Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Malware im Quelltext

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.03.2013, 15:19   #1
RittBorusse
 
Malware im Quelltext - Standard

Malware im Quelltext



Hallo Jungs und Mädels, ich bin Neuling bei euch im Board, da ich sonst meine Probleme selbst hinbekommen habe.
Hoffe, dass die Sache hier im richtigen Sub ist, wenn nicht, bitte verschieben.

Folgendes Problem:

Ich betreibe eine Seite für eine Ferienwohnung, die nun seit mehr als zwei Jahren einwandfrei funktionierte. Dann Anfang Februar meldete mein Browser diese Seite als "Als attackierend gemeldete Webseite!".
Ratschläge von google abgearbeitet, am Ende Server platt gemacht, alles neu hochgeladen, Überprüfung von google beantragt --> alles wieder schön.
Offline Quelltexte gecheckt (gelesen und mit div. Programmen), nichts gefunden.
Nun nach einer Woche wieder "Als attackierend gemeldete Webseite!".
Quelltext der index.html online gelesen ("Seitenquelltext anzeigen") und folgende Zeilen gefunden:

'Anhang'

avast meldet bei öffnen der Website 'TTF:CVE-2011-3402 [Expl]' als Infektion.

Hat jemand eine Idee, wie ich die Seite wieder dauerhaft zum laufen bekomme?!

Vielen Dank für eventuelle Infos und Grüße aus dem verschneiten Erzgebirge.
Miniaturansicht angehängter Grafiken
Malware im Quelltext-script.jpg  

Geändert von RittBorusse (01.03.2013 um 15:29 Uhr)

Alt 01.03.2013, 15:33   #2
markusg
/// Malware-holic
 
Malware im Quelltext - Standard

Malware im Quelltext



hi
welches cms nutzt du (wordpress) zb?
__________________

__________________

Alt 01.03.2013, 15:37   #3
RittBorusse
 
Malware im Quelltext - Standard

Malware im Quelltext



Website komplett in html selbst programmiert. (bzw. ein Layout gekauft und angepasst). Nur *.html-Seiten, eine *.css. Keine *.php, ...
__________________

Alt 01.03.2013, 15:42   #4
markusg
/// Malware-holic
 
Malware im Quelltext - Standard

Malware im Quelltext



hattest du die passwörter geendert nach dem Befall?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.03.2013, 15:45   #5
RittBorusse
 
Malware im Quelltext - Standard

Malware im Quelltext



War quasi nur das ftp-Passwort, und ja, hab ich gemacht.


Alt 01.03.2013, 15:47   #6
markusg
/// Malware-holic
 
Malware im Quelltext - Standard

Malware im Quelltext



ok schaun wir uns deinen pc an.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
--> Malware im Quelltext

Alt 01.03.2013, 16:10   #7
RittBorusse
 
Malware im Quelltext - Standard

Malware im Quelltext



OTL.txt:

Code:
ATTFilter
OTL logfile created on: 01.03.2013 16:52:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RittBorusse\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,02% Memory free
5,98 Gb Paging File | 4,85 Gb Available in Paging File | 81,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274,45 Gb Total Space | 222,80 Gb Free Space | 81,18% Space Free | Partition Type: NTFS
Drive D: | 71,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 465,76 Gb Total Space | 259,19 Gb Free Space | 55,65% Space Free | Partition Type: NTFS
 
Computer Name: Z600-WORKSTATIO | User Name: RittBorusse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.01 16:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RittBorusse\Desktop\OTL.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST\AvastSvc.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.07.22 00:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brss01a.exe
PRC - [2004.06.14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brsvc01a.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.27 16:34:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004.06.14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.15 18:42:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013.02.15 18:41:58 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 CC D4 A6 9D 0B CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST\WebRep\FF [2013.02.20 18:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 16:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 16:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.20 17:18:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 16:34:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 16:34:01 | 000,000,000 | ---D | M]
 
[2013.02.15 17:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RittBorusse\AppData\Roaming\mozilla\Extensions
[2013.02.20 18:46:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E91950-006E-4A36-B9C6-E1CBCBD53A6F}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBAC76CE-B851-4EA9-8273-6536F63A789A}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.08 22:51:06 | 000,000,000 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.01 16:51:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RittBorusse\Desktop\OTL.exe
[2013.03.01 16:49:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RittBorusse\Desktop\OTL.exe.part
[2013.02.28 15:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013.02.28 15:36:43 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2013.02.28 15:36:43 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2013.02.28 15:36:43 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2013.02.28 15:36:43 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2013.02.28 15:36:40 | 000,188,928 | ---- | C] (Brother Industries,ltd) -- C:\Windows\SysNative\bsplmz01.exe
[2013.02.28 15:36:40 | 000,179,200 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09a.dll
[2013.02.28 15:36:40 | 000,161,280 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysNative\bsplmz01.dll
[2013.02.28 15:36:40 | 000,057,344 | ---- | C] (brother Industries Ltd) -- C:\Windows\SysWow64\brsvc01a.exe
[2013.02.28 15:36:40 | 000,050,176 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrUsi09a.dll
[2013.02.28 15:36:40 | 000,045,056 | ---- | C] (brother Industries Ltd) -- C:\Windows\SysWow64\brss01a.exe
[2013.02.28 15:36:39 | 000,167,936 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2013.02.28 15:36:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2013.02.28 15:36:00 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\InstallShield
[2013.02.28 15:35:05 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\mflpro
[2013.02.28 15:34:25 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\ElevatedDiagnostics
[2013.02.27 17:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.27 17:32:04 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jasc Software
[2013.02.27 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jasc Software Inc
[2013.02.27 17:30:10 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\PSP7
[2013.02.27 17:29:36 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\WinRAR
[2013.02.27 17:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.27 17:29:35 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.27 17:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.02.27 16:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.27 16:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.02.26 17:58:16 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\dvdcss
[2013.02.26 17:14:46 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Nvu
[2013.02.26 17:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu
[2013.02.26 17:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nvu
[2013.02.20 18:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.02.20 18:47:47 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.02.20 18:47:46 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.02.20 18:47:43 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.02.20 18:47:42 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.02.20 18:47:41 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.02.20 18:47:37 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.02.20 18:47:36 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.02.20 18:46:38 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.02.20 18:46:37 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013.02.20 18:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.02.20 18:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST
[2013.02.20 18:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jasc PaintShopPro
[2013.02.20 17:39:36 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\handball_andre
[2013.02.20 17:18:08 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Thunderbird
[2013.02.20 17:18:08 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Thunderbird
[2013.02.20 17:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.02.20 17:02:19 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.02.20 17:02:19 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\IrfanView
[2013.02.20 17:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013.02.16 11:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.02.16 11:08:44 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\.thumbnails
[2013.02.16 11:07:39 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\fontconfig
[2013.02.16 11:07:38 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\gegl-0.2
[2013.02.16 11:07:38 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\.gimp-2.8
[2013.02.16 11:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.02.16 11:06:45 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Programs
[2013.02.16 10:59:06 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\Allianz
[2013.02.16 10:12:33 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\Hitman 2
[2013.02.16 10:11:13 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\Wacken 2009 - DVD
[2013.02.16 10:04:22 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2013.02.16 10:04:20 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Documents\My eBooks
[2013.02.16 10:04:20 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\InterTrust
[2013.02.16 10:04:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.02.16 10:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.16 10:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.16 09:58:48 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Documents\Hexonic ScanToPDF Dokumente
[2013.02.16 09:58:38 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Hexonic_Software
[2013.02.16 09:58:37 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Hexonic Software
[2013.02.16 09:55:50 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Documents\Scanned Documents
[2013.02.16 09:55:49 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Documents\Fax
[2013.02.16 09:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hexonic ScanToPDF
[2013.02.16 09:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hexonic ScanToPDF
[2013.02.16 09:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2013.02.16 09:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 9.0
[2013.02.16 09:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2013.02.16 09:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2013.02.16 09:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft
[2013.02.16 09:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.02.16 09:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2013.02.15 19:38:03 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\FileZilla
[2013.02.15 19:37:52 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.02.15 19:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.02.15 19:27:03 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2013.02.15 19:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013.02.15 19:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013.02.15 19:26:57 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Winamp
[2013.02.15 19:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.02.15 19:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2013.02.15 19:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock
[2013.02.15 19:03:16 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\vlc
[2013.02.15 19:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.15 19:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.02.15 18:51:08 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\NVIDIA
[2013.02.15 18:50:56 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Risen
[2013.02.15 18:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.02.15 18:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.02.15 18:41:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2013.02.15 18:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.02.15 18:40:53 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.02.15 18:34:58 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.02.15 18:02:28 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Macromedia
[2013.02.15 18:02:28 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Macromedia
[2013.02.15 18:02:28 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Adobe
[2013.02.15 18:01:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.02.15 18:01:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.02.15 17:59:51 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Mozilla
[2013.02.15 17:59:51 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Mozilla
[2013.02.15 17:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.15 17:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.15 17:56:59 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\VirtualStore
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Vorlagen
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\AppData\Local\Verlauf
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\AppData\Local\Temporary Internet Files
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Startmenü
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\SendTo
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Recent
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Netzwerkumgebung
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Lokale Einstellungen
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Documents\Eigene Videos
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Documents\Eigene Musik
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Eigene Dateien
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Documents\Eigene Bilder
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Druckumgebung
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Cookies
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\AppData\Local\Anwendungsdaten
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Anwendungsdaten
[2013.02.15 17:56:53 | 000,000,000 | --SD | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Videos
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Searches
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Saved Games
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Pictures
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Music
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Links
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Favorites
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Downloads
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Documents
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Desktop
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Contacts
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.02.15 17:56:53 | 000,000,000 | -H-D | C] -- C:\Users\RittBorusse\AppData
[2013.02.15 17:56:53 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Temp
[2013.02.15 17:56:53 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Microsoft
[2013.02.15 17:56:53 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Identities
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.02.15 17:55:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.01 16:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RittBorusse\Desktop\OTL.exe
[2013.03.01 16:49:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RittBorusse\Desktop\OTL.exe.part
[2013.03.01 16:48:12 | 000,016,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 16:48:12 | 000,016,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.01 16:12:43 | 000,291,844 | ---- | M] () -- C:\Users\RittBorusse\Desktop\script.jpg
[2013.03.01 16:12:43 | 000,020,051 | ---- | M] () -- C:\Users\RittBorusse\AppData\Local\recently-used.xbel
[2013.03.01 15:52:05 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.01 15:52:05 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.01 15:52:05 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.01 15:52:05 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.01 15:52:05 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.01 15:45:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.01 15:45:40 | 2409,013,248 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.28 15:37:49 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf05a.dat
[2013.02.28 15:37:48 | 000,000,030 | ---- | M] () -- C:\Windows\SysWow64\brss01a.ini
[2013.02.28 15:37:47 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.02.28 15:37:47 | 000,000,184 | ---- | M] () -- C:\Windows\SysWow64\brsvc01a.bsi
[2013.02.28 15:37:47 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2013.02.27 21:11:33 | 000,111,716 | ---- | M] () -- C:\Users\RittBorusse\Desktop\plakat1.jpg
[2013.02.27 18:06:57 | 000,183,435 | ---- | M] () -- C:\Users\RittBorusse\Desktop\plakat1.psp
[2013.02.26 17:06:09 | 000,274,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.20 18:47:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.02.20 18:10:15 | 000,002,828 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2013.02.16 11:35:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.16 11:35:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.15 18:42:00 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.02.15 18:41:58 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.02.15 17:45:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.02.15 17:45:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2013.03.01 16:12:43 | 000,291,844 | ---- | C] () -- C:\Users\RittBorusse\Desktop\script.jpg
[2013.03.01 16:12:43 | 000,020,051 | ---- | C] () -- C:\Users\RittBorusse\AppData\Local\recently-used.xbel
[2013.02.28 15:37:49 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bridf05a.dat
[2013.02.28 15:37:48 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2013.02.28 15:37:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.02.28 15:37:47 | 000,000,184 | ---- | C] () -- C:\Windows\SysWow64\brsvc01a.bsi
[2013.02.28 15:37:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.02.27 21:11:33 | 000,111,716 | ---- | C] () -- C:\Users\RittBorusse\Desktop\plakat1.jpg
[2013.02.27 17:55:07 | 000,183,435 | ---- | C] () -- C:\Users\RittBorusse\Desktop\plakat1.psp
[2013.02.27 17:42:52 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.20 18:47:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.02.20 18:09:47 | 000,002,828 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2013.02.16 11:35:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.16 11:35:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.16 11:07:07 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013.02.16 11:01:02 | 000,000,000 | ---- | C] () -- C:\Windows\cs3marked32
[2013.02.16 10:21:00 | 4083,433,472 | ---- | C] () -- C:\Users\RittBorusse\Desktop\Der.Herr.der.Ringe.Die.Rückkehr.des.Königs.Extended.Edition.German.AC3.HDRip.XViD.avi
[2013.02.16 10:16:59 | 3141,494,784 | ---- | C] () -- C:\Users\RittBorusse\Desktop\Der.Herr.der.Ringe.Die.Gefaehrten.Extended.Edition.German.AC3.HDRip.XViD-FuN.avi
[2013.02.16 10:11:15 | 3141,414,912 | ---- | C] () -- C:\Users\RittBorusse\Desktop\Der.Herr.der.Ringe.2.Die.Zwei.Tuerme.Extended.Edition.German.AC3.HDRip.XViD-FuN.avi
[2013.02.16 10:04:25 | 000,001,270 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 5.0.lnk
[2013.02.16 09:51:55 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2013.02.15 18:41:59 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.02.15 18:41:58 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.02.15 17:59:38 | 000,000,943 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.15 17:56:54 | 000,001,446 | ---- | C] () -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.02.15 17:56:54 | 000,001,412 | ---- | C] () -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.01 16:48:15 | 000,000,000 | ---D | M] -- C:\Users\RittBorusse\AppData\Roaming\FileZilla
[2013.02.16 09:59:17 | 000,000,000 | ---D | M] -- C:\Users\RittBorusse\AppData\Roaming\Hexonic Software
[2013.02.16 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\RittBorusse\AppData\Roaming\InterTrust
[2013.02.20 17:02:19 | 000,000,000 | ---D | M] -- C:\Users\RittBorusse\AppData\Roaming\IrfanView
[2013.02.26 17:15:23 | 000,000,000 | ---D | M] -- C:\Users\RittBorusse\AppData\Roaming\Nvu
[2013.02.20 17:18:08 | 000,000,000 | ---D | M] -- C:\Users\RittBorusse\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.02.15 17:57:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013.02.15 17:55:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.28 15:15:00 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.28 15:36:39 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.27 16:14:19 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013.02.15 17:55:26 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.02.15 17:55:26 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.03 10:27:53 | 000,000,000 | -H-D | M] -- C:\RPKTools
[2013.03.01 16:53:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.03 10:27:53 | 000,000,000 | -H-D | M] -- C:\Tools
[2013.02.15 17:56:52 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.28 15:37:47 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,008,946 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.03.01 16:57:10 | 001,572,864 | -HS- | M] () -- C:\Users\RittBorusse\NTUSER.DAT
[2013.03.01 16:57:10 | 000,262,144 | -HS- | M] () -- C:\Users\RittBorusse\ntuser.dat.LOG1
[2013.02.15 17:56:55 | 000,000,000 | -HS- | M] () -- C:\Users\RittBorusse\ntuser.dat.LOG2
[2013.02.15 18:58:12 | 000,065,536 | -HS- | M] () -- C:\Users\RittBorusse\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2013.02.15 18:58:12 | 000,524,288 | -HS- | M] () -- C:\Users\RittBorusse\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2013.02.15 18:58:12 | 000,524,288 | -HS- | M] () -- C:\Users\RittBorusse\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.11.21 03:50:53 | 000,000,020 | -HS- | M] () -- C:\Users\RittBorusse\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 01.03.2013 16:52:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RittBorusse\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,02% Memory free
5,98 Gb Paging File | 4,85 Gb Available in Paging File | 81,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274,45 Gb Total Space | 222,80 Gb Free Space | 81,18% Space Free | Partition Type: NTFS
Drive D: | 71,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 465,76 Gb Total Space | 259,19 Gb Free Space | 55,65% Space Free | Partition Type: NTFS
 
Computer Name: Z600-WORKSTATIO | User Name: RittBorusse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C81B0F-EEA4-4ADC-B546-7C9DB291B838}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E69D893-AA25-4683-80B7-A632DFFCE017}" = rport=138 | protocol=17 | dir=out | app=system | 
"{13367E0E-D73D-466F-8043-B8F998F32DEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19C2FA56-C13F-4AA5-99DE-006C9296E125}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1FFE8731-8F2F-4649-B640-26BBB998C2EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{305A22ED-A1B5-4B72-A88B-DEF8FB5B836B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3292F51B-463D-49B1-8A05-706738CA669F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3A178137-CA05-4E8C-8D50-6604CDFDEE90}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4DC5FA50-4818-4026-B2FF-ACEF93CB3AD8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5CF7B9EB-9649-472D-877B-FCB2D5A3DB67}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{63F5B704-5B7B-4FBD-A142-B58C71A44E08}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{702D29A3-A741-4976-956C-6736578050B0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{90380077-E463-438E-AE6A-3F65FA6ABF96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A12331EB-D429-450D-9571-E848C2BB0C2C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A9C0FA9B-C442-4A2C-B12F-A1EE544AAF00}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B51FBF7E-1BE6-4A5C-95AF-3CB83C6240F0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C0C3B8DC-5326-4451-92F6-AEEA066B31A7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9B7FFC1-62C6-405D-BA74-E9055B5D8842}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E8E01B27-ADBE-4AD9-B942-FD5D452116D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EA3709E9-A922-4ED7-819C-A3701C38F308}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EE186E81-5332-4DA1-A272-5BBFF28DDB78}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F7FA0E8F-9940-474F-8FF6-C718EFD52A46}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FE7781E3-13FF-41BB-8517-FCA4B8DCD0E9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04566A4B-872E-4858-886B-9695A556E100}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0606E370-ADE5-4885-9581-BAE4517628F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{124F7F5C-CC04-4794-8239-ED9B3AFB44ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{212A9B0F-5DEC-4077-BDB0-45E817BCEC6D}" = protocol=6 | dir=out | app=system | 
"{5C074FEA-3634-486C-9F86-F5BA6AD4B831}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65B0ECB2-D19A-479A-9CAD-C24A8BC6B378}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{70B09685-79AB-442D-9357-D6E6B2B3B77F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{73CB5816-174D-4911-8A13-6663436771CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{787F8C29-699D-4A3A-BE51-0B2F9557C30E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{78E987EB-3C26-4EDA-82C8-F0074C5DABBD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{79F27926-B151-4479-ADA3-BA8125AEFA8F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{807D39EC-4DAF-4918-9404-6AF8E53E2433}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{874EE621-2BB5-45C0-BEF7-7154D3522A2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{96C8A37F-83C8-4FDB-A6B0-46FC5164D5D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AE038A9B-4322-42E3-BDC9-A2C4A41542FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B12CBF77-6F3E-45D8-8954-060A90B23652}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E6C1C8DB-D1DF-4807-AFD1-74D2B65BC973}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F40AE564-479B-4B91-B179-F2E045A0073B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F85A7F68-BC4B-4B26-B263-C5775967BF9F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{00DC94AB-95FA-4003-81B6-CE2AB213295D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{C74E308C-ABB1-467E-A9B0-7662B4112EFF}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"GIMP-2_is1" = GIMP 2.8.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-115C
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{EC78E48C-555F-11E1-A994-5FF64724019B}_is1" = Hexonic ScanToPDF Version 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Nvu_is1" = Nvu 1.0
"RocketDock_is1" = RocketDock 1.3.5
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.6.0.2
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.02.2013 01:03:07 | Computer Name = Z600-WorkStatio | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.02.2013 12:19:14 | Computer Name = Z600-WorkStatio | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.02.2013 23:44:17 | Computer Name = Z600-WorkStatio | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 11:04:01 | Computer Name = Z600-WorkStatio | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 12:59:06 | Computer Name = Z600-WorkStatio | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.2.4780 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 674    Startzeit: 
01ce0f8a5efdfc2d    Endzeit: 110    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 bc7724f8-7b7e-11e2-ad05-d48564bd948e  
 
Error - 20.02.2013 12:59:51 | Computer Name = Z600-WorkStatio | Source = Application Hang | ID = 1002
Description = Programm thunderbird.exe, Version 17.0.3.4794 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: eac    Startzeit: 01ce0f87e3db6e70    Endzeit: 10    Anwendungspfad: 
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe    Berichts-ID: e6e76adc-7b7e-11e2-ad05-d48564bd948e

 
Error - 20.02.2013 13:01:12 | Computer Name = Z600-WorkStatio | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 9f0    Startzeit: 01ce0f7b4d10b044    Endzeit: 60000    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID: e906a18e-7b7e-11e2-ad05-d48564bd948e  
 
Error - 20.02.2013 13:09:29 | Computer Name = Z600-WorkStatio | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 13:23:55 | Computer Name = Z600-WorkStatio | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.3.3235, 
Zeitstempel: 0x4fec7b3e  Name des fehlerhaften Moduls: winamp.exe, Version: 5.6.3.3235,
 Zeitstempel: 0x4fec7b3e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0006a487  ID des fehlerhaften
 Prozesses: 0xdf4  Startzeit der fehlerhaften Anwendung: 0x01ce0f8eeb5d8125  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Winamp\winamp.exe  Berichtskennung: 4d6fa0ce-7b82-11e2-9f07-d48564bd948e
 
Error - 21.02.2013 13:28:26 | Computer Name = Z600-WorkStatio | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.02.2013 11:58:55 | Computer Name = Z600-WorkStatio | Source = iaStorV | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 26.02.2013 11:59:09 | Computer Name = Z600-WorkStatio | Source = iaStorV | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 26.02.2013 11:59:23 | Computer Name = Z600-WorkStatio | Source = iaStorV | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 26.02.2013 11:59:30 | Computer Name = Z600-WorkStatio | Source = iaStorV | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 26.02.2013 11:59:44 | Computer Name = Z600-WorkStatio | Source = iaStorV | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 26.02.2013 11:59:58 | Computer Name = Z600-WorkStatio | Source = iaStorV | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 26.02.2013 12:00:12 | Computer Name = Z600-WorkStatio | Source = iaStorV | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 26.02.2013 12:00:19 | Computer Name = Z600-WorkStatio | Source = iaStorV | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 26.02.2013 12:00:32 | Computer Name = Z600-WorkStatio | Source = iaStorV | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 26.02.2013 12:00:47 | Computer Name = Z600-WorkStatio | Source = iaStorV | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
 
< End of report >
         

Alt 01.03.2013, 16:39   #8
markusg
/// Malware-holic
 
Malware im Quelltext - Standard

Malware im Quelltext



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.03.2013, 16:45   #9
RittBorusse
 
Malware im Quelltext - Standard

Malware im Quelltext



Keine Funde:

Code:
ATTFilter
17:41:58.0164 1592  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:41:58.0304 1592  ============================================================
17:41:58.0304 1592  Current date / time: 2013/03/01 17:41:58.0304
17:41:58.0304 1592  SystemInfo:
17:41:58.0304 1592  
17:41:58.0304 1592  OS Version: 6.1.7601 ServicePack: 1.0
17:41:58.0304 1592  Product type: Workstation
17:41:58.0304 1592  ComputerName: Z600-WORKSTATIO
17:41:58.0304 1592  UserName: RittBorusse
17:41:58.0304 1592  Windows directory: C:\Windows
17:41:58.0304 1592  System windows directory: C:\Windows
17:41:58.0304 1592  Running under WOW64
17:41:58.0304 1592  Processor architecture: Intel x64
17:41:58.0304 1592  Number of processors: 8
17:41:58.0304 1592  Page size: 0x1000
17:41:58.0304 1592  Boot type: Normal boot
17:41:58.0304 1592  ============================================================
17:41:59.0973 1592  Drive \Device\Harddisk0\DR0 - Size: 0x45DECD2000 (279.48 Gb), SectorSize: 0x200, Cylinders: 0x8E83, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:41:59.0989 1592  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:42:00.0036 1592  ============================================================
17:42:00.0036 1592  \Device\Harddisk0\DR0:
17:42:00.0036 1592  MBR partitions:
17:42:00.0036 1592  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA0F000, BlocksNum 0x224E6800
17:42:00.0036 1592  \Device\Harddisk1\DR1:
17:42:00.0036 1592  MBR partitions:
17:42:00.0036 1592  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
17:42:00.0036 1592  ============================================================
17:42:00.0129 1592  C: <-> \Device\Harddisk0\DR0\Partition1
17:42:00.0160 1592  E: <-> \Device\Harddisk1\DR1\Partition1
17:42:00.0160 1592  ============================================================
17:42:00.0160 1592  Initialize success
17:42:00.0160 1592  ============================================================
17:43:28.0956 4188  ============================================================
17:43:28.0956 4188  Scan started
17:43:28.0956 4188  Mode: Manual; SigCheck; TDLFS; 
17:43:28.0956 4188  ============================================================
17:43:29.0502 4188  ================ Scan system memory ========================
17:43:29.0502 4188  System memory - ok
17:43:29.0502 4188  ================ Scan services =============================
17:43:29.0720 4188  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:43:29.0798 4188  1394ohci - ok
17:43:29.0829 4188  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:43:29.0860 4188  ACPI - ok
17:43:29.0892 4188  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:43:29.0923 4188  AcpiPmi - ok
17:43:30.0001 4188  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:43:30.0016 4188  AdobeARMservice - ok
17:43:30.0063 4188  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:43:30.0110 4188  adp94xx - ok
17:43:30.0141 4188  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:43:30.0172 4188  adpahci - ok
17:43:30.0172 4188  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:43:30.0204 4188  adpu320 - ok
17:43:30.0235 4188  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:43:30.0282 4188  AeLookupSvc - ok
17:43:30.0313 4188  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:43:30.0360 4188  AFD - ok
17:43:30.0391 4188  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:43:30.0406 4188  agp440 - ok
17:43:30.0422 4188  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:43:30.0453 4188  ALG - ok
17:43:30.0484 4188  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:43:30.0500 4188  aliide - ok
17:43:30.0516 4188  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:43:30.0516 4188  amdide - ok
17:43:30.0547 4188  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:43:30.0578 4188  AmdK8 - ok
17:43:30.0578 4188  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:43:30.0609 4188  AmdPPM - ok
17:43:30.0656 4188  [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:43:30.0672 4188  amdsata - ok
17:43:30.0703 4188  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:43:30.0734 4188  amdsbs - ok
17:43:30.0750 4188  [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:43:30.0765 4188  amdxata - ok
17:43:30.0796 4188  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:43:30.0843 4188  AppID - ok
17:43:30.0859 4188  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:43:30.0906 4188  AppIDSvc - ok
17:43:30.0921 4188  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:43:30.0984 4188  Appinfo - ok
17:43:30.0999 4188  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:43:31.0030 4188  AppMgmt - ok
17:43:31.0062 4188  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
17:43:31.0077 4188  arc - ok
17:43:31.0077 4188  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:43:31.0093 4188  arcsas - ok
17:43:31.0124 4188  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
17:43:31.0155 4188  aswFsBlk - ok
17:43:31.0155 4188  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
17:43:31.0171 4188  aswMonFlt - ok
17:43:31.0186 4188  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
17:43:31.0186 4188  aswRdr - ok
17:43:31.0218 4188  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
17:43:31.0264 4188  aswSnx - ok
17:43:31.0280 4188  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
17:43:31.0311 4188  aswSP - ok
17:43:31.0327 4188  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
17:43:31.0342 4188  aswTdi - ok
17:43:31.0358 4188  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:43:31.0420 4188  AsyncMac - ok
17:43:31.0436 4188  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:43:31.0467 4188  atapi - ok
17:43:31.0514 4188  [ 64F07381335E37C142F6D176705FFCA6 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
17:43:31.0623 4188  atksgt - ok
17:43:31.0686 4188  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:43:31.0779 4188  AudioEndpointBuilder - ok
17:43:31.0810 4188  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:43:31.0857 4188  AudioSrv - ok
17:43:31.0904 4188  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST\AvastSvc.exe
17:43:31.0920 4188  avast! Antivirus - ok
17:43:31.0951 4188  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:43:31.0982 4188  AxInstSV - ok
17:43:32.0029 4188  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:43:32.0122 4188  b06bdrv - ok
17:43:32.0169 4188  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:43:32.0216 4188  b57nd60a - ok
17:43:32.0247 4188  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:43:32.0278 4188  BDESVC - ok
17:43:32.0294 4188  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:43:32.0356 4188  Beep - ok
17:43:32.0388 4188  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:43:32.0466 4188  BFE - ok
17:43:32.0497 4188  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:43:32.0590 4188  BITS - ok
17:43:32.0622 4188  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:43:32.0637 4188  blbdrive - ok
17:43:32.0653 4188  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:43:32.0684 4188  bowser - ok
17:43:32.0700 4188  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:43:32.0731 4188  BrFiltLo - ok
17:43:32.0731 4188  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:43:32.0746 4188  BrFiltUp - ok
17:43:32.0840 4188  [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\Windows\SysWOW64\brsvc01a.exe
17:43:32.0856 4188  Brother XP spl Service - ok
17:43:32.0902 4188  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:43:32.0918 4188  Browser - ok
17:43:32.0949 4188  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:43:32.0980 4188  Brserid - ok
17:43:32.0996 4188  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:43:33.0012 4188  BrSerWdm - ok
17:43:33.0027 4188  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:43:33.0058 4188  BrUsbMdm - ok
17:43:33.0074 4188  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:43:33.0105 4188  BrUsbSer - ok
17:43:33.0136 4188  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:43:33.0152 4188  BTHMODEM - ok
17:43:33.0199 4188  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:43:33.0261 4188  bthserv - ok
17:43:33.0277 4188  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:43:33.0339 4188  cdfs - ok
17:43:33.0370 4188  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
17:43:33.0417 4188  cdrom - ok
17:43:33.0433 4188  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:43:33.0464 4188  CertPropSvc - ok
17:43:33.0495 4188  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
17:43:33.0526 4188  circlass - ok
17:43:33.0558 4188  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:43:33.0604 4188  CLFS - ok
17:43:33.0651 4188  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:43:33.0667 4188  clr_optimization_v2.0.50727_32 - ok
17:43:33.0682 4188  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:43:33.0698 4188  clr_optimization_v2.0.50727_64 - ok
17:43:33.0729 4188  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:43:33.0745 4188  CmBatt - ok
17:43:33.0760 4188  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:43:33.0776 4188  cmdide - ok
17:43:33.0823 4188  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:43:33.0870 4188  CNG - ok
17:43:33.0885 4188  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:43:33.0901 4188  Compbatt - ok
17:43:33.0932 4188  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:43:33.0963 4188  CompositeBus - ok
17:43:33.0979 4188  COMSysApp - ok
17:43:33.0994 4188  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:43:34.0010 4188  crcdisk - ok
17:43:34.0041 4188  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:43:34.0104 4188  CryptSvc - ok
17:43:34.0135 4188  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
17:43:34.0197 4188  CSC - ok
17:43:34.0228 4188  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
17:43:34.0291 4188  CscService - ok
17:43:34.0322 4188  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:43:34.0400 4188  DcomLaunch - ok
17:43:34.0431 4188  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:43:34.0478 4188  defragsvc - ok
17:43:34.0494 4188  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:43:34.0525 4188  DfsC - ok
17:43:34.0556 4188  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:43:34.0634 4188  Dhcp - ok
17:43:34.0665 4188  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:43:34.0712 4188  discache - ok
17:43:34.0759 4188  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
17:43:34.0774 4188  Disk - ok
17:43:34.0806 4188  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
17:43:34.0821 4188  dmvsc - ok
17:43:34.0852 4188  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:43:34.0915 4188  Dnscache - ok
17:43:34.0946 4188  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:43:35.0024 4188  dot3svc - ok
17:43:35.0040 4188  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:43:35.0086 4188  DPS - ok
17:43:35.0118 4188  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:43:35.0149 4188  drmkaud - ok
17:43:35.0180 4188  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:43:35.0242 4188  DXGKrnl - ok
17:43:35.0258 4188  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:43:35.0305 4188  EapHost - ok
17:43:35.0414 4188  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:43:35.0523 4188  ebdrv - ok
17:43:35.0554 4188  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:43:35.0570 4188  EFS - ok
17:43:35.0632 4188  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:43:35.0695 4188  ehRecvr - ok
17:43:35.0695 4188  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:43:35.0726 4188  ehSched - ok
17:43:35.0757 4188  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:43:35.0788 4188  elxstor - ok
17:43:35.0804 4188  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:43:35.0820 4188  ErrDev - ok
17:43:35.0866 4188  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:43:35.0944 4188  EventSystem - ok
17:43:36.0022 4188  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:43:36.0085 4188  exfat - ok
17:43:36.0100 4188  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:43:36.0163 4188  fastfat - ok
17:43:36.0194 4188  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:43:36.0241 4188  Fax - ok
17:43:36.0272 4188  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
17:43:36.0303 4188  fdc - ok
17:43:36.0350 4188  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:43:36.0397 4188  fdPHost - ok
17:43:36.0397 4188  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:43:36.0459 4188  FDResPub - ok
17:43:36.0490 4188  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:43:36.0506 4188  FileInfo - ok
17:43:36.0506 4188  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:43:36.0553 4188  Filetrace - ok
17:43:36.0568 4188  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:43:36.0584 4188  flpydisk - ok
17:43:36.0584 4188  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:43:36.0615 4188  FltMgr - ok
17:43:36.0646 4188  [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache       C:\Windows\system32\FntCache.dll
17:43:36.0756 4188  FontCache - ok
17:43:36.0818 4188  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:43:36.0834 4188  FontCache3.0.0.0 - ok
17:43:36.0849 4188  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:43:36.0865 4188  FsDepends - ok
17:43:36.0880 4188  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:43:36.0896 4188  Fs_Rec - ok
17:43:36.0912 4188  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:43:36.0927 4188  fvevol - ok
17:43:36.0958 4188  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:43:36.0990 4188  gagp30kx - ok
17:43:37.0021 4188  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:43:37.0099 4188  gpsvc - ok
17:43:37.0115 4188  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:43:37.0146 4188  hcw85cir - ok
17:43:37.0177 4188  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:43:37.0239 4188  HdAudAddService - ok
17:43:37.0271 4188  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:43:37.0302 4188  HDAudBus - ok
17:43:37.0317 4188  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:43:37.0349 4188  HidBatt - ok
17:43:37.0380 4188  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:43:37.0411 4188  HidBth - ok
17:43:37.0442 4188  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:43:37.0458 4188  HidIr - ok
17:43:37.0489 4188  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:43:37.0520 4188  hidserv - ok
17:43:37.0536 4188  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:43:37.0551 4188  HidUsb - ok
17:43:37.0567 4188  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:43:37.0614 4188  hkmsvc - ok
17:43:37.0645 4188  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:43:37.0661 4188  HomeGroupListener - ok
17:43:37.0692 4188  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:43:37.0739 4188  HomeGroupProvider - ok
17:43:37.0770 4188  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:43:37.0785 4188  HpSAMD - ok
17:43:37.0832 4188  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:43:37.0910 4188  HTTP - ok
17:43:37.0910 4188  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:43:37.0926 4188  hwpolicy - ok
17:43:37.0957 4188  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:43:37.0973 4188  i8042prt - ok
17:43:37.0988 4188  [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:43:38.0004 4188  iaStorV - ok
17:43:38.0160 4188  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:43:38.0222 4188  idsvc - ok
17:43:38.0238 4188  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:43:38.0253 4188  iirsp - ok
17:43:38.0285 4188  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:43:38.0378 4188  IKEEXT - ok
17:43:38.0456 4188  [ C0AE19E528AFEF42D22E00E20BB1D1F7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:43:38.0550 4188  IntcAzAudAddService - ok
17:43:38.0565 4188  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:43:38.0581 4188  intelide - ok
17:43:38.0612 4188  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
17:43:38.0643 4188  intelppm - ok
17:43:38.0659 4188  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:43:38.0706 4188  IPBusEnum - ok
17:43:38.0737 4188  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:43:38.0768 4188  IpFilterDriver - ok
17:43:38.0815 4188  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:43:38.0893 4188  iphlpsvc - ok
17:43:38.0909 4188  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:43:38.0924 4188  IPMIDRV - ok
17:43:38.0940 4188  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:43:38.0987 4188  IPNAT - ok
17:43:38.0987 4188  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:43:39.0033 4188  IRENUM - ok
17:43:39.0049 4188  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:43:39.0065 4188  isapnp - ok
17:43:39.0080 4188  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:43:39.0127 4188  iScsiPrt - ok
17:43:39.0127 4188  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:43:39.0143 4188  kbdclass - ok
17:43:39.0158 4188  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:43:39.0189 4188  kbdhid - ok
17:43:39.0205 4188  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:43:39.0221 4188  KeyIso - ok
17:43:39.0236 4188  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:43:39.0252 4188  KSecDD - ok
17:43:39.0267 4188  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:43:39.0283 4188  KSecPkg - ok
17:43:39.0299 4188  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:43:39.0345 4188  ksthunk - ok
17:43:39.0361 4188  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:43:39.0439 4188  KtmRm - ok
17:43:39.0455 4188  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:43:39.0517 4188  LanmanServer - ok
17:43:39.0548 4188  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:43:39.0611 4188  LanmanWorkstation - ok
17:43:39.0657 4188  [ 83BA097ACAAD0B00505634A62D90F93A ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
17:43:39.0673 4188  lirsgt - ok
17:43:39.0751 4188  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:43:39.0954 4188  lltdio - ok
17:43:40.0016 4188  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:43:40.0094 4188  lltdsvc - ok
17:43:40.0110 4188  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:43:40.0157 4188  lmhosts - ok
17:43:40.0188 4188  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:43:40.0203 4188  LSI_FC - ok
17:43:40.0235 4188  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:43:40.0250 4188  LSI_SAS - ok
17:43:40.0266 4188  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:43:40.0281 4188  LSI_SAS2 - ok
17:43:40.0281 4188  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:43:40.0297 4188  LSI_SCSI - ok
17:43:40.0313 4188  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:43:40.0359 4188  luafv - ok
17:43:40.0359 4188  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:43:40.0391 4188  Mcx2Svc - ok
17:43:40.0406 4188  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:43:40.0406 4188  megasas - ok
17:43:40.0437 4188  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:43:40.0453 4188  MegaSR - ok
17:43:40.0469 4188  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:43:40.0531 4188  MMCSS - ok
17:43:40.0547 4188  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:43:40.0593 4188  Modem - ok
17:43:40.0609 4188  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:43:40.0640 4188  monitor - ok
17:43:40.0671 4188  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
17:43:40.0687 4188  mouclass - ok
17:43:40.0703 4188  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
17:43:40.0749 4188  mouhid - ok
17:43:40.0765 4188  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:43:40.0781 4188  mountmgr - ok
17:43:40.0827 4188  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:43:40.0843 4188  MozillaMaintenance - ok
17:43:40.0874 4188  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:43:40.0905 4188  mpio - ok
17:43:40.0905 4188  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:43:40.0952 4188  mpsdrv - ok
17:43:40.0983 4188  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:43:41.0061 4188  MpsSvc - ok
17:43:41.0077 4188  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:43:41.0108 4188  MRxDAV - ok
17:43:41.0139 4188  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:43:41.0171 4188  mrxsmb - ok
17:43:41.0186 4188  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:43:41.0202 4188  mrxsmb10 - ok
17:43:41.0217 4188  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:43:41.0233 4188  mrxsmb20 - ok
17:43:41.0249 4188  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:43:41.0249 4188  msahci - ok
17:43:41.0264 4188  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:43:41.0311 4188  msdsm - ok
17:43:41.0327 4188  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:43:41.0373 4188  MSDTC - ok
17:43:41.0389 4188  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:43:41.0451 4188  Msfs - ok
17:43:41.0467 4188  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:43:41.0514 4188  mshidkmdf - ok
17:43:41.0529 4188  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:43:41.0545 4188  msisadrv - ok
17:43:41.0561 4188  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:43:41.0607 4188  MSiSCSI - ok
17:43:41.0607 4188  msiserver - ok
17:43:41.0623 4188  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:43:41.0670 4188  MSKSSRV - ok
17:43:41.0670 4188  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:43:41.0717 4188  MSPCLOCK - ok
17:43:41.0717 4188  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:43:41.0748 4188  MSPQM - ok
17:43:41.0779 4188  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:43:41.0795 4188  MsRPC - ok
17:43:41.0826 4188  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:43:41.0841 4188  mssmbios - ok
17:43:41.0841 4188  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:43:41.0904 4188  MSTEE - ok
17:43:41.0919 4188  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:43:41.0935 4188  MTConfig - ok
17:43:41.0935 4188  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:43:41.0951 4188  Mup - ok
17:43:41.0982 4188  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:43:42.0060 4188  napagent - ok
17:43:42.0091 4188  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:43:42.0138 4188  NativeWifiP - ok
17:43:42.0169 4188  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:43:42.0231 4188  NDIS - ok
17:43:42.0247 4188  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:43:42.0294 4188  NdisCap - ok
17:43:42.0309 4188  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:43:42.0341 4188  NdisTapi - ok
17:43:42.0341 4188  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:43:42.0372 4188  Ndisuio - ok
17:43:42.0387 4188  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:43:42.0434 4188  NdisWan - ok
17:43:42.0434 4188  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:43:42.0465 4188  NDProxy - ok
17:43:42.0465 4188  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:43:42.0497 4188  NetBIOS - ok
17:43:42.0528 4188  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:43:42.0559 4188  NetBT - ok
17:43:42.0575 4188  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:43:42.0590 4188  Netlogon - ok
17:43:42.0621 4188  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:43:42.0684 4188  Netman - ok
17:43:42.0699 4188  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:43:42.0746 4188  netprofm - ok
17:43:42.0793 4188  [ 618C55B392238B9467F9113E13525C49 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
17:43:42.0855 4188  netr28ux - ok
17:43:42.0871 4188  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:43:42.0887 4188  NetTcpPortSharing - ok
17:43:42.0902 4188  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:43:42.0918 4188  nfrd960 - ok
17:43:42.0949 4188  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:43:43.0011 4188  NlaSvc - ok
17:43:43.0043 4188  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:43:43.0074 4188  Npfs - ok
17:43:43.0089 4188  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:43:43.0136 4188  nsi - ok
17:43:43.0136 4188  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:43:43.0183 4188  nsiproxy - ok
17:43:43.0199 4188  [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:43:43.0292 4188  Ntfs - ok
17:43:43.0308 4188  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:43:43.0355 4188  Null - ok
17:43:43.0667 4188  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:43:44.0072 4188  nvlddmkm - ok
17:43:44.0103 4188  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:43:44.0150 4188  nvraid - ok
17:43:44.0166 4188  [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:43:44.0197 4188  nvstor - ok
17:43:44.0228 4188  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:43:44.0275 4188  nvsvc - ok
17:43:44.0306 4188  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:43:44.0322 4188  nv_agp - ok
17:43:44.0337 4188  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:43:44.0369 4188  ohci1394 - ok
17:43:44.0400 4188  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:43:44.0462 4188  p2pimsvc - ok
17:43:44.0478 4188  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:43:44.0525 4188  p2psvc - ok
17:43:44.0556 4188  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
17:43:44.0587 4188  Parport - ok
17:43:44.0603 4188  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:43:44.0618 4188  partmgr - ok
17:43:44.0634 4188  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:43:44.0696 4188  PcaSvc - ok
17:43:44.0727 4188  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:43:44.0759 4188  pci - ok
17:43:44.0774 4188  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:43:44.0790 4188  pciide - ok
17:43:44.0805 4188  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:43:44.0852 4188  pcmcia - ok
17:43:44.0868 4188  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:43:44.0883 4188  pcw - ok
17:43:44.0899 4188  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:43:44.0977 4188  PEAUTH - ok
17:43:45.0086 4188  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:43:45.0149 4188  PeerDistSvc - ok
17:43:45.0164 4188  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:43:45.0180 4188  PerfHost - ok
17:43:45.0227 4188  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:43:45.0320 4188  pla - ok
17:43:45.0367 4188  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:43:45.0414 4188  PlugPlay - ok
17:43:45.0429 4188  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:43:45.0445 4188  PNRPAutoReg - ok
17:43:45.0461 4188  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:43:45.0492 4188  PNRPsvc - ok
17:43:45.0507 4188  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:43:45.0570 4188  PolicyAgent - ok
17:43:45.0601 4188  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:43:45.0679 4188  Power - ok
17:43:45.0710 4188  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:43:45.0741 4188  PptpMiniport - ok
17:43:45.0773 4188  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
17:43:45.0788 4188  Processor - ok
17:43:45.0819 4188  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
17:43:45.0866 4188  ProfSvc - ok
17:43:45.0882 4188  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:43:45.0897 4188  ProtectedStorage - ok
17:43:45.0913 4188  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:43:45.0960 4188  Psched - ok
17:43:46.0007 4188  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:43:46.0085 4188  ql2300 - ok
17:43:46.0116 4188  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:43:46.0131 4188  ql40xx - ok
17:43:46.0147 4188  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:43:46.0194 4188  QWAVE - ok
17:43:46.0209 4188  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:43:46.0225 4188  QWAVEdrv - ok
17:43:46.0241 4188  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:43:46.0303 4188  RasAcd - ok
17:43:46.0334 4188  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:43:46.0365 4188  RasAgileVpn - ok
17:43:46.0397 4188  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:43:46.0443 4188  RasAuto - ok
17:43:46.0443 4188  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:43:46.0490 4188  Rasl2tp - ok
17:43:46.0506 4188  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:43:46.0553 4188  RasMan - ok
17:43:46.0553 4188  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:43:46.0599 4188  RasPppoe - ok
17:43:46.0615 4188  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:43:46.0646 4188  RasSstp - ok
17:43:46.0662 4188  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:43:46.0709 4188  rdbss - ok
17:43:46.0740 4188  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:43:46.0771 4188  rdpbus - ok
17:43:46.0787 4188  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:43:46.0833 4188  RDPCDD - ok
17:43:46.0849 4188  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:43:46.0880 4188  RDPDR - ok
17:43:46.0880 4188  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:43:46.0927 4188  RDPENCDD - ok
17:43:46.0927 4188  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:43:46.0958 4188  RDPREFMP - ok
17:43:46.0989 4188  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:43:47.0036 4188  RDPWD - ok
17:43:47.0052 4188  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:43:47.0067 4188  rdyboost - ok
17:43:47.0083 4188  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:43:47.0130 4188  RemoteAccess - ok
17:43:47.0145 4188  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:43:47.0208 4188  RemoteRegistry - ok
17:43:47.0223 4188  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:43:47.0255 4188  RpcEptMapper - ok
17:43:47.0270 4188  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:43:47.0301 4188  RpcLocator - ok
17:43:47.0333 4188  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:43:47.0364 4188  RpcSs - ok
17:43:47.0395 4188  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:43:47.0426 4188  rspndr - ok
17:43:47.0442 4188  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:43:47.0473 4188  s3cap - ok
17:43:47.0473 4188  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:43:47.0489 4188  SamSs - ok
17:43:47.0504 4188  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:43:47.0520 4188  sbp2port - ok
17:43:47.0551 4188  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:43:47.0582 4188  SCardSvr - ok
17:43:47.0598 4188  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:43:47.0645 4188  scfilter - ok
17:43:47.0676 4188  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:43:47.0769 4188  Schedule - ok
17:43:47.0785 4188  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:43:47.0816 4188  SCPolicySvc - ok
17:43:47.0832 4188  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:43:47.0879 4188  SDRSVC - ok
17:43:47.0879 4188  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:43:47.0925 4188  secdrv - ok
17:43:47.0925 4188  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:43:47.0972 4188  seclogon - ok
17:43:47.0988 4188  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:43:48.0019 4188  SENS - ok
17:43:48.0035 4188  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:43:48.0050 4188  SensrSvc - ok
17:43:48.0066 4188  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:43:48.0081 4188  Serenum - ok
17:43:48.0113 4188  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
17:43:48.0128 4188  Serial - ok
17:43:48.0159 4188  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:43:48.0206 4188  sermouse - ok
17:43:48.0222 4188  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:43:48.0253 4188  SessionEnv - ok
17:43:48.0269 4188  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:43:48.0284 4188  sffdisk - ok
17:43:48.0300 4188  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:43:48.0315 4188  sffp_mmc - ok
17:43:48.0315 4188  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:43:48.0347 4188  sffp_sd - ok
17:43:48.0347 4188  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:43:48.0362 4188  sfloppy - ok
17:43:48.0393 4188  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:43:48.0456 4188  SharedAccess - ok
17:43:48.0487 4188  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:43:48.0549 4188  ShellHWDetection - ok
17:43:48.0549 4188  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:43:48.0565 4188  SiSRaid2 - ok
17:43:48.0581 4188  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:43:48.0596 4188  SiSRaid4 - ok
17:43:48.0627 4188  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:43:48.0674 4188  Smb - ok
17:43:48.0705 4188  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:43:48.0737 4188  SNMPTRAP - ok
17:43:48.0752 4188  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:43:48.0768 4188  spldr - ok
17:43:48.0799 4188  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
17:43:48.0846 4188  Spooler - ok
17:43:48.0939 4188  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:43:49.0080 4188  sppsvc - ok
17:43:49.0095 4188  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:43:49.0127 4188  sppuinotify - ok
17:43:49.0158 4188  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:43:49.0205 4188  srv - ok
17:43:49.0205 4188  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:43:49.0251 4188  srv2 - ok
17:43:49.0267 4188  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:43:49.0298 4188  srvnet - ok
17:43:49.0314 4188  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:43:49.0361 4188  SSDPSRV - ok
17:43:49.0376 4188  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:43:49.0423 4188  SstpSvc - ok
17:43:49.0470 4188  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:43:49.0501 4188  Stereo Service - ok
17:43:49.0517 4188  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:43:49.0532 4188  stexstor - ok
17:43:49.0579 4188  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:43:49.0641 4188  stisvc - ok
17:43:49.0657 4188  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:43:49.0673 4188  storflt - ok
17:43:49.0673 4188  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
17:43:49.0688 4188  StorSvc - ok
17:43:49.0719 4188  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:43:49.0735 4188  storvsc - ok
17:43:49.0735 4188  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:43:49.0751 4188  swenum - ok
17:43:49.0782 4188  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:43:49.0875 4188  swprv - ok
17:43:49.0922 4188  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:43:50.0031 4188  SysMain - ok
17:43:50.0047 4188  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:43:50.0078 4188  TabletInputService - ok
17:43:50.0094 4188  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:43:50.0141 4188  TapiSrv - ok
17:43:50.0156 4188  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:43:50.0203 4188  TBS - ok
17:43:50.0250 4188  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:43:50.0343 4188  Tcpip - ok
17:43:50.0390 4188  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:43:50.0437 4188  TCPIP6 - ok
17:43:50.0453 4188  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:43:50.0499 4188  tcpipreg - ok
17:43:50.0499 4188  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:43:50.0531 4188  TDPIPE - ok
17:43:50.0546 4188  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:43:50.0562 4188  TDTCP - ok
17:43:50.0562 4188  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:43:50.0593 4188  tdx - ok
17:43:50.0624 4188  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:43:50.0640 4188  TermDD - ok
17:43:50.0671 4188  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:43:50.0765 4188  TermService - ok
17:43:50.0780 4188  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:43:50.0796 4188  Themes - ok
17:43:50.0811 4188  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:43:50.0843 4188  THREADORDER - ok
17:43:50.0858 4188  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:43:50.0905 4188  TrkWks - ok
17:43:50.0952 4188  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:43:51.0014 4188  TrustedInstaller - ok
17:43:51.0030 4188  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:43:51.0077 4188  tssecsrv - ok
17:43:51.0077 4188  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:43:51.0092 4188  TsUsbFlt - ok
17:43:51.0123 4188  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:43:51.0139 4188  TsUsbGD - ok
17:43:51.0155 4188  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:43:51.0201 4188  tunnel - ok
17:43:51.0217 4188  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:43:51.0233 4188  uagp35 - ok
17:43:51.0248 4188  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:43:51.0295 4188  udfs - ok
17:43:51.0342 4188  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:43:51.0373 4188  UI0Detect - ok
17:43:51.0420 4188  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:43:51.0435 4188  uliagpkx - ok
17:43:51.0467 4188  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:43:51.0482 4188  umbus - ok
17:43:51.0498 4188  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:43:51.0513 4188  UmPass - ok
17:43:51.0529 4188  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
17:43:51.0560 4188  UmRdpService - ok
17:43:51.0591 4188  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:43:51.0669 4188  upnphost - ok
17:43:51.0685 4188  [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:43:51.0716 4188  usbccgp - ok
17:43:51.0747 4188  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:43:51.0779 4188  usbcir - ok
17:43:51.0794 4188  [ 74EE782B1D9C241EFE425565854C661C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:43:51.0825 4188  usbehci - ok
17:43:51.0841 4188  [ DC96BD9CCB8403251BCF25047573558E ] usbhub          C:\Windows\system32\drivers\usbhub.sys
17:43:51.0872 4188  usbhub - ok
17:43:51.0903 4188  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:43:51.0919 4188  usbohci - ok
17:43:51.0935 4188  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:43:51.0981 4188  usbprint - ok
17:43:51.0997 4188  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:43:52.0013 4188  usbscan - ok
17:43:52.0028 4188  [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:43:52.0059 4188  USBSTOR - ok
17:43:52.0091 4188  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:43:52.0122 4188  usbuhci - ok
17:43:52.0153 4188  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:43:52.0215 4188  UxSms - ok
17:43:52.0215 4188  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:43:52.0231 4188  VaultSvc - ok
17:43:52.0247 4188  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:43:52.0262 4188  vdrvroot - ok
17:43:52.0293 4188  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:43:52.0340 4188  vds - ok
17:43:52.0371 4188  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:43:52.0387 4188  vga - ok
17:43:52.0403 4188  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:43:52.0449 4188  VgaSave - ok
17:43:52.0465 4188  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:43:52.0496 4188  vhdmp - ok
17:43:52.0543 4188  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:43:52.0559 4188  viaide - ok
17:43:52.0574 4188  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:43:52.0621 4188  vmbus - ok
17:43:52.0652 4188  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:43:52.0668 4188  VMBusHID - ok
17:43:52.0699 4188  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:43:52.0715 4188  volmgr - ok
17:43:52.0730 4188  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:43:52.0746 4188  volmgrx - ok
17:43:52.0761 4188  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:43:52.0808 4188  volsnap - ok
17:43:52.0824 4188  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:43:52.0855 4188  vsmraid - ok
17:43:52.0902 4188  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:43:53.0011 4188  VSS - ok
17:43:53.0011 4188  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:43:53.0042 4188  vwifibus - ok
17:43:53.0073 4188  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:43:53.0105 4188  vwififlt - ok
17:43:53.0136 4188  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:43:53.0183 4188  W32Time - ok
17:43:53.0198 4188  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:43:53.0229 4188  WacomPen - ok
17:43:53.0245 4188  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:43:53.0292 4188  WANARP - ok
17:43:53.0292 4188  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:43:53.0323 4188  Wanarpv6 - ok
17:43:53.0370 4188  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:43:53.0448 4188  wbengine - ok
17:43:53.0448 4188  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:43:53.0479 4188  WbioSrvc - ok
17:43:53.0495 4188  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:43:53.0541 4188  wcncsvc - ok
17:43:53.0541 4188  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:43:53.0573 4188  WcsPlugInService - ok
17:43:53.0588 4188  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
17:43:53.0604 4188  Wd - ok
17:43:53.0651 4188  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:43:53.0713 4188  Wdf01000 - ok
17:43:53.0729 4188  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:43:53.0775 4188  WdiServiceHost - ok
17:43:53.0775 4188  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:43:53.0807 4188  WdiSystemHost - ok
17:43:53.0838 4188  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:43:53.0885 4188  WebClient - ok
17:43:53.0900 4188  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:43:53.0947 4188  Wecsvc - ok
17:43:53.0963 4188  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:43:53.0994 4188  wercplsupport - ok
17:43:53.0994 4188  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:43:54.0041 4188  WerSvc - ok
17:43:54.0041 4188  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:43:54.0072 4188  WfpLwf - ok
17:43:54.0087 4188  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:43:54.0103 4188  WIMMount - ok
17:43:54.0103 4188  WinDefend - ok
17:43:54.0103 4188  WinHttpAutoProxySvc - ok
17:43:54.0150 4188  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:43:54.0197 4188  Winmgmt - ok
17:43:54.0259 4188  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:43:54.0353 4188  WinRM - ok
17:43:54.0384 4188  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:43:54.0446 4188  Wlansvc - ok
17:43:54.0462 4188  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:43:54.0493 4188  WmiAcpi - ok
17:43:54.0509 4188  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:43:54.0571 4188  wmiApSrv - ok
17:43:54.0587 4188  WMPNetworkSvc - ok
17:43:54.0618 4188  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:43:54.0633 4188  WPCSvc - ok
17:43:54.0649 4188  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:43:54.0665 4188  WPDBusEnum - ok
17:43:54.0680 4188  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:43:54.0711 4188  ws2ifsl - ok
17:43:54.0743 4188  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:43:54.0774 4188  wscsvc - ok
17:43:54.0774 4188  WSearch - ok
17:43:54.0852 4188  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:43:54.0961 4188  wuauserv - ok
17:43:54.0961 4188  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:43:55.0008 4188  WudfPf - ok
17:43:55.0039 4188  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:43:55.0117 4188  WUDFRd - ok
17:43:55.0148 4188  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:43:55.0179 4188  wudfsvc - ok
17:43:55.0195 4188  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:43:55.0242 4188  WwanSvc - ok
17:43:55.0257 4188  ================ Scan global ===============================
17:43:55.0273 4188  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:43:55.0304 4188  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:43:55.0335 4188  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:43:55.0351 4188  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:43:55.0382 4188  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:43:55.0398 4188  [Global] - ok
17:43:55.0398 4188  ================ Scan MBR ==================================
17:43:55.0413 4188  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:43:55.0803 4188  \Device\Harddisk0\DR0 - ok
17:43:55.0819 4188  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:43:55.0928 4188  \Device\Harddisk1\DR1 - ok
17:43:55.0928 4188  ================ Scan VBR ==================================
17:43:55.0944 4188  [ BC1515BA28F19F3A025A456D7AC3B128 ] \Device\Harddisk0\DR0\Partition1
17:43:55.0944 4188  \Device\Harddisk0\DR0\Partition1 - ok
17:43:55.0944 4188  [ DF3430DD61AD96427F994E813F424547 ] \Device\Harddisk1\DR1\Partition1
17:43:55.0959 4188  \Device\Harddisk1\DR1\Partition1 - ok
17:43:55.0959 4188  ============================================================
17:43:55.0959 4188  Scan finished
17:43:55.0959 4188  ============================================================
17:43:55.0959 4960  Detected object count: 0
17:43:55.0959 4960  Actual detected object count: 0
         

Alt 01.03.2013, 16:57   #10
markusg
/// Malware-holic
 
Malware im Quelltext - Standard

Malware im Quelltext



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.03.2013, 17:26   #11
RittBorusse
 
Malware im Quelltext - Standard

Malware im Quelltext



Combofix-Log:

Code:
ATTFilter
ComboFix 13-03-01.01 - RittBorusse 01.03.2013  18:04:28.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3063.2064 [GMT 1:00]
ausgeführt von:: c:\users\RittBorusse\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
E:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-01 bis 2013-03-01  ))))))))))))))))))))))))))))))
.
.
2013-03-01 17:07 . 2013-03-01 17:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-01 16:48 . 2002-12-29 00:14	81920	----a-w-	c:\windows\SysWow64\Startup.cpl
2013-03-01 16:20 . 2013-03-01 16:20	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-03-01 16:20 . 2013-03-01 16:19	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-01 16:20 . 2013-03-01 16:19	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-01 16:19 . 2013-03-01 16:19	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-01 16:19 . 2013-03-01 16:19	--------	d-----w-	c:\program files (x86)\Java
2013-03-01 14:50 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B0B4F40-907A-4A1B-B7DE-9F99BE33B882}\mpengine.dll
2013-02-27 16:31 . 2013-02-27 16:31	--------	d-----w-	c:\program files (x86)\Jasc Software Inc
2013-02-27 16:29 . 2013-02-27 16:29	--------	d-----w-	c:\program files\WinRAR
2013-02-27 15:34 . 2013-02-27 15:34	--------	d-----w-	c:\program files\Mozilla Firefox
2013-02-27 15:15 . 2013-02-27 15:15	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 15:15 . 2013-02-27 15:15	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-26 16:14 . 2013-02-26 16:14	--------	d-----w-	c:\program files (x86)\Nvu
2013-02-20 17:47 . 2012-10-30 22:51	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-02-20 17:47 . 2012-10-30 22:51	370288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-02-20 17:47 . 2012-10-15 16:59	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-02-20 17:47 . 2012-10-30 22:51	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-02-20 17:47 . 2012-10-30 22:51	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-02-20 17:47 . 2012-10-30 22:51	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-02-20 17:47 . 2012-10-30 22:50	285328	----a-w-	c:\windows\system32\aswBoot.exe
2013-02-20 17:46 . 2012-10-30 22:51	41224	----a-w-	c:\windows\avastSS.scr
2013-02-20 17:46 . 2012-10-30 22:50	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2013-02-20 17:46 . 2013-02-20 17:47	--------	d-----w-	c:\program files\AVAST
2013-02-20 17:46 . 2013-02-20 17:46	--------	d-----w-	c:\programdata\AVAST Software
2013-02-20 17:09 . 2013-02-20 17:10	2828	--sha-w-	c:\windows\SysWow64\KGyGaAvL.sys
2013-02-20 17:09 . 2013-02-20 17:09	--------	d-----w-	c:\program files (x86)\Jasc PaintShopPro
2013-02-20 16:18 . 2013-02-20 16:18	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-02-20 16:02 . 2013-02-20 16:02	--------	d-----w-	c:\program files (x86)\IrfanView
2013-02-17 18:56 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-17 18:56 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 11:55 . 2013-02-16 11:55	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2013-02-16 11:55 . 2013-02-16 11:55	--------	d-----w-	c:\windows\system32\wbem\en-US
2013-02-16 10:41 . 2013-02-04 21:49	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-02-16 10:36 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2013-02-16 10:30 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-02-16 10:30 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-02-16 10:30 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-02-16 10:30 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-02-16 10:30 . 2010-09-30 10:41	100864	----a-w-	c:\windows\system32\fontsub.dll
2013-02-16 10:30 . 2010-09-30 06:47	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2013-02-16 10:30 . 2013-02-16 10:30	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2013-02-16 10:26 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-02-16 10:26 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2013-02-16 10:26 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2013-02-16 10:26 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2013-02-16 10:26 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2013-02-16 10:06 . 2013-02-16 10:07	--------	d-----w-	c:\program files\GIMP 2
2013-02-16 09:04 . 2013-02-16 09:04	--------	d-----w-	c:\windows\Profiles
2013-02-16 09:04 . 2013-02-27 16:42	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-02-16 09:04 . 2013-02-16 09:04	--------	d-----w-	c:\windows\SysWow64\Adobe
2013-02-16 08:58 . 2011-11-17 06:35	395776	----a-w-	c:\windows\system32\webio.dll
2013-02-16 08:57 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-02-16 08:56 . 2011-12-28 03:59	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2013-02-16 08:55 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-02-16 08:54 . 2013-02-16 08:54	--------	d-----w-	c:\program files (x86)\Hexonic ScanToPDF
2013-02-16 08:51 . 2013-02-28 14:38	--------	d-----w-	c:\programdata\InstallShield
2013-02-16 08:51 . 2013-02-16 08:51	--------	d-----w-	c:\program files (x86)\Common Files\ScanSoft Shared
2013-02-16 08:51 . 2013-02-16 08:51	--------	d-----w-	c:\programdata\ScanSoft
2013-02-16 08:51 . 2013-02-16 08:51	--------	d-----w-	c:\program files (x86)\ScanSoft
2013-02-16 08:50 . 2013-02-27 16:31	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2013-02-16 08:49 . 2013-02-16 08:49	--------	d-----w-	c:\programdata\Brother
2013-02-16 08:49 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-02-16 08:49 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-02-16 08:49 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-02-16 08:49 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2013-02-16 08:49 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-02-16 08:49 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-02-16 08:48 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2013-02-16 08:48 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2013-02-16 08:44 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2013-02-16 08:44 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2013-02-16 08:44 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2013-02-15 22:04 . 2013-02-15 22:04	208448	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 18:37 . 2013-02-15 18:37	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2013-02-15 18:27 . 2009-09-04 16:29	1892184	----a-w-	c:\windows\SysWow64\D3DX9_42.dll
2013-02-15 18:27 . 2013-02-15 18:27	--------	d-----w-	c:\program files (x86)\Winamp Detect
2013-02-15 18:27 . 2013-02-15 18:27	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2013-02-15 18:26 . 2013-02-15 18:27	--------	d-----w-	c:\program files (x86)\Winamp
2013-02-15 18:12 . 2013-02-15 18:13	--------	d-----w-	c:\program files (x86)\RocketDock
2013-02-15 18:02 . 2013-02-15 18:02	--------	d-----w-	c:\program files (x86)\VideoLAN
2013-02-15 17:41 . 2013-02-15 17:42	314016	----a-w-	c:\windows\system32\drivers\atksgt.sys
2013-02-15 17:41 . 2013-02-15 17:41	43680	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2013-02-15 17:41 . 2013-02-15 17:41	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2013-02-15 17:41 . 2013-02-15 17:41	--------	d-----w-	c:\windows\SysWow64\AGEIA
2013-02-15 17:41 . 2013-02-15 17:41	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-02-15 17:34 . 2013-02-28 14:36	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2013-02-15 17:01 . 2013-02-27 15:15	--------	d-----w-	c:\windows\SysWow64\Macromed
2013-02-15 17:01 . 2013-02-27 15:15	--------	d-----w-	c:\windows\system32\Macromed
2013-02-15 16:59 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2013-02-15 16:59 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2013-02-15 16:59 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2013-02-15 16:59 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2013-02-15 16:59 . 2013-02-28 14:40	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-02-15 16:59 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2013-02-15 16:59 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2013-02-15 16:59 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2013-02-15 16:59 . 2012-06-02 14:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2013-02-15 16:59 . 2012-06-02 14:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2013-02-15 16:56 . 2013-02-16 10:08	--------	d-----w-	c:\users\RittBorusse
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-16 08:57	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-03 09:27 . 2012-12-03 17:20	37	----a-w-	C:\DevMgr.bat
2013-02-27 15:34 . 2013-02-27 15:34	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-24 10143264]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\
FF - ExtSQL: 2013-02-20 18:47; wrc@avast.com; c:\program files\AVAST\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-01  18:09:20
ComboFix-quarantined-files.txt  2013-03-01 17:09
.
Vor Suchlauf: 6 Verzeichnis(se), 238.493.290.496 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 239.150.616.576 Bytes frei
.
- - End Of File - - 3C1BCAA5095AD38C48C84B6D7619A872
         

Alt 01.03.2013, 17:39   #12
markusg
/// Malware-holic
 
Malware im Quelltext - Standard

Malware im Quelltext



Hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.03.2013, 09:25   #13
RittBorusse
 
Malware im Quelltext - Standard

Malware im Quelltext



Hy, war gestern unterwegs, deswegen erst jetzt die Antwort:

MBAM:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.03.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
RittBorusse :: Z600-WORKSTATIO [Administrator]

03.03.2013 09:44:28
mbam-log-2013-03-03 (09-44-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 319409
Laufzeit: 23 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 03.03.2013, 17:27   #14
markusg
/// Malware-holic
 
Malware im Quelltext - Standard

Malware im Quelltext



Hi
war eh nicht da, wochenende heißt ausruhen.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2013, 07:57   #15
RittBorusse
 
Malware im Quelltext - Standard

Malware im Quelltext



CCleaner:

Code:
ATTFilter
Adobe Acrobat 5.0	Adobe Systems, Inc.	16.02.2013		5.0 benötigt
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	27.02.2013	6,00MB	11.6.602.171 benötigt
Adobe Reader XI (11.0.02) - Deutsch	Adobe Systems Incorporated	27.02.2013	133MB	11.0.02 unnötig
avast! Free Antivirus	AVAST Software	20.02.2013		7.0.1474.0 benötigt
Brother MFL-Pro Suite DCP-115C	Brother Industries, Ltd.	28.02.2013		1.0.1.0 benötigt
CCleaner	Piriform	25.02.2013		3.28 
FileZilla Client 3.6.0.2	FileZilla Project	15.02.2013	17,1MB	3.6.0.2 benötigt
GIMP 2.8.4	The GIMP Team	16.02.2013	244MB	2.8.4 unnötig
Hexonic ScanToPDF Version 1.0	Hexonic Software	16.02.2013	5,16MB	1.0 unnötig
IrfanView (remove only)	Irfan Skiljan	20.02.2013	2,00MB	4.35 benötigt
Java 7 Update 15	Oracle	01.03.2013	129MB	7.0.150 benötigt
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	03.03.2013	18,4MB	1.70.0.1100 
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.02.2013	428KB	8.0.56336 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	20.02.2013	596KB	9.0.30729.4148 unbekannt
Mozilla Firefox 19.0 (x86 de)	Mozilla	28.02.2013	43,7MB	19.0 benötigt
Mozilla Maintenance Service	Mozilla	28.02.2013	330KB	19.0 unbekannt
Mozilla Thunderbird 17.0.3 (x86 de)	Mozilla	20.02.2013	41,9MB	17.0.3 benötigt
NVIDIA 3D Vision Treiber 306.97	NVIDIA Corporation	16.02.2013		306.97 benötigt
NVIDIA Grafiktreiber 306.97	NVIDIA Corporation	16.02.2013		306.97 benötigt
NVIDIA nView 136.53	NVIDIA Corporation	03.12.2012		136.53 benötigt
NVIDIA PhysX	NVIDIA Corporation	15.02.2013	119MB	9.09.0203 benötigt
Nvu 1.0	Thorsten Fritz	26.02.2013		1.0 unnötig
Paint Shop Pro 7	Jasc Software Inc	27.02.2013	147MB	7.0.0.0000 benötigt
PaperPort	ScanSoft, Inc.	16.02.2013	54,3MB	9.02.0823 unnötig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	07.12.2012		6.0.1.6080 benötigt
Risen	Deep Silver	15.02.2013		1.00.0000 unnötig
RocketDock 1.3.5	Punk Software	15.02.2013 benötigt
VLC media player 2.0.5	VideoLAN	15.02.2013		2.0.5 benötigt
Winamp	Nullsoft, Inc	15.02.2013		5.63 benötigt
Winamp Erkennungs-Plug-in	Nullsoft, Inc	15.02.2013	75,0KB	1.0.0.1 unnötig
WinRAR 4.20 (64-Bit)	win.rar GmbH	27.02.2013		4.20.0 benötigt
         

Antwort

Themen zu Malware im Quelltext
anzeige, anzeigen, board, browser, dauerhaft, google, infos, jahre, laufen, malware, melde, neuling, nichts, online, platt, probleme, programme, programmen, quelltext, sache, seite, server, webseite, woche, wohnung



Ähnliche Themen: Malware im Quelltext


  1. Unistall-Vo-package (Malware/Virus?) bei Win7 64 bit /Malware-Adware gelöscht -Danke!
    Lob, Kritik und Wünsche - 06.07.2014 (1)
  2. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  3. Ein paar 'leere' E-Mails bekommen. Betreff: 'schauen Zahlung', seltsamer Quelltext?
    Überwachung, Datenschutz und Spam - 06.12.2013 (8)
  4. malware: antivirus security pro -anty-malware lässt sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 03.10.2013 (15)
  5. Malware trotz OS X Internet Reccovery - VM Malware? Ubuntu in EFI ? Win7 im gleichen Netz infiziert
    Alles rund um Mac OSX & Linux - 26.06.2013 (5)
  6. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  7. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  8. Virus/Malware verhindert Installation/Start jeglicher Anti-Malware/Virusprogramme
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (17)
  9. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  10. Browser zeigt nur Quelltext
    Plagegeister aller Art und deren Bekämpfung - 25.06.2011 (1)
  11. Malware Spyware.passwords.xgen durch Malwarebyte Anti-Malware erkannt.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (50)
  12. Rätselhafter Mailversand - Malware.Packer.Gen, Trojan.Patched und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (25)
  13. Kann Malware nicht löschen! Trojan.Agent und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (19)
  14. Wurde diese Myspace Seite gehackt ? Aus Quelltext erkennbar ?
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (0)
  15. Trojaner schreibt sich bei jedem Booten in den Quelltext meiner Webseiten
    Plagegeister aller Art und deren Bekämpfung - 17.02.2010 (12)
  16. merkwürdiger Quelltext
    Mülltonne - 02.11.2008 (2)
  17. Superwurm mit öffentlichem Quelltext
    Plagegeister aller Art und deren Bekämpfung - 16.05.2004 (2)

Zum Thema Malware im Quelltext - Hallo Jungs und Mädels, ich bin Neuling bei euch im Board, da ich sonst meine Probleme selbst hinbekommen habe. Hoffe, dass die Sache hier im richtigen Sub ist, wenn nicht, - Malware im Quelltext...
Archiv
Du betrachtest: Malware im Quelltext auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.