:43.0763 3188  b57nd60a - ok
16:25:43.0790 3188  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:25:43.0801 3188  BDESVC - ok
16:25:43.0826 3188  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:25:43.0861 3188  Beep - ok
16:25:43.0885 3188  [ CC538A4EF546EA402A70965EE05E131E ] BFE             C:\Windows\System32\bfe.dll
16:25:43.0902 3188  BFE - ok
16:25:43.0950 3188  [ DB3159AA87392A6098C4343D47C7C2D7 ] BITS            C:\Windows\system32\qmgr.dll
16:25:43.0987 3188  BITS - ok
16:25:44.0007 3188  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:25:44.0024 3188  blbdrive - ok
16:25:44.0030 3188  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:25:44.0047 3188  bowser - ok
16:25:44.0058 3188  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:25:44.0080 3188  BrFiltLo - ok
16:25:44.0084 3188  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:25:44.0106 3188  BrFiltUp - ok
16:25:44.0112 3188  [ 2DAF3AA72B540FE9FEDFDCF1DECD82F1 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
16:25:44.0129 3188  BridgeMP - ok
16:25:44.0153 3188  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:25:44.0172 3188  Browser - ok
16:25:44.0194 3188  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:25:44.0215 3188  Brserid - ok
16:25:44.0236 3188  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:25:44.0257 3188  BrSerWdm - ok
16:25:44.0262 3188  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:25:44.0282 3188  BrUsbMdm - ok
16:25:44.0285 3188  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:25:44.0297 3188  BrUsbSer - ok
16:25:44.0329 3188  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
16:25:44.0340 3188  BthEnum - ok
16:25:44.0362 3188  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:25:44.0376 3188  BTHMODEM - ok
16:25:44.0392 3188  [ 55D70925E9B9376103AC593CDB6D0D53 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:25:44.0402 3188  BthPan - ok
16:25:44.0438 3188  [ E704C4597BBB3EB4E5D450F26B357CE2 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
16:25:44.0465 3188  BTHPORT - ok
16:25:44.0496 3188  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:25:44.0552 3188  bthserv - ok
16:25:44.0583 3188  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
16:25:44.0603 3188  BTHUSB - ok
16:25:44.0606 3188  catchme - ok
16:25:44.0629 3188  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:25:44.0691 3188  cdfs - ok
16:25:44.0704 3188  [ E5F4FD3D59B9141560D4174AAE6E66E0 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:25:44.0721 3188  cdrom - ok
16:25:44.0750 3188  [ DF5A9401E268EBB7F9A73B4D65887965 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:25:44.0766 3188  CertPropSvc - ok
16:25:44.0771 3188  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:25:44.0794 3188  circlass - ok
16:25:44.0818 3188  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:25:44.0842 3188  CLFS - ok
16:25:44.0957 3188  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:25:44.0972 3188  clr_optimization_v2.0.50727_32 - ok
16:25:45.0103 3188  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:25:45.0120 3188  clr_optimization_v2.0.50727_64 - ok
16:25:45.0146 3188  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:25:45.0162 3188  CmBatt - ok
16:25:45.0168 3188  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:25:45.0184 3188  cmdide - ok
16:25:45.0204 3188  [ 90A633E6B4D13BF40918E3206B0E33EC ] CNG             C:\Windows\system32\Drivers\cng.sys
16:25:45.0238 3188  CNG - ok
16:25:45.0244 3188  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:25:45.0259 3188  Compbatt - ok
16:25:45.0264 3188  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:25:45.0280 3188  CompositeBus - ok
16:25:45.0284 3188  COMSysApp - ok
16:25:45.0289 3188  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:25:45.0300 3188  crcdisk - ok
16:25:45.0340 3188  [ 7E7D2DACF65D750D466F36BD3D09AE20 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:25:45.0362 3188  CryptSvc - ok
16:25:45.0396 3188  [ 83D5AD7CFDB1F9D42C3CD102B20FFA0A ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:25:45.0424 3188  DcomLaunch - ok
16:25:45.0457 3188  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:25:45.0521 3188  defragsvc - ok
16:25:45.0538 3188  [ 9FCDC4EEBCE39173122F9FEE53A054FC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:25:45.0555 3188  DfsC - ok
16:25:45.0581 3188  [ 3249F4E4DBF1BD24B40DFF385F2511D4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:25:45.0603 3188  Dhcp - ok
16:25:45.0638 3188  [ 9ED290A1E8FDBCF269B26CDA541DDC84 ] discache        C:\Windows\system32\drivers\discache.sys
16:25:45.0654 3188  discache - ok
16:25:45.0660 3188  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
16:25:45.0677 3188  Disk - ok
16:25:45.0717 3188  [ 138A622CB3A5A892441D71874E26C41C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:25:45.0737 3188  Dnscache - ok
16:25:45.0750 3188  [ A5E97B8E11AC35F2C5DAF85FF95B1E52 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:25:45.0771 3188  dot3svc - ok
16:25:45.0779 3188  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:25:45.0832 3188  DPS - ok
16:25:45.0854 3188  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:25:45.0869 3188  drmkaud - ok
16:25:45.0900 3188  [ ED5DE02656654EF1270908C5456A110B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:25:45.0930 3188  DXGKrnl - ok
16:25:45.0953 3188  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:25:45.0998 3188  EapHost - ok
16:25:46.0078 3188  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:25:46.0141 3188  ebdrv - ok
16:25:46.0165 3188  [ 4319CBF7C54D53F5C592A794127A6276 ] EFS             C:\Windows\System32\lsass.exe
16:25:46.0178 3188  EFS - ok
16:25:46.0260 3188  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:25:46.0294 3188  ehRecvr - ok
16:25:46.0300 3188  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:25:46.0322 3188  ehSched - ok
16:25:46.0359 3188  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:25:46.0388 3188  elxstor - ok
16:25:46.0393 3188  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:25:46.0409 3188  ErrDev - ok
16:25:46.0441 3188  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:25:46.0490 3188  EventSystem - ok
16:25:46.0510 3188  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:25:46.0548 3188  exfat - ok
16:25:46.0553 3188  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:25:46.0590 3188  fastfat - ok
16:25:46.0634 3188  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:25:46.0667 3188  Fax - ok
16:25:46.0704 3188  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
16:25:46.0724 3188  fdc - ok
16:25:46.0753 3188  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:25:46.0809 3188  fdPHost - ok
16:25:46.0813 3188  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:25:46.0853 3188  FDResPub - ok
16:25:46.0857 3188  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:25:46.0868 3188  FileInfo - ok
16:25:46.0872 3188  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:25:46.0912 3188  Filetrace - ok
16:25:46.0917 3188  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:25:46.0928 3188  flpydisk - ok
16:25:46.0934 3188  [ BAD52A4449DB51D70826EBDE87D84E22 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:25:46.0948 3188  FltMgr - ok
16:25:46.0978 3188  [ 5B92E2B067F64DC53698EB84966B3F0D ] FontCache       C:\Windows\system32\FntCache.dll
16:25:47.0001 3188  FontCache - ok
16:25:47.0035 3188  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:25:47.0049 3188  FontCache3.0.0.0 - ok
16:25:47.0071 3188  [ 305380D5D33BFDEAAF14D73E969239FC ] FPSensor        C:\Windows\system32\Drivers\FPSensor.sys
16:25:47.0087 3188  FPSensor - ok
16:25:47.0112 3188  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:25:47.0130 3188  FsDepends - ok
16:25:47.0135 3188  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:25:47.0150 3188  Fs_Rec - ok
16:25:47.0157 3188  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:25:47.0183 3188  fvevol - ok
16:25:47.0188 3188  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:25:47.0205 3188  gagp30kx - ok
16:25:47.0234 3188  [ B205AA45B2D23EA65EB42542D571EA4E ] gpsvc           C:\Windows\System32\gpsvc.dll
16:25:47.0264 3188  gpsvc - ok
16:25:47.0270 3188  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:25:47.0286 3188  hcw85cir - ok
16:25:47.0307 3188  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:25:47.0335 3188  HdAudAddService - ok
16:25:47.0359 3188  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:25:47.0383 3188  HDAudBus - ok
16:25:47.0411 3188  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
16:25:47.0424 3188  HECIx64 - ok
16:25:47.0429 3188  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:25:47.0447 3188  HidBatt - ok
16:25:47.0453 3188  [ FDF5EAD19FD8B2D0C50A9CCDD7836F9E ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:25:47.0469 3188  HidBth - ok
16:25:47.0474 3188  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:25:47.0496 3188  HidIr - ok
16:25:47.0531 3188  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
16:25:47.0588 3188  hidserv - ok
16:25:47.0610 3188  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:25:47.0622 3188  HidUsb - ok
16:25:47.0631 3188  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:25:47.0672 3188  hkmsvc - ok
16:25:47.0697 3188  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:25:47.0711 3188  HomeGroupListener - ok
16:25:47.0741 3188  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:25:47.0754 3188  HomeGroupProvider - ok
16:25:47.0767 3188  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:25:47.0778 3188  HpSAMD - ok
16:25:47.0788 3188  [ 30C2ABEA8C73FE17292420D6AF68822E ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:25:47.0806 3188  HTTP - ok
16:25:47.0825 3188  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:25:47.0834 3188  hwpolicy - ok
16:25:47.0838 3188  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:25:47.0850 3188  i8042prt - ok
16:25:47.0892 3188  [ AE0C5DF7E7DA3E7AC29B64CFA8C4F044 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
16:25:47.0928 3188  iaStorA - ok
16:25:48.0102 3188  [ 777788D9B63CCEEEF2DB353BA4EDD454 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:25:48.0118 3188  IAStorDataMgrSvc - ok
16:25:48.0131 3188  [ 711241EA1BA9DB44F34D03D2AD00ED08 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
16:25:48.0145 3188  iaStorF - ok
16:25:48.0187 3188  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:25:48.0212 3188  iaStorV - ok
16:25:48.0265 3188  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:25:48.0298 3188  idsvc - ok
16:25:48.0397 3188  [ D70B2BADBC951B2DDBFEEBBBA846BE98 ] IGBASVC         C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
16:25:48.0453 3188  IGBASVC ( UnsignedFile.Multi.Generic ) - warning
16:25:48.0453 3188  IGBASVC - detected UnsignedFile.Multi.Generic (1)
16:25:48.0474 3188  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:25:48.0485 3188  iirsp - ok
16:25:48.0522 3188  [ AF66C7B1D07DC6DE415F5F32BA1F92A7 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:25:48.0543 3188  IKEEXT - ok
16:25:48.0569 3188  [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
16:25:48.0580 3188  Impcd - ok
16:25:48.0775 3188  [ 91B61589BB2915E81D436EFE07548507 ] int15           C:\Windows\SysWOW64\drivers\int15_64.sys
16:25:48.0791 3188  int15 - ok
16:25:48.0901 3188  [ 5C0BBE779BA3D6F84EB5AE3CB8793E11 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:25:49.0030 3188  IntcAzAudAddService - ok
16:25:49.0052 3188  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:25:49.0062 3188  intelide - ok
16:25:49.0067 3188  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:25:49.0080 3188  intelppm - ok
16:25:49.0107 3188  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:25:49.0174 3188  IPBusEnum - ok
16:25:49.0181 3188  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:25:49.0243 3188  IpFilterDriver - ok
16:25:49.0258 3188  [ 8150AE980990BC43C577D5FBA0C98F1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:25:49.0283 3188  iphlpsvc - ok
16:25:49.0302 3188  [ 3CB3DBEECB9672698B5C1A6EAB2940B0 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:25:49.0319 3188  IPMIDRV - ok
16:25:49.0325 3188  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:25:49.0382 3188  IPNAT - ok
16:25:49.0392 3188  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:25:49.0408 3188  IRENUM - ok
16:25:49.0412 3188  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:25:49.0421 3188  isapnp - ok
16:25:49.0439 3188  [ D9A95CE8A8C0735D2DAD0BAFEA1E0382 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:25:49.0453 3188  iScsiPrt - ok
16:25:49.0477 3188  [ 9D946134848CC59246704DCB5FC53BB8 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
16:25:49.0492 3188  k57nd60a - ok
16:25:49.0505 3188  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:25:49.0515 3188  kbdclass - ok
16:25:49.0525 3188  [ 3985332405FA64D8E679A1DB24901596 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:25:49.0536 3188  kbdhid - ok
16:25:49.0553 3188  [ 4319CBF7C54D53F5C592A794127A6276 ] KeyIso          C:\Windows\system32\lsass.exe
16:25:49.0564 3188  KeyIso - ok
16:25:49.0568 3188  [ B2AFE62AF2BCAE582DDD2327C57EA85E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:25:49.0579 3188  KSecDD - ok
16:25:49.0584 3188  [ 64E80C2BFFC733B9ECC6D9436D454128 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:25:49.0595 3188  KSecPkg - ok
16:25:49.0599 3188  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:25:49.0635 3188  ksthunk - ok
16:25:49.0659 3188  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:25:49.0700 3188  KtmRm - ok
16:25:49.0723 3188  [ BB1F14C43241F880D23B1A8BB0B76DD0 ] LanmanServer    C:\Windows\System32\srvsvc.dll
16:25:49.0736 3188  LanmanServer - ok
16:25:49.0753 3188  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:25:49.0789 3188  LanmanWorkstation - ok
16:25:49.0817 3188  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:25:49.0854 3188  lltdio - ok
16:25:49.0878 3188  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:25:49.0918 3188  lltdsvc - ok
16:25:49.0921 3188  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:25:49.0957 3188  lmhosts - ok
16:25:50.0016 3188  [ 73A1F958FCAC3438046DBB829DC92FE6 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:25:50.0040 3188  LMS - ok
16:25:50.0064 3188  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:25:50.0082 3188  LSI_FC - ok
16:25:50.0093 3188  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:25:50.0110 3188  LSI_SAS - ok
16:25:50.0116 3188  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:25:50.0132 3188  LSI_SAS2 - ok
16:25:50.0139 3188  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:25:50.0157 3188  LSI_SCSI - ok
16:25:50.0163 3188  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:25:50.0225 3188  luafv - ok
16:25:50.0252 3188  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
16:25:50.0267 3188  MBAMProtector - ok
16:25:50.0292 3188  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:25:50.0312 3188  MBAMScheduler - ok
16:25:50.0343 3188  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:25:50.0369 3188  MBAMService - ok
16:25:50.0410 3188  [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
16:25:50.0433 3188  McComponentHostService - ok
16:25:50.0464 3188  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:25:50.0484 3188  Mcx2Svc - ok
16:25:50.0517 3188  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:25:50.0536 3188  megasas - ok
16:25:50.0546 3188  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:25:50.0571 3188  MegaSR - ok
16:25:50.0702 3188  Microsoft SharePoint Workspace Audit Service - ok
16:25:50.0737 3188  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:25:50.0799 3188  MMCSS - ok
16:25:50.0823 3188  [ BFFB0C93D9FB43CA42EF11C9240BFF7F ] Modem           C:\Windows\system32\drivers\modem.sys
16:25:50.0838 3188  Modem - ok
16:25:50.0844 3188  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:25:50.0865 3188  monitor - ok
16:25:50.0871 3188  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:25:50.0887 3188  mouclass - ok
16:25:50.0893 3188  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:25:50.0910 3188  mouhid - ok
16:25:50.0916 3188  [ B3F55C20008956239A2190DBD7CC4C31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:25:50.0933 3188  mountmgr - ok
16:25:50.0969 3188  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:25:50.0987 3188  MozillaMaintenance - ok
16:25:51.0009 3188  [ 5F236E59025CD356972D2F004AB25BF4 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:25:51.0029 3188  mpio - ok
16:25:51.0048 3188  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:25:51.0066 3188  mpsdrv - ok
16:25:51.0107 3188  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:25:51.0137 3188  MpsSvc - ok
16:25:51.0156 3188  [ DD80994515CD82EE196ECCFE8AD19E41 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:25:51.0173 3188  MRxDAV - ok
16:25:51.0194 3188  [ 2D521B23095AC3A2CABEA27D5535C58C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:25:51.0212 3188  mrxsmb - ok
16:25:51.0221 3188  [ B92EC59CE0666CBAE68DCA5EC03CDE1C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:25:51.0241 3188  mrxsmb10 - ok
16:25:51.0248 3188  [ 48E3A44542A83AF769897C8836EB9A87 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:25:51.0265 3188  mrxsmb20 - ok
16:25:51.0270 3188  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:25:51.0286 3188  msahci - ok
16:25:51.0293 3188  [ 96A665A120150D1DE9D4C84AEAE01D0D ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:25:51.0311 3188  msdsm - ok
16:25:51.0323 3188  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:25:51.0343 3188  MSDTC - ok
16:25:51.0350 3188  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:25:51.0400 3188  Msfs - ok
16:25:51.0404 3188  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:25:51.0439 3188  mshidkmdf - ok
16:25:51.0443 3188  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:25:51.0452 3188  msisadrv - ok
16:25:51.0474 3188  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:25:51.0510 3188  MSiSCSI - ok
16:25:51.0514 3188  msiserver - ok
16:25:51.0527 3188  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:25:51.0564 3188  MSKSSRV - ok
16:25:51.0581 3188  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:25:51.0617 3188  MSPCLOCK - ok
16:25:51.0620 3188  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:25:51.0656 3188  MSPQM - ok
16:25:51.0663 3188  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:25:51.0677 3188  MsRPC - ok
16:25:51.0683 3188  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:25:51.0693 3188  mssmbios - ok
16:25:51.0697 3188  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:25:51.0732 3188  MSTEE - ok
16:25:51.0735 3188  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:25:51.0745 3188  MTConfig - ok
16:25:51.0749 3188  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:25:51.0759 3188  Mup - ok
16:25:51.0794 3188  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:25:51.0833 3188  napagent - ok
16:25:51.0858 3188  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:25:51.0887 3188  NativeWifiP - ok
16:25:51.0919 3188  [ 37060C2BFFFBF8235AB8021D33807AEC ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:25:51.0959 3188  NDIS - ok
16:25:51.0970 3188  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:25:52.0029 3188  NdisCap - ok
16:25:52.0034 3188  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:25:52.0050 3188  NdisTapi - ok
16:25:52.0055 3188  [ 4948435B96A6FA63914DA3B4090E6700 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:25:52.0070 3188  Ndisuio - ok
16:25:52.0077 3188  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:25:52.0118 3188  NdisWan - ok
16:25:52.0122 3188  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:25:52.0133 3188  NDProxy - ok
16:25:52.0137 3188  [ BB14215BBAF8EBB5E5FFAA3B6B04D177 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:25:52.0147 3188  NetBIOS - ok
16:25:52.0153 3188  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:25:52.0190 3188  NetBT - ok
16:25:52.0209 3188  [ 4319CBF7C54D53F5C592A794127A6276 ] Netlogon        C:\Windows\system32\lsass.exe
16:25:52.0219 3188  Netlogon - ok
16:25:52.0252 3188  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:25:52.0292 3188  Netman - ok
16:25:52.0300 3188  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:25:52.0340 3188  netprofm - ok
16:25:52.0368 3188  [ 9C94A532F53198B59ADB2EB5033008D7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:25:52.0380 3188  NetTcpPortSharing - ok
16:25:52.0399 3188  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:25:52.0410 3188  nfrd960 - ok
16:25:52.0442 3188  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:25:52.0468 3188  NlaSvc - ok
16:25:52.0475 3188  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:25:52.0526 3188  Npfs - ok
16:25:52.0542 3188  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:25:52.0556 3188  nsi - ok
16:25:52.0561 3188  [ F7DAC05B4067C8D9DD1FF2FCF7E33291 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:25:52.0573 3188  nsiproxy - ok
16:25:52.0636 3188  [ 35987934C56F2D56EA2994D20462994B ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:25:52.0693 3188  Ntfs - ok
16:25:52.0697 3188  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:25:52.0742 3188  Null - ok
16:25:52.0755 3188  [ 4F990BD111CF94891104193F8787788F ] nuvotoncir      C:\Windows\system32\DRIVERS\nuvotoncir.sys
16:25:52.0764 3188  nuvotoncir - ok
16:25:52.0781 3188  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:25:52.0792 3188  nvraid - ok
16:25:52.0797 3188  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:25:52.0809 3188  nvstor - ok
16:25:52.0813 3188  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:25:52.0825 3188  nv_agp - ok
16:25:52.0829 3188  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:25:52.0839 3188  ohci1394 - ok
16:25:52.0893 3188  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:25:52.0910 3188  ose - ok
16:25:53.0072 3188  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:25:53.0165 3188  osppsvc - ok
16:25:53.0214 3188  [ 8830D42427D05B15B032108EBBDBD289 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:25:53.0238 3188  p2pimsvc - ok
16:25:53.0256 3188  [ 5B7BADED6943AA6F4B6C1ABA5FCCB25F ] p2psvc          C:\Windows\system32\p2psvc.dll
16:25:53.0282 3188  p2psvc - ok
16:25:53.0307 3188  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
16:25:53.0329 3188  Parport - ok
16:25:53.0336 3188  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:25:53.0354 3188  partmgr - ok
16:25:53.0381 3188  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:25:53.0412 3188  PcaSvc - ok
16:25:53.0420 3188  [ 9CE2B541DEBE8DCA0ECD251584540703 ] pci             C:\Windows\system32\drivers\pci.sys
16:25:53.0439 3188  pci - ok
16:25:53.0445 3188  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:25:53.0460 3188  pciide - ok
16:25:53.0468 3188  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:25:53.0488 3188  pcmcia - ok
16:25:53.0494 3188  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:25:53.0510 3188  pcw - ok
16:25:53.0530 3188  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:25:53.0592 3188  PEAUTH - ok
16:25:53.0623 3188  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:25:53.0636 3188  PerfHost - ok
16:25:53.0689 3188  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:25:53.0715 3188  pla - ok
16:25:53.0739 3188  [ 34B06971CA5A740B32A63646C60BA3FC ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:25:53.0754 3188  PlugPlay - ok
16:25:53.0776 3188  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:25:53.0786 3188  PNRPAutoReg - ok
16:25:53.0793 3188  [ 8830D42427D05B15B032108EBBDBD289 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:25:53.0806 3188  PNRPsvc - ok
16:25:53.0841 3188  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:25:53.0880 3188  PolicyAgent - ok
16:25:53.0896 3188  [ A6D45EB5FC8DBA8EBF3ABE2481C942B9 ] Power           C:\Windows\system32\umpo.dll
16:25:53.0909 3188  Power - ok
16:25:53.0933 3188  [ D8874711B6C3DD308F84E42BA6EFF179 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:25:53.0951 3188  PptpMiniport - ok
16:25:53.0961 3188  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
16:25:53.0982 3188  Processor - ok
16:25:54.0016 3188  [ 390785362AC2D607A104CC562B7779CD ] ProfSvc         C:\Windows\system32\profsvc.dll
16:25:54.0036 3188  ProfSvc - ok
16:25:54.0053 3188  [ 4319CBF7C54D53F5C592A794127A6276 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:25:54.0070 3188  ProtectedStorage - ok
16:25:54.0083 3188  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:25:54.0136 3188  Psched - ok
16:25:54.0190 3188  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:25:54.0238 3188  ql2300 - ok
16:25:54.0243 3188  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:25:54.0257 3188  ql40xx - ok
16:25:54.0299 3188  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:25:54.0335 3188  QWAVE - ok
16:25:54.0359 3188  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:25:54.0388 3188  QWAVEdrv - ok
16:25:54.0393 3188  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:25:54.0451 3188  RasAcd - ok
16:25:54.0467 3188  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:25:54.0504 3188  RasAgileVpn - ok
16:25:54.0532 3188  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:25:54.0602 3188  RasAuto - ok
16:25:54.0630 3188  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:25:54.0675 3188  Rasl2tp - ok
16:25:54.0694 3188  [ 8AB012D47B12630A72F56E26A1B5E63C ] RasMan          C:\Windows\System32\rasmans.dll
16:25:54.0711 3188  RasMan - ok
16:25:54.0718 3188  [ 77682DE44B334E6AAFCD0ED61FB7404F ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:25:54.0731 3188  RasPppoe - ok
16:25:54.0736 3188  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:25:54.0782 3188  RasSstp - ok
16:25:54.0789 3188  [ 3FD90FB6C68BFA78A819B7A073FB5A20 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:25:54.0805 3188  rdbss - ok
16:25:54.0809 3188  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
16:25:54.0826 3188  rdpbus - ok
16:25:54.0830 3188  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:25:54.0876 3188  RDPCDD - ok
16:25:54.0881 3188  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:25:54.0926 3188  RDPENCDD - ok
16:25:54.0932 3188  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:25:54.0976 3188  RDPREFMP - ok
16:25:54.0981 3188  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:25:54.0994 3188  RdpVideoMiniport - ok
16:25:55.0011 3188  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:25:55.0026 3188  RDPWD - ok
16:25:55.0032 3188  [ A115F49BEA840A5F049BC6310F35F776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:25:55.0047 3188  rdyboost - ok
16:25:55.0069 3188  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:25:55.0083 3188  RemoteAccess - ok
16:25:55.0117 3188  [ 44A031C50D6E8077A034D59E094AB1E2 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:25:55.0132 3188  RemoteRegistry - ok
16:25:55.0163 3188  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:25:55.0189 3188  RFCOMM - ok
16:25:55.0224 3188  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:25:55.0285 3188  RpcEptMapper - ok
16:25:55.0310 3188  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:25:55.0329 3188  RpcLocator - ok
16:25:55.0351 3188  [ 83D5AD7CFDB1F9D42C3CD102B20FFA0A ] RpcSs           C:\Windows\system32\rpcss.dll
16:25:55.0376 3188  RpcSs - ok
16:25:55.0405 3188  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:25:55.0468 3188  rspndr - ok
16:25:55.0511 3188  [ C435AC77704EB16E85C9D630F4D4B4F7 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
16:25:55.0533 3188  RTHDMIAzAudService - ok
16:25:55.0553 3188  [ 4319CBF7C54D53F5C592A794127A6276 ] SamSs           C:\Windows\system32\lsass.exe
16:25:55.0569 3188  SamSs - ok
16:25:55.0585 3188  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:25:55.0602 3188  sbp2port - ok
16:25:55.0637 3188  [ 3998013C9FA81B3FDAC7A394DD996E10 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:25:55.0657 3188  SCardSvr - ok
16:25:55.0671 3188  [ B8565E5DBBCE2B7DFD49A7A6C03F6A90 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:25:55.0686 3188  scfilter - ok
16:25:55.0720 3188  [ CB23169AD1CEAEFF97DD76AD105B24C3 ] Schedule        C:\Windows\system32\schedsvc.dll
16:25:55.0756 3188  Schedule - ok
16:25:55.0783 3188  [ DF5A9401E268EBB7F9A73B4D65887965 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:25:55.0799 3188  SCPolicySvc - ok
16:25:55.0832 3188  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:25:55.0851 3188  SDRSVC - ok
16:25:55.0868 3188  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:25:55.0924 3188  secdrv - ok
16:25:55.0942 3188  [ EA764FF72CD57F69B6E1E1A4F713708C ] seclogon        C:\Windows\system32\seclogon.dll
16:25:55.0953 3188  seclogon - ok
16:25:55.0979 3188  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
16:25:56.0017 3188  SENS - ok
16:25:56.0025 3188  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:25:56.0036 3188  SensrSvc - ok
16:25:56.0046 3188  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:25:56.0058 3188  Serenum - ok
16:25:56.0071 3188  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
16:25:56.0083 3188  Serial - ok
16:25:56.0087 3188  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:25:56.0098 3188  sermouse - ok
16:25:56.0121 3188  [ 4D7226D0B485C8AE5BCD8E0DCC1066AB ] SessionEnv      C:\Windows\system32\sessenv.dll
16:25:56.0134 3188  SessionEnv - ok
16:25:56.0148 3188  [ C3D57658C34C68DB5D8970A1CF96284E ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:25:56.0159 3188  sffdisk - ok
16:25:56.0162 3188  [ 21EACBEFFFB0FB4999D3D10245CF10A5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:25:56.0172 3188  sffp_mmc - ok
16:25:56.0182 3188  [ AF660EA3039E8FE3C2051D7224C82F34 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:25:56.0192 3188  sffp_sd - ok
16:25:56.0196 3188  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:25:56.0207 3188  sfloppy - ok
16:25:56.0238 3188  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:25:56.0278 3188  SharedAccess - ok
16:25:56.0300 3188  [ EA9092F3DB26EDC7199AB64C9EF0D2D7 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:25:56.0315 3188  ShellHWDetection - ok
16:25:56.0339 3188  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:25:56.0350 3188  SiSRaid2 - ok
16:25:56.0355 3188  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:25:56.0366 3188  SiSRaid4 - ok
16:25:56.0486 3188  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:25:56.0583 3188  Skype C2C Service - ok
16:25:56.0612 3188  [ 65F9539E506D43FCD7CB59F8FD5CCABC ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:25:56.0626 3188  SkypeUpdate - ok
16:25:56.0653 3188  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:25:56.0707 3188  Smb - ok
16:25:56.0727 3188  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:25:56.0738 3188  SNMPTRAP - ok
16:25:56.0806 3188  [ A415C67B40DFB903ACCC1D40FBEE3269 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
16:25:56.0855 3188  SNP2UVC - ok
16:25:56.0899 3188  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:25:56.0915 3188  spldr - ok
16:25:56.0965 3188  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:25:56.0993 3188  Spooler - ok
16:25:57.0075 3188  [ 53952A2A89985D1A3486F9FC661BA538 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:25:57.0134 3188  sppsvc - ok
16:25:57.0156 3188  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:25:57.0192 3188  sppuinotify - ok
16:25:57.0215 3188  [ 218F6F1BD7ED3F2167759E6A9C9DDD53 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:25:57.0230 3188  srv - ok
16:25:57.0242 3188  [ 89B174820864672CDB4D8B0EC27A11B9 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:25:57.0256 3188  srv2 - ok
16:25:57.0262 3188  [ 896BEAAF23419696E73469DC207B4D26 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:25:57.0274 3188  srvnet - ok
16:25:57.0304 3188  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:25:57.0373 3188  SSDPSRV - ok
16:25:57.0378 3188  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:25:57.0425 3188  SstpSvc - ok
16:25:57.0441 3188  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:25:57.0451 3188  stexstor - ok
16:25:57.0488 3188  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:25:57.0512 3188  stisvc - ok
16:25:57.0532 3188  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:25:57.0542 3188  swenum - ok
16:25:57.0566 3188  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:25:57.0608 3188  swprv - ok
16:25:57.0638 3188  [ 0A535B4F638D5BBCF3EE6C997BF33892 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:25:57.0654 3188  SynTP - ok
16:25:57.0692 3188  [ 7BE4CDEA6BC7832BFE3112A350D8B9EA ] SysMain         C:\Windows\system32\sysmain.dll
16:25:57.0739 3188  SysMain - ok
16:25:57.0762 3188  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:25:57.0776 3188  TabletInputService - ok
16:25:57.0796 3188  [ 8B9FD32C71F29DF235A27CE9FF4F19DC ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
16:25:57.0807 3188  taphss6 - ok
16:25:57.0829 3188  [ D583628BEAD52E4E78E5A8FA338D0E02 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:25:57.0846 3188  TapiSrv - ok
16:25:57.0869 3188  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:25:57.0915 3188  TBS - ok
16:25:57.0974 3188  [ D5707FC2300AA5B04B7BFE86D40C0133 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:25:58.0035 3188  Tcpip - ok
16:25:58.0058 3188  [ D5707FC2300AA5B04B7BFE86D40C0133 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:25:58.0097 3188  TCPIP6 - ok
16:25:58.0103 3188  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:25:58.0114 3188  tcpipreg - ok
16:25:58.0119 3188  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:25:58.0129 3188  TDPIPE - ok
16:25:58.0133 3188  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:25:58.0144 3188  TDTCP - ok
16:25:58.0148 3188  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:25:58.0184 3188  tdx - ok
16:25:58.0188 3188  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:25:58.0198 3188  TermDD - ok
16:25:58.0202 3188  [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt        C:\Windows\system32\drivers\terminpt.sys
16:25:58.0212 3188  terminpt - ok
16:25:58.0245 3188  [ BDE1750384AD85C10DC41D05A28ED863 ] TermService     C:\Windows\System32\termsrv.dll
16:25:58.0263 3188  TermService - ok
16:25:58.0268 3188  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:25:58.0286 3188  Themes - ok
16:25:58.0304 3188  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:25:58.0341 3188  THREADORDER - ok
16:25:58.0370 3188  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:25:58.0426 3188  TrkWks - ok
16:25:58.0457 3188  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:25:58.0503 3188  TrustedInstaller - ok
16:25:58.0522 3188  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:25:58.0566 3188  tssecsrv - ok
16:25:58.0570 3188  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:25:58.0580 3188  TsUsbFlt - ok
16:25:58.0584 3188  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:25:58.0594 3188  TsUsbGD - ok
16:25:58.0598 3188  [ 5AF0E7D020F6CA55AC57CD89AE089673 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:25:58.0609 3188  tunnel - ok
16:25:58.0613 3188  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:25:58.0623 3188  uagp35 - ok
16:25:58.0629 3188  [ 7397C449E1C74AC9F41A9004BCAD6CB0 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:25:58.0642 3188  udfs - ok
16:25:58.0665 3188  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:25:58.0677 3188  UI0Detect - ok
16:25:58.0681 3188  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:25:58.0691 3188  uliagpkx - ok
16:25:58.0714 3188  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:25:58.0725 3188  umbus - ok
16:25:58.0729 3188  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:25:58.0740 3188  UmPass - ok
16:25:58.0825 3188  [ F51C224B79D338BDE125FD8035D2418B ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:25:58.0894 3188  UNS - ok
16:25:58.0931 3188  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:25:58.0983 3188  upnphost - ok
16:25:59.0005 3188  [ 420DB638C062BFB1B8D4CDCD476A0782 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:25:59.0017 3188  usbccgp - ok
16:25:59.0021 3188  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:25:59.0036 3188  usbcir - ok
16:25:59.0040 3188  [ 1D6AAF87C20364DDBF74DE0EC95C72FC ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:25:59.0050 3188  usbehci - ok
16:25:59.0057 3188  [ D5DCE1430A3BAE0FACDD45CC433197AF ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:25:59.0071 3188  usbhub - ok
16:25:59.0075 3188  [ 481EAA39275E96A2C87FD1E0619A9476 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:25:59.0085 3188  usbohci - ok
         

Alt 09.01.2013, 20:22   #10
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Code:
ATTFilter
16:25:59.0089 3188  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
16:25:59.0103 3188  usbprint - ok
16:25:59.0107 3188  [ 73B84C8CE467E81A94D4194F8009F2A0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:25:59.0118 3188  USBSTOR - ok
16:25:59.0122 3188  [ 983EEFBF4D05B2E7634ABBA92095CD16 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:25:59.0132 3188  usbuhci - ok
16:25:59.0150 3188  [ AB1D839BBB0560EBD981854B7B6769E4 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:25:59.0162 3188  usbvideo - ok
16:25:59.0190 3188  [ 81D8645AC588E7A6D9755D8FD84E6FDD ] UxSms           C:\Windows\System32\uxsms.dll
16:25:59.0202 3188  UxSms - ok
16:25:59.0209 3188  [ 4319CBF7C54D53F5C592A794127A6276 ] VaultSvc        C:\Windows\system32\lsass.exe
16:25:59.0220 3188  VaultSvc - ok
16:25:59.0230 3188  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:25:59.0239 3188  vdrvroot - ok
16:25:59.0274 3188  [ 44082C4A89ABDAC0C4B08AA8834270B4 ] vds             C:\Windows\System32\vds.exe
16:25:59.0302 3188  vds - ok
16:25:59.0331 3188  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:25:59.0355 3188  vga - ok
16:25:59.0360 3188  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:25:59.0424 3188  VgaSave - ok
16:25:59.0432 3188  [ 2E9907E787CDAFA2AAA7F928853B7142 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:25:59.0454 3188  vhdmp - ok
16:25:59.0460 3188  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:25:59.0476 3188  viaide - ok
16:25:59.0483 3188  [ B7962BD45492837173E0EF274E691C1F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:25:59.0501 3188  volmgr - ok
16:25:59.0511 3188  [ 0904EF550B3D3FEB326638A4BAD9937E ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:25:59.0537 3188  volmgrx - ok
16:25:59.0546 3188  [ A56F2326CE33646CDA95E7A9E7163FFA ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:25:59.0563 3188  volsnap - ok
16:25:59.0569 3188  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:25:59.0583 3188  vsmraid - ok
16:25:59.0632 3188  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:25:59.0692 3188  VSS - ok
16:25:59.0700 3188  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:25:59.0710 3188  vwifibus - ok
16:25:59.0714 3188  [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:25:59.0723 3188  vwififlt - ok
16:25:59.0755 3188  [ C7B83BD98BA3560374569C0C13EA3685 ] W32Time         C:\Windows\system32\w32time.dll
16:25:59.0779 3188  W32Time - ok
16:25:59.0802 3188  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:25:59.0817 3188  WacomPen - ok
16:25:59.0822 3188  [ 226028D956C43CE4D8DDFFA89873E890 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:25:59.0836 3188  WANARP - ok
16:25:59.0840 3188  [ 226028D956C43CE4D8DDFFA89873E890 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:25:59.0855 3188  Wanarpv6 - ok
16:25:59.0889 3188  [ F91B8969183F3461BD3D3438052AEAD0 ] wbengine        C:\Windows\system32\wbengine.exe
16:25:59.0922 3188  wbengine - ok
16:25:59.0928 3188  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:25:59.0946 3188  WbioSrvc - ok
16:25:59.0962 3188  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:25:59.0983 3188  wcncsvc - ok
16:25:59.0991 3188  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:26:00.0003 3188  WcsPlugInService - ok
16:26:00.0026 3188  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
16:26:00.0036 3188  Wd - ok
16:26:00.0048 3188  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:26:00.0071 3188  Wdf01000 - ok
16:26:00.0095 3188  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:26:00.0113 3188  WdiServiceHost - ok
16:26:00.0117 3188  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:26:00.0135 3188  WdiSystemHost - ok
16:26:00.0141 3188  [ D0AA40E108D4D404DFE9F3C4FA323432 ] WebClient       C:\Windows\System32\webclnt.dll
16:26:00.0155 3188  WebClient - ok
16:26:00.0173 3188  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:26:00.0212 3188  Wecsvc - ok
16:26:00.0230 3188  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:26:00.0267 3188  wercplsupport - ok
16:26:00.0272 3188  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:26:00.0310 3188  WerSvc - ok
16:26:00.0333 3188  [ 009604986BAE004733728282BD98BB03 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:26:00.0342 3188  WfpLwf - ok
16:26:00.0346 3188  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:26:00.0355 3188  WIMMount - ok
16:26:00.0373 3188  [ 54D68B92DC59FBBA95919C804A7C3E07 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys
16:26:00.0383 3188  winbondcir - ok
16:26:00.0394 3188  WinDefend - ok
16:26:00.0398 3188  WinHttpAutoProxySvc - ok
16:26:00.0500 3188  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:26:00.0559 3188  Winmgmt - ok
16:26:00.0617 3188  [ 5A91D5A0BBACA4B2FD9171CDD5BDC71B ] WinRM           C:\Windows\system32\WsmSvc.dll
16:26:00.0666 3188  WinRM - ok
16:26:00.0694 3188  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:26:00.0714 3188  Wlansvc - ok
16:26:00.0722 3188  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:26:00.0733 3188  WmiAcpi - ok
16:26:00.0755 3188  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:26:00.0770 3188  wmiApSrv - ok
16:26:00.0791 3188  WMPNetworkSvc - ok
16:26:00.0808 3188  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:26:00.0829 3188  WPCSvc - ok
16:26:00.0836 3188  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:26:00.0861 3188  WPDBusEnum - ok
16:26:00.0879 3188  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:26:00.0938 3188  ws2ifsl - ok
16:26:00.0949 3188  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
16:26:00.0969 3188  wscsvc - ok
16:26:00.0974 3188  WSearch - ok
16:26:01.0043 3188  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:26:01.0103 3188  wuauserv - ok
16:26:01.0125 3188  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:26:01.0136 3188  WudfPf - ok
16:26:01.0141 3188  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:26:01.0153 3188  WUDFRd - ok
16:26:01.0187 3188  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:26:01.0199 3188  wudfsvc - ok
16:26:01.0208 3188  [ 37612EAB55BCCBE5F7825E6A00A190CF ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:26:01.0221 3188  WwanSvc - ok
         
Code:
ATTFilter
16:26:01.0229 3188  ================ Scan global ===============================
16:26:01.0252 3188  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:26:01.0272 3188  [ CC44EBC3E04E76AABE19EB4A16663E4A ] C:\Windows\system32\winsrv.dll
16:26:01.0278 3188  [ CC44EBC3E04E76AABE19EB4A16663E4A ] C:\Windows\system32\winsrv.dll
16:26:01.0296 3188  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:26:01.0320 3188  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:26:01.0325 3188  [Global] - ok
16:26:01.0326 3188  ================ Scan MBR ==================================
16:26:01.0340 3188  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:26:01.0654 3188  \Device\Harddisk0\DR0 - ok
16:26:01.0654 3188  ================ Scan VBR ==================================
16:26:01.0658 3188  [ 012315393678359ED9CB100DB88B66FC ] \Device\Harddisk0\DR0\Partition1
16:26:01.0659 3188  \Device\Harddisk0\DR0\Partition1 - ok
16:26:01.0686 3188  [ 6813EB3B0C705CF1560E865C55BA4E13 ] \Device\Harddisk0\DR0\Partition2
16:26:01.0688 3188  \Device\Harddisk0\DR0\Partition2 - ok
16:26:01.0704 3188  [ 85FD7C09CC8C05B03C42C0BD676B3C50 ] \Device\Harddisk0\DR0\Partition3
16:26:01.0706 3188  \Device\Harddisk0\DR0\Partition3 - ok
16:26:01.0707 3188  ============================================================
16:26:01.0707 3188  Scan finished
16:26:01.0707 3188  ============================================================
16:26:01.0764 4436  Detected object count: 1
16:26:01.0764 4436  Actual detected object count: 1
16:26:06.0203 4436  IGBASVC ( UnsignedFile.Multi.Generic ) - skipped by user
16:26:06.0203 4436  IGBASVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 10.01.2013, 00:03   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.01.2013, 00:07   #12
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 10/01/2013 um 00:06:33 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : User - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\END
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\ConduitEngine
Ordner Gefunden : C:\Program Files (x86)\Protected Search

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\ProtectedSearch
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://newtab.certified-toolbar.com/nie?si=41460&tid=3231&new=true
[HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231
[HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231

-\\ Mozilla Firefox v17.0.1 (de)

*************************

AdwCleaner[R1].txt - [3230 octets] - [10/01/2013 00:06:33]

########## EOF - C:\AdwCleaner[R1].txt - [3290 octets] ##########
         

Alt 10.01.2013, 00:32   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.01.2013, 00:42   #14
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



nach adw cleaner
Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 10/01/2013 um 00:37:26 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : User - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\Protected Search

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\ProtectedSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://newtab.certified-toolbar.com/nie?si=41460&tid=3231&new=true --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q= --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

*************************

AdwCleaner[R1].txt - [3355 octets] - [10/01/2013 00:06:33]
AdwCleaner[R2].txt - [3415 octets] - [10/01/2013 00:36:18]
AdwCleaner[S1].txt - [3748 octets] - [10/01/2013 00:37:26]

########## EOF - C:\AdwCleaner[S1].txt - [3808 octets] ##########
         
OTl1:
Code:
ATTFilter
OTL logfile created on: 10.01.2013 00:44:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 51,01% Memory free
7,73 Gb Paging File | 5,49 Gb Available in Paging File | 71,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,00 Gb Total Space | 54,79 Gb Free Space | 36,53% Space Free | Partition Type: NTFS
Drive D: | 315,66 Gb Total Space | 205,96 Gb Free Space | 65,25% Space Free | Partition Type: NTFS
Drive E: | 761,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Users\User\AppData\Roaming\ICQM\icq.exe (ICQ)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Users\User\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvcInt#\cc90d2922448df5a44d86fcba5c431f3\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ca2a873cb11b8005d93135e86ef5bec1\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5556bb8f1dd215171e885985b07052ba\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\908a253a8f1907305d2a074a87add0a3\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\708244452fad4570fbbfbf99d213fd94\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\316ee2f96aa8c6e9ebb1c8cd7369570d\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\5c47b39cccb1fb2e9b8994eb21d473a5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1a0e0ec927415fa4644d68caf0b0c3d1\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\0bc1ffde6f872639ec886763d6861777\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b43cc8180cd775ba30e80bcad1158a25\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\d7abfaa021c0125c341d61577fdf6533\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ba0ba74f426c631c8cdc1050367b0b6a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dae7b30f86c8be561b6183427d05918\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c6e476e8f84fa290a483e07e6c673a49\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c4dd7991c69dafde1b5ef08b9559b39b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\fe8826f7e1bfc2fa1cc1568ffbbfb4b8\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (IGBASVC) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (EgisTec)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=3231&q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 5E B2 F1 A6 EA CD 01  [binary data]
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=3231&q={searchTerms}
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-1926261916-575310351-292605388-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "hxxp://sf-hq-forum.de/index.php|https://service.gmx.net/de/cgi/g.fcgi/application/navigator?CUSTOMERNO=22789777&t=de1866861646.1357772696.f6d969fb|hxxp://w2.de.mymagictales.com/xhodon/chat.php|hxxp://play.cultures-online.de/co/bin/index.php|hxxp://fliplife.com/skills/user|hxxp://forum.starfleetonline.de/login.php?redirect=search.php&search_id=newposts&sid=3d0bda6180c387c67d8b070a31e621ff|http://www.trojaner-board.de/129161-...odes/bttf.htm"
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.04 19:15:18 | 000,000,000 | ---D | M]
 
[2013.01.04 19:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.01.06 12:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\p3n96zvx.default\extensions
[2013.01.05 17:20:20 | 000,000,000 | ---D | M] (Hotspot Shield) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\p3n96zvx.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2013.01.06 12:11:27 | 000,010,656 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\p3n96zvx.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.01.04 20:12:15 | 000,003,269 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\p3n96zvx.default\searchplugins\Web Search.xml
[2013.01.05 17:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.04 19:17:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.04 20:12:15 | 000,003,269 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.08 21:13:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-1926261916-575310351-292605388-1000..\Run: [Driver Whiz] C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe (PC Drivers Headquarters)
O4 - HKU\S-1-5-21-1926261916-575310351-292605388-1000..\Run: [icq] C:\Users\User\AppData\Roaming\ICQM\icq.exe (ICQ)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1926261916-575310351-292605388-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{664E0F60-BB30-420D-B617-BDCFB763E28C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.22 16:17:27 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.09 21:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.01.09 19:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.09 19:03:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.01.09 16:40:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.01.09 16:23:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.01.09 16:08:11 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013.01.08 21:35:17 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbar-1.01.0.1011
[2013.01.08 21:35:17 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbar
[2013.01.08 21:13:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.08 21:04:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.08 21:04:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.08 21:04:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.08 21:01:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.08 21:01:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.08 20:01:49 | 005,019,950 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.01.07 22:01:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.01.07 22:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.07 22:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.07 22:01:28 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.07 22:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.07 22:01:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013.01.07 22:00:56 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.05 17:20:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Conduit
[2013.01.04 23:59:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe
[2013.01.04 23:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013.01.04 23:46:43 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.01.04 23:45:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\dll-files.com
[2013.01.04 23:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
[2013.01.04 23:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dll-Files.com Fixer
[2013.01.04 23:34:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\videos
[2013.01.04 23:34:02 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\sf
[2013.01.04 23:10:47 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Schule
[2013.01.04 23:10:47 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Neuer Ordner
[2013.01.04 22:58:25 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Musik
[2013.01.04 22:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eSobi
[2013.01.04 22:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013.01.04 22:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EgisTec IPS
[2013.01.04 22:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EgisTec Egis Software Update
[2013.01.04 22:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EgisTec
[2013.01.04 22:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.01.04 22:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013.01.04 22:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BS_Player
[2013.01.04 22:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.01.04 22:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2013.01.04 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.01.04 22:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.04 22:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Inc
[2013.01.04 21:55:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Macromedia
[2013.01.04 21:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer GameZone
[2013.01.04 21:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013.01.04 21:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.01.04 21:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013.01.04 21:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.04 21:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Arcade Deluxe
[2013.01.04 21:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer
[2013.01.04 21:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.04 21:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013.01.04 21:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.04 21:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.04 21:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.01.04 21:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.01.04 21:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.01.04 21:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Doom Shareware for Windows 95
[2013.01.04 21:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.01.04 21:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.01.04 21:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013.01.04 21:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.01.04 21:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store
[2013.01.04 21:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2013.01.04 21:16:28 | 012,441,960 | ---- | C] (ICQ) -- C:\Program Files\install_icq7.exe
[2013.01.04 21:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.04 21:15:28 | 000,309,768 | ---- | C] (Dritek System Inc.) -- C:\Windows\GVUni.exe
[2013.01.04 21:15:26 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\d3dx9_42.dll
[2013.01.04 21:15:24 | 001,664,248 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE
[2013.01.04 21:15:10 | 000,000,000 | ---D | C] -- C:\Windows\dsi
[2013.01.04 21:14:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013.01.04 21:14:52 | 000,307,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2013.01.04 21:14:52 | 000,000,000 | ---D | C] -- C:\Windows\DeployWinRE2
[2013.01.04 21:14:46 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Bilder
[2013.01.04 21:14:21 | 000,348,680 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
[2013.01.04 21:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2013.01.04 21:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fotokasten comfort
[2013.01.04 21:07:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FileZilla
[2013.01.04 21:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.01.04 21:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.01.04 21:04:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apps
[2013.01.04 20:54:52 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.01.04 20:40:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Macromedia
[2013.01.04 20:40:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Adobe
[2013.01.04 20:39:11 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.04 20:39:11 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.04 20:39:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.01.04 20:39:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.01.04 20:23:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\WinRAR
[2013.01.04 20:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013.01.04 20:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.01.04 20:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013.01.04 20:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.01.04 20:17:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.01.04 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.01.04 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2013.01.04 20:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.01.04 20:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.01.04 20:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.01.04 20:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.01.04 20:13:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Help
[2013.01.04 20:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.01.04 20:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.01.04 20:13:33 | 000,000,000 | R--D | C] -- C:\MSOCache
[2013.01.04 20:12:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\DownTango
[2013.01.04 20:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2013.01.04 20:03:16 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Soundpaket
[2013.01.04 19:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2013.01.04 19:55:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\mIRC
[2013.01.04 19:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2013.01.04 19:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2013.01.04 19:51:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PC_Drivers_Headquarters
[2013.01.04 19:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2013.01.04 19:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Whiz
[2013.01.04 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Whiz
[2013.01.04 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
[2013.01.04 19:19:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQM
[2013.01.04 19:19:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQ-Profile
[2013.01.04 19:17:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype
[2013.01.04 19:17:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.04 19:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.04 19:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.04 19:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.04 19:15:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[2013.01.04 19:15:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla
[2013.01.04 19:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.01.04 19:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.01.04 19:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.04 10:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013.01.04 10:30:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Intel Corporation
[2013.01.04 10:27:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ATI
[2013.01.04 10:27:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ATI
[2013.01.04 10:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.01.04 10:23:04 | 000,123,392 | ---- | C] (Egis Technology Inc.) -- C:\Windows\SysNative\VCryptAPI.dll
[2013.01.04 10:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
[2013.01.04 10:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Bio Protection
[2013.01.04 10:22:27 | 000,469,552 | ---- | C] (EgisTec) -- C:\Windows\SysWow64\NBMatS1SDK.dll
[2013.01.04 10:22:24 | 000,036,400 | ---- | C] (EgisTec) -- C:\Windows\SysNative\drivers\FPSensor.sys
[2013.01.04 10:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.01.04 10:14:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013.01.04 10:14:01 | 000,652,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorA.sys
[2013.01.04 10:14:01 | 000,028,216 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorF.sys
[2013.01.04 10:13:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield
[2013.01.04 10:12:59 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.01.04 10:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.01.04 10:12:36 | 000,000,000 | ---D | C] -- C:\Intel
[2013.01.04 10:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
[2013.01.04 10:11:19 | 002,811,904 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013.01.04 10:11:19 | 002,811,904 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2013.01.04 10:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros
[2013.01.04 10:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.01.04 10:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.01.04 10:05:10 | 017,625,088 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2013.01.04 10:05:10 | 013,487,616 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2013.01.04 10:05:10 | 006,179,328 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2013.01.04 10:05:10 | 004,739,584 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2013.01.04 10:05:10 | 004,684,288 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2013.01.04 10:05:10 | 003,661,824 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2013.01.04 10:05:10 | 003,629,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2013.01.04 10:05:10 | 003,618,304 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2013.01.04 10:05:10 | 003,055,616 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2013.01.04 10:05:10 | 002,902,016 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2013.01.04 10:05:10 | 002,604,032 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2013.01.04 10:05:10 | 000,448,000 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013.01.04 10:05:10 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2013.01.04 10:05:10 | 000,421,376 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2013.01.04 10:05:10 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2013.01.04 10:05:10 | 000,312,320 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2013.01.04 10:05:10 | 000,225,280 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2013.01.04 10:05:10 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013.01.04 10:05:10 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013.01.04 10:05:10 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe
[2013.01.04 10:05:10 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2013.01.04 10:05:10 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2013.01.04 10:05:10 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2013.01.04 10:05:10 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2013.01.04 10:05:10 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2013.01.04 10:05:10 | 000,043,008 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2013.01.04 10:05:10 | 000,039,936 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2013.01.04 10:05:10 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013.01.04 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.01.04 10:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.01.04 10:03:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.01.04 10:02:58 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.01.04 10:02:58 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2013.01.04 10:02:58 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2013.01.04 10:02:58 | 000,772,224 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2013.01.04 10:02:58 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.01.04 10:02:58 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.01.04 10:02:58 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.01.04 10:02:58 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.01.04 10:02:58 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.01.04 10:02:58 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2013.01.04 10:02:58 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.01.04 10:02:58 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.01.04 10:02:58 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.01.04 10:02:58 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2013.01.04 10:02:57 | 010,612,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013.01.04 10:02:57 | 009,546,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2013.01.04 10:02:57 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.01.04 10:02:57 | 003,673,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.01.04 10:02:57 | 002,743,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.01.04 10:02:57 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.01.04 10:02:57 | 001,561,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.01.04 10:02:57 | 001,460,600 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.01.04 10:02:57 | 001,269,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.01.04 10:02:57 | 000,881,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.01.04 10:02:57 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.01.04 10:02:57 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.01.04 10:02:57 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.01.04 10:02:57 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.01.04 10:02:57 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.01.04 10:02:57 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.01.04 10:02:57 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.01.04 10:02:57 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.01.04 10:02:57 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.01.04 10:02:57 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.01.04 10:02:57 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.01.04 10:02:57 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.01.04 10:02:57 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.01.04 10:02:57 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.01.04 10:02:57 | 000,118,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013.01.04 10:02:57 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.01.04 10:02:57 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.01.04 10:02:57 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.01.04 10:02:57 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013.01.04 10:02:56 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.01.04 10:02:56 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.01.04 10:02:56 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.01.04 10:02:56 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.01.04 10:02:56 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.01.04 10:02:56 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.01.04 10:02:56 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.01.04 10:02:56 | 000,501,192 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.01.04 10:02:56 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.01.04 10:02:56 | 000,487,368 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.01.04 10:02:56 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.01.04 10:02:56 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.01.04 10:02:56 | 000,415,688 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.01.04 10:02:56 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.01.04 10:02:56 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.01.04 10:02:56 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.01.04 10:02:56 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.01.04 10:02:56 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.01.04 10:02:56 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.01.04 10:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.01.04 10:02:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.01.04 10:02:51 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013.01.04 10:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.01.04 10:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.01.04 10:01:34 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll
[2013.01.04 10:01:34 | 003,746,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkHDM64.dll
[2013.01.04 10:01:34 | 002,526,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHDMEx64.dll
[2013.01.04 10:01:34 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll
[2013.01.04 10:01:34 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2013.01.04 10:01:34 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2013.01.04 10:01:34 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2013.01.04 10:01:34 | 000,237,968 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys
[2013.01.04 10:01:34 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2013.01.04 10:01:34 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll
[2013.01.04 10:01:34 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll
[2013.01.04 10:01:34 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2013.01.04 10:01:34 | 000,092,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHCoInst64.dll
[2013.01.04 10:01:34 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2013.01.04 10:01:34 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll
[2013.01.04 10:01:31 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.01.04 10:00:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuvoton Technology Corporation
[2013.01.04 10:00:24 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.01.04 09:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.01.04 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
[2013.01.04 09:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2013.01.04 09:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2013.01.04 09:35:19 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.01.04 09:35:19 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.01.04 09:35:19 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.01.04 09:35:07 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.01.04 09:35:07 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.04 09:35:07 | 000,000,000 | R--D | C] -- C:\Users\User\Searches
[2013.01.04 09:35:07 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.04 09:35:06 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.01.04 09:35:06 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.01.04 09:34:53 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.01.04 09:34:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.01.04 09:34:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Identities
[2013.01.04 09:34:41 | 000,000,000 | R--D | C] -- C:\Users\User\Contacts
[2013.01.04 09:34:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\VirtualStore
[2013.01.04 09:34:27 | 000,000,000 | --SD | C] -- C:\Users\User\AppData\Roaming\Microsoft
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Videos
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Saved Games
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Pictures
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Music
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Links
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Favorites
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Downloads
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\Documents
[2013.01.04 09:34:27 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Vorlagen
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Verlauf
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Temporary Internet Files
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Startmenü
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\SendTo
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Recent
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Netzwerkumgebung
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Lokale Einstellungen
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\Eigene Videos
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\Eigene Musik
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Eigene Dateien
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\Eigene Bilder
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Druckumgebung
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Cookies
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Anwendungsdaten
[2013.01.04 09:34:27 | 000,000,000 | -HSD | C] -- C:\Users\User\Anwendungsdaten
[2013.01.04 09:34:27 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData
[2013.01.04 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Temp
[2013.01.04 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft
[2013.01.04 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Media Center Programs
[2013.01.04 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.04 09:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.01.04 09:34:14 | 000,000,000 | ---D | C] -- C:\Recovery
[2013.01.03 20:06:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.01.03 20:03:04 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.01.03 20:03:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.01.03 20:02:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.12.25 05:05:31 | 000,435,512 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\k57nd60a.sys
[2012.12.13 17:38:03 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 17:38:03 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.13 17:37:36 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.12.13 17:37:36 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.12.13 17:37:36 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.12.13 17:37:36 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscmmc.dll
[2012.12.13 17:37:36 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscmmc.dll
[2012.12.13 17:37:36 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.12.13 17:37:17 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 17:37:17 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 17:37:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 17:37:17 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 17:37:17 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 17:37:17 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 17:37:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 17:37:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 17:37:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 17:37:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 17:37:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 17:37:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 17:37:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 17:37:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 17:37:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 17:37:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 17:37:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 17:37:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.13 17:36:54 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.13 17:36:54 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.13 17:36:54 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012.12.13 17:36:54 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012.12.13 17:36:54 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.13 17:36:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.13 17:36:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 17:36:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 17:36:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 17:36:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 17:36:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 17:36:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 17:36:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 17:36:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 17:36:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 17:36:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 17:36:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 17:36:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 17:36:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 17:36:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 17:36:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.10 00:45:29 | 001,475,250 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.10 00:45:29 | 000,644,904 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.10 00:45:29 | 000,608,228 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.10 00:45:29 | 000,126,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.10 00:45:29 | 000,104,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.10 00:38:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.10 00:38:53 | 3111,546,880 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 00:38:06 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 00:38:06 | 000,016,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 23:47:42 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013.01.09 21:28:43 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.09 21:28:43 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.09 16:40:27 | 462,941,528 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.09 16:23:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013.01.09 16:21:13 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2013.01.09 16:09:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\User\Desktop\aswMBR.exe
[2013.01.08 21:34:30 | 013,485,902 | R--- | M] () -- C:\Users\User\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 21:13:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.08 20:02:13 | 005,019,950 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2013.01.07 22:08:35 | 000,000,074 | ---- | M] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013.01.07 22:01:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.07 22:01:05 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.06 18:58:11 | 178,040,490 | ---- | M] () -- C:\Users\User\Desktop\6x12 - The Egg Salad Equivalency.avi
[2013.01.06 02:02:34 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013.01.05 12:46:40 | 000,417,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.04 23:46:46 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.01.04 22:19:11 | 000,000,355 | ---- | M] () -- C:\Users\User\Desktop\Computer - Verknüpfung.lnk
[2013.01.04 21:55:00 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.04 21:54:59 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.04 20:17:50 | 000,003,047 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Excel 2010.lnk
[2013.01.04 20:17:50 | 000,003,029 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk
[2013.01.04 19:55:33 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2013.01.04 19:20:02 | 000,001,798 | ---- | M] () -- C:\Users\User\Desktop\ICQ.lnk
[2013.01.04 19:17:29 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.04 19:15:21 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.04 10:30:56 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.04 10:25:34 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.01.04 10:22:27 | 000,469,552 | ---- | M] (EgisTec) -- C:\Windows\SysWow64\NBMatS1SDK.dll
[2013.01.04 10:22:24 | 000,036,400 | ---- | M] (EgisTec) -- C:\Windows\SysNative\drivers\FPSensor.sys
[2013.01.04 10:00:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_nuvotoncir_01009.Wdf
[2013.01.04 10:00:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.01.03 20:10:00 | 000,207,887 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.01.03 20:10:00 | 000,207,887 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.01.03 20:07:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.13 17:39:17 | 000,066,048 | ---- | M] (Legolash2o) -- C:\Windows\SysNative\WinToolkitRunOnce.exe
[2012.12.13 17:38:03 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.13 17:38:03 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.13 17:37:36 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.12.13 17:37:36 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.12.13 17:37:36 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.12.13 17:37:36 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dnscmmc.dll
[2012.12.13 17:37:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscmmc.dll
[2012.12.13 17:37:36 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.12.13 17:37:17 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.13 17:37:17 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.13 17:37:17 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.13 17:37:17 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.13 17:37:17 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.13 17:37:17 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.13 17:37:17 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.13 17:37:17 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.13 17:37:17 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.13 17:37:17 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.13 17:37:17 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.13 17:37:17 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 17:37:17 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 17:37:17 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 17:37:17 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 17:37:17 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.13 17:37:17 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 17:37:17 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 17:37:17 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 17:37:17 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.13 17:36:54 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.13 17:36:54 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.13 17:36:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012.12.13 17:36:54 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012.12.13 17:36:54 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.13 17:36:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.13 17:36:22 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 17:36:22 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 17:36:22 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 17:36:22 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 17:36:22 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 17:36:22 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 17:36:22 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.13 17:36:22 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 17:36:22 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 17:36:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 17:36:22 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 17:36:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 17:36:22 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 17:36:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 17:36:22 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
 
========== Files Created - No Company Name ==========
 
[2013.01.09 16:40:27 | 462,941,528 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.09 16:21:13 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2013.01.08 21:34:13 | 013,485,902 | R--- | C] () -- C:\Users\User\Desktop\mbar-1.01.0.1011.zip
[2013.01.08 21:04:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.08 21:04:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.08 21:04:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.08 21:04:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.08 21:04:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.07 22:08:35 | 000,000,074 | ---- | C] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013.01.07 22:01:29 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.06 18:33:51 | 178,040,490 | ---- | C] () -- C:\Users\User\Desktop\6x12 - The Egg Salad Equivalency.avi
[2013.01.04 23:46:24 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013.01.04 23:46:14 | 000,000,274 | ---- | C] () -- C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013.01.04 23:36:06 | 000,579,878 | ---- | C] () -- C:\Users\User\Desktop\DSC01332.JPG
[2013.01.04 22:19:11 | 000,000,355 | ---- | C] () -- C:\Users\User\Desktop\Computer - Verknüpfung.lnk
[2013.01.04 21:28:32 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.04 21:28:31 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.04 21:16:32 | 019,223,879 | ---- | C] () -- C:\Program Files\Sims3_1.2.7.00002_from_1.0.631.00002.zip
[2013.01.04 21:16:30 | 001,729,115 | ---- | C] () -- C:\Program Files\mirc635.zip
[2013.01.04 21:15:37 | 000,206,072 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2013.01.04 21:15:37 | 000,000,741 | ---- | C] () -- C:\Windows\NewDeployWinRE.cmd
[2013.01.04 21:15:37 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2013.01.04 21:15:37 | 000,000,070 | ---- | C] () -- C:\Windows\patch.loag
[2013.01.04 21:15:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013.01.04 21:15:31 | 000,002,080 | ---- | C] () -- C:\Windows\MOD01SET78000G000X.enc
[2013.01.04 21:15:31 | 000,002,048 | ---- | C] () -- C:\Windows\MOD01SET75000N0006.enc
[2013.01.04 21:15:30 | 000,002,476 | ---- | C] () -- C:\Windows\MOD01SET74DE0N0003.enc
[2013.01.04 21:15:30 | 000,002,112 | ---- | C] () -- C:\Windows\MOD01SET0J000N000M.enc
[2013.01.04 21:15:30 | 000,002,008 | ---- | C] () -- C:\Windows\MOD01SET5K000G0002.enc
[2013.01.04 21:15:30 | 000,001,976 | ---- | C] () -- C:\Windows\MOD01SET00000000H7.enc
[2013.01.04 21:15:29 | 000,002,572 | ---- | C] () -- C:\Windows\MOD01OPK04000N0001.enc
[2013.01.04 21:15:29 | 000,000,184 | ---- | C] () -- C:\Windows\LManager.UNI
[2013.01.04 21:15:28 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2013.01.04 21:15:28 | 000,000,098 | ---- | C] () -- C:\Windows\GridV.UNI
[2013.01.04 21:15:28 | 000,000,037 | ---- | C] () -- C:\Windows\EB6BE8A5-11AE-4e2b-8B6E-974168C301C8.DSI
[2013.01.04 21:15:26 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2013.01.04 21:15:26 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013.01.04 21:15:26 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2013.01.04 21:15:26 | 000,000,000 | ---- | C] () -- C:\Windows\Acer.tag
[2013.01.04 21:15:24 | 000,000,033 | ---- | C] () -- C:\Windows\0
[2013.01.04 21:14:45 | 000,038,028 | ---- | C] () -- C:\Users\User\Desktop\Haushalt 2009.ods
[2013.01.04 21:14:22 | 239,728,683 | ---- | C] () -- C:\Windows\VGA_ATI_8.670.5.1000_W7x86W7x64_A.zip
[2013.01.04 21:14:22 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2013.01.04 21:14:21 | 000,009,168 | ---- | C] () -- C:\Windows\Suyin.reg
[2013.01.04 20:17:50 | 000,003,047 | ---- | C] () -- C:\Users\User\Desktop\Microsoft Excel 2010.lnk
[2013.01.04 20:17:50 | 000,003,029 | ---- | C] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk
[2013.01.04 20:12:17 | 000,011,264 | ---- | C] () -- C:\Windows\Launcher.exe
[2013.01.04 19:55:33 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2013.01.04 19:20:02 | 000,001,798 | ---- | C] () -- C:\Users\User\Desktop\ICQ.lnk
[2013.01.04 19:17:29 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.04 19:15:21 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.04 19:15:21 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.04 10:30:56 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.04 10:25:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.01.04 10:23:04 | 000,952,683 | ---- | C] () -- C:\Windows\SysNative\VMC3KAPI.dll
[2013.01.04 10:11:19 | 000,481,350 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2013.01.04 10:11:19 | 000,073,919 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2013.01.04 10:05:10 | 000,402,016 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2013.01.04 10:05:10 | 000,402,016 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2013.01.04 10:05:10 | 000,332,288 | ---- | C] () -- C:\Windows\SysNative\ATIODE.exe
[2013.01.04 10:05:10 | 000,196,565 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2013.01.04 10:05:10 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\ATIODCLI.exe
[2013.01.04 10:05:10 | 000,019,017 | ---- | C] () -- C:\Windows\atiogl.xml
[2013.01.04 10:02:57 | 000,381,365 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.01.04 10:00:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_nuvotoncir_01009.Wdf
[2013.01.04 10:00:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.01.04 09:35:22 | 000,001,439 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.04 09:35:21 | 000,001,405 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.01.03 20:08:53 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.01.03 20:08:51 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.01.03 20:07:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.03 20:03:02 | 3111,546,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.23 19:31:40 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.11.23 20:23:20 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.23 20:23:20 | 012,874,752 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Alt 10.01.2013, 00:54   #15
kiranoris
 
Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Standard

Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus



otl2:
Code:
ATTFilter
OTL Extras logfile created on: 10.01.2013 00:44:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 51,01% Memory free
7,73 Gb Paging File | 5,49 Gb Available in Paging File | 71,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,00 Gb Total Space | 54,79 Gb Free Space | 36,53% Space Free | Partition Type: NTFS
Drive D: | 315,66 Gb Total Space | 205,96 Gb Free Space | 65,25% Space Free | Partition Type: NTFS
Drive E: | 761,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{856A94B9-0C24-4034-92F1-3A3D9998A807}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{75F8A468-106F-4148-A4AA-AF1F42E7C590}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{78FA8668-2499-4B24-9C25-82CD6EB4C6B0}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{91B130EA-86BD-492E-938E-A1BDD792C748}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{A4EA0AC4-47E7-48A3-B4A2-8EB5A712C356}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 UVC HD WebCam" = USB 2.0 UVC HD WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B540DA4-41AE-4B79-BEAB-0F07E09669AB}" = Driver Whiz
"{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New
"{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation
"{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista
"{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing
"{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese
"{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian
"{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese
"{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German
"{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish
"{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard
"{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish
"{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All
"{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian
"{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian
"{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light
"{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish
"{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek
"{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian
"{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy
"{FBC79D04-051E-4367-8051-1DB0C893FBE0}" = Nuvoton CIR Device Drivers
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Dll-Files Fixer_is1" = Dll-Files Fixer
"FileZilla Client" = FileZilla Client 3.6.0.2
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"mIRC" = mIRC
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Protected Search_is1" = Protected Search 1.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1926261916-575310351-292605388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.01.2013 16:12:56 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.01.2013 16:20:57 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.01.2013 16:37:51 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm icq.exe, Version 8.0.5981.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 8f8    Startzeit: 
01cdeddd985ca771    Endzeit: 10    Anwendungspfad: C:\Users\User\AppData\Roaming\ICQM\icq.exe

Berichts-ID:
   
 
Error - 08.01.2013 19:08:41 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2013 11:00:12 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2013 11:16:15 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.0.60.126, Zeitstempel:
 0x509cf347  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000204  ID des fehlerhaften Prozesses:
 0xc34  Startzeit der fehlerhaften Anwendung: 0x01cdee7a0c6a08bd  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 823575c4-5a6f-11e2-b2cf-506313da0578
 
Error - 09.01.2013 11:17:38 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, 
Zeitstempel: 0x509be8bf  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.22044,
 Zeitstempel: 0x4ff4b27e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0x1290  Startzeit der fehlerhaften Anwendung: 0x01cdee7bb1846d25  Pfad der
 fehlerhaften Anwendung: C:\Users\User\Desktop\aswMBR.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: b37c9f5b-5a6f-11e2-b2cf-506313da0578
 
Error - 09.01.2013 11:19:01 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.0.60.126, Zeitstempel:
 0x509cf347  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000204  ID des fehlerhaften Prozesses:
 0x11bc  Startzeit der fehlerhaften Anwendung: 0x01cdee7ca55ccdbf  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: e4ca0a9a-5a6f-11e2-b2cf-506313da0578
 
Error - 09.01.2013 11:19:10 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.0.60.126, Zeitstempel:
 0x509cf347  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000204  ID des fehlerhaften Prozesses:
 0x394  Startzeit der fehlerhaften Anwendung: 0x01cdee7ca9df8098  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: ea63fde9-5a6f-11e2-b2cf-506313da0578
 
Error - 09.01.2013 11:41:05 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.01.2013 19:40:47 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 08.01.2013 16:03:26 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 08.01.2013 16:04:16 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 08.01.2013 16:04:42 | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 08.01.2013 16:04:42 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 08.01.2013 16:09:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 08.01.2013 16:10:39 | Computer Name = User-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.01.2013 16:11:06 | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 08.01.2013 16:11:13 | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 09.01.2013 11:40:32 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?01.?2013 um 16:38:39 unerwartet heruntergefahren.
 
Error - 09.01.2013 11:40:40 | Computer Name = User-PC | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >
         

Antwort

Themen zu Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
00000008.@, administrator, anti-malware, autostart, avira, dateien, ergebnis, explorer, festplatte, folge, gelöscht, home, laptop, log, malwarebytes, microsoft, neue, neue festplatte, scan, services.exe, software, system, system32, tr/atraps.gen, treiber, trojaner, virus



Ähnliche Themen: Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus


  1. Antivir findet immer wieder TR/atraps.gen, TR/atraps.gen2 , HTML/expKit.Gen3
    Log-Analyse und Auswertung - 17.11.2013 (12)
  2. WIEDERKEHRENDE TROJANER NAMENS TR/Necurs.A.49; TR/ATRAPS.Gen; TR/ATRAPS.Gen2, TR/Rootkit.Gen; TR/Crypt.ZPACK.Gen.+ DANKE! +
    Log-Analyse und Auswertung - 02.12.2012 (49)
  3. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  4. W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (2)
  5. TR/ATRAPS.GEN2; TR/ATRAPS.GEN und diverse andere Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (1)
  6. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  7. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 28.07.2012 (25)
  8. Trojaner Meldung Von FreeAntiVir TR/ATraps/Gen2 / TR/ATraps/Gen
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  9. Trojaner TR/ATRAPS.gen und TR/ATRAPS.Gen2 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (30)
  10. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  11. Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (1)
  12. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  13. Trojaner tr/atraps.gen & tr atraps.gen2 von AntiVir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (5)
  14. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  15. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  16. TR/Small.FI, TR/ATRAPS.Gen, TR/ATRAPS.GEN2 und W32/Patched.UA in "C:\Windows\System32\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (15)
  17. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)

Zum Thema Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus - Hallo, bitte helft mir! Ich habe nach dem mein Laptop eine neue Festplatte bekommen hat, alte Sachen von einer alten FB kopiert und z.T. neue Treiber herunter laden wollen. Heute - Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus...
Archiv
Du betrachtest: Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.