Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.04.2013, 17:44   #1
Ocrim001
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



Hallo liebes Trojaner-Board Team,
ich habe ein Problem. Vor ca 2 Stunden hat sich eine exe Namens "File Name.exe" gestartet und hat versucht Datein im System32 Ordner zubringen. Spybot hat zum glück reagiert und hat versucht dies zu blocken. Dort stand immer das sich die Datei "server.exe" versucht im Sytem32 Ordner zu verstecken. Dann auf einmal hat sich Spybot, wieso auch immer, beendet. Danach habe ich es schnell gestartet und ein Check gemacht und siehe da, er findet eine bedrohung im System32 Ordner Namens "server.exe" (ist auch im Autostart, argh!), ich habe versucht sie zu löschen aber SpyBot sagt mir immer das ich keine Adminrechte habe um die Datei zulöschen (obwohl ich es als Admin ausführe). Danach habe ich mit Avast Antiviren ein Scan gemacht, nach den Vollständigen Scan hat Avast folgendes gefunden:


Hier noch mal ein Screenshot von Spybot:


Nach einen Neustart sehe ich auch immer kurz diese "Server.exe", die Exe macht was aber nur ganz kurz (Sehe ganz kurz die CMD BOX, was da drinn steht kann ich nicht sagen).Ich kann leider nicht sagen wie es dazu gekommen ist, denn ich lasse ab und zu mein kleinen Bruder am Pc. Was er in der Zeit macht weiß ich nicht, aber er meinte er hätte nichts herruntergeladen... Ich hoffe ihr könnt mir helfen.
Vielen Dank!

OTL & defogger Log folgen in den nächsten Minuten! (Hab jetzt gerade neben bei die Tipps gelesen um einen Beitrag zuerstellen. Da bei den Scanns alle Programme geschlossen sein müssen, wollte ich noch eben den Text hier ab senden um ihn nicht neu zu schreiben.

MfG Mirco

Edit: Spybot konnte die Probleme nach den neuen Scan löschen, die Scans von OTL & Defogger schreibe ich gleich rein.

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:48 on 05/04/2013 (Mirco)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
defogger_enable by jpshortstuff (23.02.10.1)
Log created at 17:48 on 05/04/2013 (Mirco)

Parsing file...


-=E.O.F=-
         
Hier der OTL Scan:
Code:
ATTFilter
OTL logfile created on: 05.04.2013 17:50:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mirco\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,09% Memory free
15,96 Gb Paging File | 13,55 Gb Available in Paging File | 84,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 697,57 Gb Free Space | 74,89% Space Free | Partition Type: NTFS
 
Computer Name: MIRCO-PC | User Name: Mirco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.05 16:46:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirco\Downloads\OTL.exe
PRC - [2013.01.26 12:13:32 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe
PRC - [2013.01.26 08:08:50 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Mirco\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.23 02:43:48 | 000,534,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013.01.22 22:37:26 | 000,389,928 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013.01.22 22:32:22 | 000,444,712 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.24 19:17:10 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Mirco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.10.31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.09.29 18:55:38 | 000,696,320 | ---- | M] (sDesign) -- C:\Users\Mirco\Desktop\Downloads\MySig.exe
PRC - [2012.08.31 16:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2010.11.20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010.03.05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2010.02.03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009.01.26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.07.06 08:14:02 | 005,730,304 | ---- | M] () -- C:\AppServ\MySQL\bin\mysqld-nt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.09.30 05:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.07.31 21:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.03.19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009.03.19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009.01.15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.13 15:32:11 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 17:10:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.26 12:13:32 | 000,462,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe -- (SystemStoreService)
SRV - [2013.01.23 02:43:48 | 000,534,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.01.22 22:37:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013.01.22 22:32:22 | 000,444,712 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013.01.20 08:18:38 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.14 14:42:34 | 005,663,232 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\SelfUpdate.exe -- (SelfUpdateService)
SRV - [2012.10.31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.09.28 10:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Disabled | Stopped] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012.09.26 17:59:56 | 005,686,272 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe -- (FreemiumSelfUpdateService)
SRV - [2012.08.31 16:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.04.26 12:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.07.06 08:14:02 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\AppServ\MySQL\bin\mysqld-nt.exe -- (mysql)
SRV - [2007.01.09 18:17:24 | 000,020,539 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\AppServ\Apache2.2\bin\httpd.exe -- (Apache2.2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 08:07:06 | 000,042,696 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013.01.10 21:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.12 01:40:38 | 000,131,072 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.10.31 00:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.31 00:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.31 00:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.31 00:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.31 00:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.10.31 00:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 22:00:50 | 000,038,016 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2012.10.15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.11 21:01:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011.04.11 21:00:18 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.01 21:41:00 | 001,349,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.05.20 09:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.17 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013.03.28 12:24:30 | 000,081,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\AeriaGames\ScarletBlade\avital\scarlb64.sys -- (slb)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2010.02.04 11:09:00 | 000,014,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys -- (GPCIDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&q={searchTerms}&s_it=winamp-ie&s_qt=sb&tb_uuid=20120929172650354&tb_oid=29-09-2012&tb_mrud=27-11-2012

 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4712_2&babsrc=SP_ss&mntrId=161b819f000000000000c860005642db
IE - HKCU\..\SearchScopes\{6BA7EB7B-56ED-4a81-829E-3F099623F842}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&q={searchTerms}&s_it=winamp-ie&s_qt=sb&tb_uuid=20120929172650354&tb_oid=29-09-2012&tb_mrud=27-11-2012

IE - HKCU\..\SearchScopes\{F23C6694-51AB-4458-BF86-7B9F6D16B8BB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=161b819f000000000000c860005642db"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.2
FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: afurladvisor%40anchorfree.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9
FF - prefs.js..extensions.enabledAddons: %7B0b38152b-1b20-484d-a11f-5e04a9b0661f%7D:5.6.20.9397
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.17 18:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 17:10:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 17:10:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 17:10:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 17:10:36 | 000,000,000 | ---D | M]
 
[2013.02.04 19:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\Extensions
[2013.04.02 19:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\Firefox\Profiles\owhfudzd.default\extensions
[2013.04.02 19:59:57 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Mirco\AppData\Roaming\mozilla\Firefox\Profiles\owhfudzd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2013.02.18 18:47:51 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\extensions\exif_viewer@mozilla.doslash.org.xpi
[2013.01.26 13:06:07 | 000,010,611 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.03.29 20:57:56 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.11 20:00:01 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 19:42:35 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.28 18:56:39 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.04.02 20:00:02 | 000,002,533 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\searchplugins\aol-search.xml
[2012.11.22 18:40:34 | 000,002,536 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\searchplugins\mngr.xml
[2013.03.08 17:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 17:10:36 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012.11.17 18:08:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.03.08 17:10:38 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.22 18:51:47 | 000,006,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Claro Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4712_2&babsrc=SP_ss&mntrId=161b819f000000000000c860005642db
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=161b819f000000000000c860005642db
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - Extension: General Downloader plugin = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcbebbklfkjeocpmoamnopdllfekind\1.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: General Crawler = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcidejejpblipcjpnkfkddlkmgndblch\2.5_0\
CHR - Extension: General Downloader plugin = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcbebbklfkjeocpmoamnopdllfekind\1.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: General Crawler = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcidejejpblipcjpnkfkddlkmgndblch\2.5_0\
 
O1 HOSTS File: ([2013.04.05 16:53:25 | 000,444,833 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15276 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Mirco\AppData\Roaming\GENERA~1\EXTENS~1\GenCrawl.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mirco\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\Mirco\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [LSI] C:\Riot Games\League of Legends\LSI v1.14.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Mirco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SteelSeries Engine] C:\Programme\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe (SteelSeries ApS)
O4 - Startup: C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MySig.lnk = C:\Users\Mirco\Desktop\Downloads\MySig.exe (sDesign)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Mirco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mirco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mirco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mirco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D02531C-471C-440C-817F-AADEA18FAEE9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADB08519-6BF6-4B98-B84A-9E82CECFAD2E}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4b342dfa-80db-11e2-a0d8-c860005642db}\Shell - "" = AutoRun
O33 - MountPoints2\{4b342dfa-80db-11e2-a0d8-c860005642db}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{a75abb17-72aa-11e2-af46-c860005642db}\Shell - "" = AutoRun
O33 - MountPoints2\{a75abb17-72aa-11e2-af46-c860005642db}\Shell\AutoRun\command - "" = E:\Installer.exe
O33 - MountPoints2\{ccc9ccd5-8322-11e2-b1c5-c860005642db}\Shell - "" = AutoRun
O33 - MountPoints2\{ccc9ccd5-8322-11e2-b1c5-c860005642db}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.05 17:10:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.05 15:12:18 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Local\Aspire_Softs
[2013.03.28 12:39:29 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Scarlet Blade
[2013.03.28 12:18:45 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Local\Aeria Games
[2013.03.28 12:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2013.03.28 12:17:55 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2013.03.28 12:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2013.03.28 12:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2013.03.28 12:13:32 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Aeria Games & Entertainment
[2013.03.28 12:01:04 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Local\Akamai
[2013.03.28 12:01:02 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2013.03.15 23:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.15 23:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.15 23:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.13 18:05:48 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Gyazo
[2013.03.13 18:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
[2013.03.13 18:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gyazo
[2013.03.08 17:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.07 21:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.05 17:41:35 | 000,206,937 | ---- | M] () -- C:\Users\Mirco\Desktop\3.jpg
[2013.04.05 17:40:47 | 000,050,477 | ---- | M] () -- C:\Users\Mirco\Desktop\Defogger.exe
[2013.04.05 17:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.05 17:31:40 | 000,544,533 | ---- | M] () -- C:\Users\Mirco\Desktop\Trojaner Board.jpg
[2013.04.05 17:23:39 | 000,014,608 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 17:23:39 | 000,014,608 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 17:22:23 | 001,525,878 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.05 17:22:23 | 000,668,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.05 17:22:23 | 000,619,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.05 17:22:23 | 000,134,150 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.05 17:22:23 | 000,110,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.05 17:17:04 | 000,000,770 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MySig.lnk
[2013.04.05 17:16:12 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.05 17:16:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.05 17:15:59 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.05 16:53:25 | 000,444,833 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.05 16:53:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.05 15:31:16 | 000,003,082 | -H-- | M] () -- C:\Users\Mirco\AppData\Roaming\Mircolog.dat
[2013.03.31 15:50:04 | 000,359,208 | ---- | M] () -- C:\Users\Mirco\Desktop\taric op^^.jpg
[2013.03.28 12:17:56 | 000,001,707 | ---- | M] () -- C:\Users\Mirco\Desktop\Scarlet Blade.lnk
[2013.03.28 12:13:35 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.05 17:41:35 | 000,206,937 | ---- | C] () -- C:\Users\Mirco\Desktop\3.jpg
[2013.04.05 17:40:42 | 000,050,477 | ---- | C] () -- C:\Users\Mirco\Desktop\Defogger.exe
[2013.04.05 17:31:39 | 000,544,533 | ---- | C] () -- C:\Users\Mirco\Desktop\Trojaner Board.jpg
[2013.03.31 15:50:04 | 000,359,208 | ---- | C] () -- C:\Users\Mirco\Desktop\taric op^^.jpg
[2013.03.28 12:17:56 | 000,001,707 | ---- | C] () -- C:\Users\Mirco\Desktop\Scarlet Blade.lnk
[2013.03.28 12:13:35 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2013.02.27 20:46:47 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013.02.27 20:46:47 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2013.02.27 20:46:47 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2013.02.27 20:39:48 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013.01.17 17:31:43 | 000,000,600 | ---- | C] () -- C:\Users\Mirco\AppData\Roaming\winscp.rnd
[2013.01.04 15:37:11 | 000,004,506 | ---- | C] () -- C:\Users\Mirco\AppData\Local\recently-used.xbel
[2012.11.22 19:53:36 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.11.22 19:43:34 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.11.22 19:43:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2012.11.22 19:43:31 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.11.22 19:17:42 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.11.22 19:17:42 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.11.22 18:53:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.10.21 11:07:20 | 000,007,606 | ---- | C] () -- C:\Users\Mirco\AppData\Local\resmon.resmoncfg
[2012.09.28 20:29:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.28 20:09:52 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.09.28 20:09:52 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.09.28 20:09:47 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.09.28 20:09:47 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.09.28 20:06:11 | 000,042,380 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.09.28 20:05:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.09.28 20:05:24 | 000,033,165 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2006.03.26 07:20:33 | 000,003,082 | -H-- | C] () -- C:\Users\Mirco\AppData\Roaming\Mircolog.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:60466E88

< End of report >
         

Geändert von Ocrim001 (05.04.2013 um 17:57 Uhr)

Alt 06.04.2013, 19:51   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 08.04.2013, 19:11   #3
Ocrim001
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



Nein habe keine weiteren Logs mehr. Danke das du dich um mich kümmerst.
__________________

Alt 08.04.2013, 22:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.04.2013, 21:11   #5
Ocrim001
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



Hallo, ich entschuldige mich als erstes das ich so spät antworte und das ich die Dateien als Anhang mitschicke. Kann sie leider nicht als Code senden, da er mir immer sagt das die maximalen Wörter erreicht wären. Außerdem möchte ich mich noch einmal bedanken das du mir hilfst.

MfG Mirco


Alt 13.04.2013, 15:53   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]

Alt 14.04.2013, 17:01   #7
Ocrim001
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



aswMBR

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-14 13:38:20
-----------------------------
13:38:20.367    OS Version: Windows x64 6.1.7601 Service Pack 1
13:38:20.367    Number of processors: 6 586 0x102
13:38:20.369    ComputerName: MIRCO-PC  UserName: Mirco
13:38:22.217    Initialize success
13:38:22.317    AVAST engine defs: 13041301
13:38:46.763    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
13:38:46.764    Disk 0 Vendor: WDC_WD10EALS-00Z8A0 05.01D05 Size: 953869MB BusType: 3
13:38:46.855    Disk 0 MBR read successfully
13:38:46.857    Disk 0 MBR scan
13:38:46.860    Disk 0 Windows 7 default MBR code
13:38:46.862    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:38:46.866    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
13:38:46.890    Disk 0 scanning C:\Windows\system32\drivers
13:38:51.376    Service scanning
13:39:01.438    Modules scanning
13:39:01.444    Disk 0 trace - called modules:
13:39:01.458    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
13:39:01.462    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079d4790]
13:39:01.797    3 CLASSPNP.SYS[fffff8800194e43f] -> nt!IofCallDriver -> [0xfffffa80079e1520]
13:39:01.802    5 ACPI.sys[fffff88000f797a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80079db060]
13:39:03.139    AVAST engine scan C:\Windows
13:39:05.384    AVAST engine scan C:\Windows\system32
13:40:24.387    AVAST engine scan C:\Windows\system32\drivers
13:40:30.678    AVAST engine scan C:\Users\Mirco
13:46:33.882    AVAST engine scan C:\ProgramData
13:47:18.696    Scan finished successfully
13:49:18.338    Disk 0 MBR has been saved successfully to "C:\Users\Mirco\Desktop\MBR.dat"
13:49:18.344    The log file has been saved successfully to "C:\Users\Mirco\Desktop\aswMBR.txt"
         
TDSSKiller
Code:
ATTFilter
16:58:49.0639 6196  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:58:49.0926 6196  ============================================================
16:58:49.0926 6196  Current date / time: 2013/04/14 16:58:49.0925
16:58:49.0926 6196  SystemInfo:
16:58:49.0926 6196  
16:58:49.0926 6196  OS Version: 6.1.7601 ServicePack: 1.0
16:58:49.0926 6196  Product type: Workstation
16:58:49.0926 6196  ComputerName: MIRCO-PC
16:58:49.0927 6196  UserName: Mirco
16:58:49.0927 6196  Windows directory: C:\Windows
16:58:49.0927 6196  System windows directory: C:\Windows
16:58:49.0927 6196  Running under WOW64
16:58:49.0927 6196  Processor architecture: Intel x64
16:58:49.0927 6196  Number of processors: 6
16:58:49.0927 6196  Page size: 0x1000
16:58:49.0927 6196  Boot type: Normal boot
16:58:49.0927 6196  ============================================================
16:58:50.0936 6196  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:58:50.0946 6196  ============================================================
16:58:50.0946 6196  \Device\Harddisk0\DR0:
16:58:50.0946 6196  MBR partitions:
16:58:50.0946 6196  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:58:50.0946 6196  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3DB0
16:58:50.0946 6196  ============================================================
16:58:50.0964 6196  C: <-> \Device\Harddisk0\DR0\Partition2
16:58:50.0964 6196  ============================================================
16:58:50.0964 6196  Initialize success
16:58:50.0964 6196  ============================================================
16:59:09.0282 4728  ============================================================
16:59:09.0282 4728  Scan started
16:59:09.0282 4728  Mode: Manual; SigCheck; TDLFS; 
16:59:09.0282 4728  ============================================================
16:59:10.0130 4728  ================ Scan system memory ========================
16:59:10.0130 4728  System memory - ok
16:59:10.0130 4728  ================ Scan services =============================
16:59:10.0232 4728  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:59:10.0323 4728  1394ohci - ok
16:59:10.0355 4728  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:59:10.0374 4728  ACPI - ok
16:59:10.0410 4728  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:59:10.0445 4728  AcpiPmi - ok
16:59:10.0528 4728  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:59:10.0543 4728  AdobeARMservice - ok
16:59:10.0634 4728  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:59:10.0651 4728  AdobeFlashPlayerUpdateSvc - ok
16:59:10.0679 4728  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:59:10.0702 4728  adp94xx - ok
16:59:10.0719 4728  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:59:10.0737 4728  adpahci - ok
16:59:10.0745 4728  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:59:10.0760 4728  adpu320 - ok
16:59:10.0779 4728  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:59:10.0830 4728  AeLookupSvc - ok
16:59:10.0875 4728  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:59:10.0911 4728  AFD - ok
16:59:10.0939 4728  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:59:10.0952 4728  agp440 - ok
16:59:10.0961 4728  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:59:10.0990 4728  ALG - ok
16:59:11.0006 4728  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:59:11.0018 4728  aliide - ok
16:59:11.0036 4728  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:59:11.0075 4728  AMD External Events Utility - ok
16:59:11.0154 4728  AMD FUEL Service - ok
16:59:11.0166 4728  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:59:11.0179 4728  amdide - ok
16:59:11.0197 4728  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
16:59:11.0220 4728  amdiox64 - ok
16:59:11.0234 4728  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:59:11.0282 4728  AmdK8 - ok
16:59:11.0590 4728  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:59:11.0821 4728  amdkmdag - ok
16:59:11.0856 4728  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:59:11.0896 4728  amdkmdap - ok
16:59:11.0911 4728  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:59:11.0928 4728  AmdPPM - ok
16:59:11.0949 4728  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:59:11.0963 4728  amdsata - ok
16:59:11.0977 4728  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:59:11.0992 4728  amdsbs - ok
16:59:12.0004 4728  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:59:12.0017 4728  amdxata - ok
16:59:12.0037 4728  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:59:12.0049 4728  AODDriver4.2 - ok
16:59:12.0086 4728  [ 70149A8B2A9B171D07C20D5595282550 ] Apache2.2       C:\AppServ\Apache2.2\bin\httpd.exe
16:59:12.0091 4728  Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
16:59:12.0091 4728  Apache2.2 - detected UnsignedFile.Multi.Generic (1)
16:59:12.0115 4728  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:59:12.0172 4728  AppID - ok
16:59:12.0190 4728  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:59:12.0228 4728  AppIDSvc - ok
16:59:12.0248 4728  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:59:12.0294 4728  Appinfo - ok
16:59:12.0356 4728  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:59:12.0369 4728  Apple Mobile Device - ok
16:59:12.0380 4728  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:59:12.0394 4728  arc - ok
16:59:12.0401 4728  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:59:12.0414 4728  arcsas - ok
16:59:12.0440 4728  [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
16:59:12.0452 4728  AsIO - ok
16:59:12.0472 4728  [ 954950D11ADA98AC1B7EE3C770E4622C ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
16:59:12.0489 4728  asmthub3 - ok
16:59:12.0521 4728  [ 01DBB05DB1DB95803E3C9F2B49AFE79C ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
16:59:12.0557 4728  asmtxhci - ok
16:59:12.0578 4728  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
16:59:12.0590 4728  aswFsBlk - ok
16:59:12.0600 4728  [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
16:59:12.0612 4728  aswKbd - ok
16:59:12.0624 4728  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
16:59:12.0636 4728  aswMonFlt - ok
16:59:12.0655 4728  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
16:59:12.0667 4728  aswRdr - ok
16:59:12.0687 4728  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
16:59:12.0718 4728  aswSnx - ok
16:59:12.0753 4728  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
16:59:12.0772 4728  aswSP - ok
16:59:12.0776 4728  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
16:59:12.0790 4728  aswTdi - ok
16:59:12.0806 4728  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:59:12.0859 4728  AsyncMac - ok
16:59:12.0883 4728  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:59:12.0897 4728  atapi - ok
16:59:12.0923 4728  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:59:12.0954 4728  AtiHDAudioService - ok
16:59:12.0979 4728  [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
16:59:12.0993 4728  AtiPcie - ok
16:59:13.0023 4728  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:59:13.0094 4728  AudioEndpointBuilder - ok
16:59:13.0123 4728  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:59:13.0166 4728  AudioSrv - ok
16:59:13.0205 4728  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:59:13.0220 4728  avast! Antivirus - ok
16:59:13.0229 4728  avast! Firewall - ok
16:59:13.0249 4728  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:59:13.0284 4728  AxInstSV - ok
16:59:13.0314 4728  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:59:13.0349 4728  b06bdrv - ok
16:59:13.0370 4728  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:59:13.0391 4728  b57nd60a - ok
16:59:13.0427 4728  [ 328E794278CC30CA7C06E346A18B1ABC ] BCUService      C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
16:59:13.0445 4728  BCUService - ok
16:59:13.0459 4728  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:59:13.0475 4728  BDESVC - ok
16:59:13.0486 4728  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:59:13.0535 4728  Beep - ok
16:59:13.0582 4728  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:59:13.0627 4728  BFE - ok
16:59:13.0649 4728  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:59:13.0720 4728  BITS - ok
16:59:13.0736 4728  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:59:13.0769 4728  blbdrive - ok
16:59:13.0811 4728  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:59:13.0830 4728  Bonjour Service - ok
16:59:13.0844 4728  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:59:13.0859 4728  bowser - ok
16:59:13.0863 4728  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:59:13.0879 4728  BrFiltLo - ok
16:59:13.0883 4728  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:59:13.0900 4728  BrFiltUp - ok
16:59:13.0919 4728  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:59:13.0935 4728  Browser - ok
16:59:13.0942 4728  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:59:13.0981 4728  Brserid - ok
16:59:13.0986 4728  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:59:14.0003 4728  BrSerWdm - ok
16:59:14.0006 4728  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:59:14.0028 4728  BrUsbMdm - ok
16:59:14.0032 4728  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:59:14.0046 4728  BrUsbSer - ok
16:59:14.0050 4728  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:59:14.0080 4728  BTHMODEM - ok
16:59:14.0103 4728  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:59:14.0155 4728  bthserv - ok
16:59:14.0189 4728  [ 02D9FABF4EAB733A804477385B871E6D ] busenum         C:\Windows\system32\DRIVERS\SteelBus64.sys
16:59:14.0218 4728  busenum - ok
16:59:14.0235 4728  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:59:14.0272 4728  cdfs - ok
16:59:14.0296 4728  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:59:14.0329 4728  cdrom - ok
16:59:14.0349 4728  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:59:14.0394 4728  CertPropSvc - ok
16:59:14.0477 4728  [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc    C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
16:59:14.0551 4728  CGVPNCliSrvc - ok
16:59:14.0566 4728  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:59:14.0597 4728  circlass - ok
16:59:14.0614 4728  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:59:14.0633 4728  CLFS - ok
16:59:14.0666 4728  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:59:14.0679 4728  clr_optimization_v2.0.50727_32 - ok
16:59:14.0721 4728  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:59:14.0734 4728  clr_optimization_v2.0.50727_64 - ok
16:59:14.0768 4728  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:59:14.0782 4728  clr_optimization_v4.0.30319_32 - ok
16:59:14.0798 4728  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:59:14.0812 4728  clr_optimization_v4.0.30319_64 - ok
16:59:14.0815 4728  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:59:14.0830 4728  CmBatt - ok
16:59:14.0850 4728  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:59:14.0862 4728  cmdide - ok
16:59:14.0891 4728  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:59:14.0923 4728  CNG - ok
16:59:14.0937 4728  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:59:14.0950 4728  Compbatt - ok
16:59:14.0978 4728  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:59:15.0006 4728  CompositeBus - ok
16:59:15.0009 4728  COMSysApp - ok
16:59:15.0014 4728  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:59:15.0027 4728  crcdisk - ok
16:59:15.0058 4728  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:59:15.0102 4728  CryptSvc - ok
16:59:15.0152 4728  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:59:15.0212 4728  DcomLaunch - ok
16:59:15.0238 4728  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:59:15.0296 4728  defragsvc - ok
16:59:15.0320 4728  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:59:15.0371 4728  DfsC - ok
16:59:15.0396 4728  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:59:15.0414 4728  Dhcp - ok
16:59:15.0421 4728  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:59:15.0457 4728  discache - ok
16:59:15.0463 4728  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:59:15.0477 4728  Disk - ok
16:59:15.0496 4728  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:59:15.0526 4728  Dnscache - ok
16:59:15.0553 4728  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:59:15.0592 4728  dot3svc - ok
16:59:15.0605 4728  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:59:15.0661 4728  DPS - ok
16:59:15.0686 4728  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:59:15.0719 4728  drmkaud - ok
16:59:15.0752 4728  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:59:15.0782 4728  DXGKrnl - ok
16:59:15.0816 4728  EagleX64 - ok
16:59:15.0829 4728  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:59:15.0866 4728  EapHost - ok
16:59:15.0921 4728  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:59:16.0022 4728  ebdrv - ok
16:59:16.0051 4728  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:59:16.0077 4728  EFS - ok
16:59:16.0123 4728  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:59:16.0150 4728  ehRecvr - ok
16:59:16.0165 4728  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:59:16.0194 4728  ehSched - ok
16:59:16.0224 4728  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
16:59:16.0237 4728  ElbyCDIO - ok
16:59:16.0257 4728  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:59:16.0280 4728  elxstor - ok
16:59:16.0299 4728  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:59:16.0325 4728  ErrDev - ok
16:59:16.0355 4728  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:59:16.0410 4728  EventSystem - ok
16:59:16.0437 4728  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:59:16.0475 4728  exfat - ok
16:59:16.0497 4728  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:59:16.0535 4728  fastfat - ok
16:59:16.0556 4728  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:59:16.0594 4728  Fax - ok
16:59:16.0598 4728  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:59:16.0612 4728  fdc - ok
16:59:16.0628 4728  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:59:16.0684 4728  fdPHost - ok
16:59:16.0708 4728  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:59:16.0745 4728  FDResPub - ok
16:59:16.0755 4728  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:59:16.0769 4728  FileInfo - ok
16:59:16.0775 4728  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:59:16.0822 4728  Filetrace - ok
16:59:16.0828 4728  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:59:16.0843 4728  flpydisk - ok
16:59:16.0865 4728  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:59:16.0883 4728  FltMgr - ok
16:59:16.0914 4728  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
16:59:16.0947 4728  FontCache - ok
16:59:16.0974 4728  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:59:16.0986 4728  FontCache3.0.0.0 - ok
16:59:17.0098 4728  [ 701C9023D8B5B18C9E08C27D4D1B5617 ] FreemiumSelfUpdateService C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe
16:59:17.0233 4728  FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - warning
16:59:17.0233 4728  FreemiumSelfUpdateService - detected UnsignedFile.Multi.Generic (1)
16:59:17.0257 4728  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:59:17.0270 4728  FsDepends - ok
16:59:17.0282 4728  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:59:17.0296 4728  Fs_Rec - ok
16:59:17.0322 4728  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:59:17.0343 4728  fvevol - ok
16:59:17.0360 4728  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:59:17.0374 4728  gagp30kx - ok
16:59:17.0400 4728  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:59:17.0413 4728  GEARAspiWDM - ok
16:59:17.0464 4728  [ 5D4DF0BAC74E9AC62AF6BC99440B050B ] GPCIDrv         C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys
16:59:17.0475 4728  GPCIDrv - ok
16:59:17.0505 4728  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:59:17.0564 4728  gpsvc - ok
16:59:17.0593 4728  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:59:17.0605 4728  gupdate - ok
16:59:17.0613 4728  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:59:17.0625 4728  gupdatem - ok
16:59:17.0652 4728  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
16:59:17.0663 4728  hamachi - ok
16:59:17.0678 4728  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:59:17.0704 4728  hcw85cir - ok
16:59:17.0762 4728  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:59:17.0798 4728  HdAudAddService - ok
16:59:17.0835 4728  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:59:17.0865 4728  HDAudBus - ok
16:59:17.0869 4728  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:59:17.0891 4728  HidBatt - ok
16:59:17.0895 4728  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:59:17.0913 4728  HidBth - ok
16:59:17.0942 4728  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:59:17.0977 4728  HidIr - ok
16:59:17.0996 4728  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:59:18.0047 4728  hidserv - ok
16:59:18.0075 4728  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:59:18.0089 4728  HidUsb - ok
16:59:18.0109 4728  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:59:18.0145 4728  hkmsvc - ok
16:59:18.0164 4728  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:59:18.0199 4728  HomeGroupListener - ok
16:59:18.0223 4728  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:59:18.0259 4728  HomeGroupProvider - ok
16:59:18.0285 4728  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:59:18.0299 4728  HpSAMD - ok
16:59:18.0360 4728  [ ABC48D6834C7B88DAB1BA4D6ADC29185 ] hshld           C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
16:59:18.0386 4728  hshld - ok
16:59:18.0425 4728  [ ABA04B0C96A44C6C0D2A167A0019E38D ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
16:59:18.0438 4728  HssDRV6 - ok
16:59:18.0469 4728  [ 80D9D2CB3A13334015636744F52429B2 ] HssSrv          C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
16:59:18.0489 4728  HssSrv - ok
16:59:18.0505 4728  [ D25981765C8BCCA6D8C42583A1684CC1 ] HssTrayService  C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
16:59:18.0517 4728  HssTrayService - ok
16:59:18.0562 4728  [ F91BB6AB0840201811D63B1CCFC9A4E3 ] HssWd           C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
16:59:18.0579 4728  HssWd - ok
16:59:18.0605 4728  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:59:18.0665 4728  HTTP - ok
16:59:18.0687 4728  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:59:18.0699 4728  hwpolicy - ok
16:59:18.0720 4728  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:59:18.0735 4728  i8042prt - ok
16:59:18.0752 4728  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:59:18.0771 4728  iaStorV - ok
16:59:18.0836 4728  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:59:18.0843 4728  IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:59:18.0843 4728  IDriverT - detected UnsignedFile.Multi.Generic (1)
16:59:18.0871 4728  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:59:18.0899 4728  idsvc - ok
16:59:18.0920 4728  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:59:18.0933 4728  iirsp - ok
16:59:18.0956 4728  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:59:19.0019 4728  IKEEXT - ok
16:59:19.0056 4728  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:59:19.0069 4728  intelide - ok
16:59:19.0077 4728  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:59:19.0105 4728  intelppm - ok
16:59:19.0126 4728  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:59:19.0162 4728  IPBusEnum - ok
16:59:19.0180 4728  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:59:19.0227 4728  IpFilterDriver - ok
16:59:19.0256 4728  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:59:19.0297 4728  iphlpsvc - ok
16:59:19.0323 4728  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:59:19.0340 4728  IPMIDRV - ok
16:59:19.0349 4728  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:59:19.0407 4728  IPNAT - ok
16:59:19.0436 4728  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:59:19.0461 4728  iPod Service - ok
16:59:19.0475 4728  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:59:19.0510 4728  IRENUM - ok
16:59:19.0540 4728  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:59:19.0553 4728  isapnp - ok
16:59:19.0571 4728  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:59:19.0587 4728  iScsiPrt - ok
16:59:19.0603 4728  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:59:19.0616 4728  kbdclass - ok
16:59:19.0647 4728  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:59:19.0674 4728  kbdhid - ok
16:59:19.0701 4728  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:59:19.0718 4728  KeyIso - ok
16:59:19.0733 4728  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:59:19.0747 4728  KSecDD - ok
16:59:19.0759 4728  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:59:19.0774 4728  KSecPkg - ok
16:59:19.0781 4728  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:59:19.0833 4728  ksthunk - ok
16:59:19.0860 4728  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:59:19.0915 4728  KtmRm - ok
16:59:19.0954 4728  [ CE4347E2D90DB2E5517B6F2BC720A862 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
16:59:19.0974 4728  LADF_CaptureOnly - ok
16:59:19.0990 4728  [ 85A9D21D3AE2EA963E111CB150895877 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
16:59:20.0008 4728  LADF_RenderOnly - ok
16:59:20.0029 4728  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:59:20.0069 4728  LanmanServer - ok
16:59:20.0086 4728  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:59:20.0125 4728  LanmanWorkstation - ok
16:59:20.0152 4728  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
16:59:20.0164 4728  LGBusEnum - ok
16:59:20.0173 4728  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
16:59:20.0186 4728  LGVirHid - ok
16:59:20.0208 4728  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:59:20.0262 4728  lltdio - ok
16:59:20.0292 4728  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:59:20.0341 4728  lltdsvc - ok
16:59:20.0378 4728  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:59:20.0424 4728  lmhosts - ok
16:59:20.0443 4728  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:59:20.0457 4728  LSI_FC - ok
16:59:20.0462 4728  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:59:20.0477 4728  LSI_SAS - ok
16:59:20.0490 4728  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:59:20.0503 4728  LSI_SAS2 - ok
16:59:20.0516 4728  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:59:20.0531 4728  LSI_SCSI - ok
16:59:20.0541 4728  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:59:20.0591 4728  luafv - ok
16:59:20.0617 4728  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:59:20.0648 4728  Mcx2Svc - ok
16:59:20.0669 4728  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:59:20.0683 4728  megasas - ok
16:59:20.0706 4728  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:59:20.0723 4728  MegaSR - ok
16:59:20.0772 4728  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:59:20.0784 4728  Microsoft Office Groove Audit Service - ok
16:59:20.0791 4728  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:59:20.0846 4728  MMCSS - ok
16:59:20.0862 4728  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:59:20.0896 4728  Modem - ok
16:59:20.0904 4728  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:59:20.0932 4728  monitor - ok
16:59:20.0952 4728  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:59:20.0966 4728  mouclass - ok
16:59:20.0982 4728  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:59:21.0000 4728  mouhid - ok
16:59:21.0029 4728  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:59:21.0044 4728  mountmgr - ok
16:59:21.0089 4728  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:59:21.0103 4728  MozillaMaintenance - ok
16:59:21.0123 4728  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:59:21.0138 4728  mpio - ok
16:59:21.0147 4728  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:59:21.0182 4728  mpsdrv - ok
16:59:21.0202 4728  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:59:21.0267 4728  MpsSvc - ok
16:59:21.0294 4728  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:59:21.0317 4728  MRxDAV - ok
16:59:21.0338 4728  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:59:21.0370 4728  mrxsmb - ok
16:59:21.0394 4728  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:59:21.0425 4728  mrxsmb10 - ok
16:59:21.0445 4728  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:59:21.0478 4728  mrxsmb20 - ok
16:59:21.0498 4728  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:59:21.0511 4728  msahci - ok
16:59:21.0542 4728  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:59:21.0557 4728  msdsm - ok
16:59:21.0588 4728  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:59:21.0639 4728  MSDTC - ok
16:59:21.0668 4728  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:59:21.0703 4728  Msfs - ok
16:59:21.0719 4728  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:59:21.0771 4728  mshidkmdf - ok
16:59:21.0800 4728  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:59:21.0813 4728  msisadrv - ok
16:59:21.0839 4728  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:59:21.0892 4728  MSiSCSI - ok
16:59:21.0895 4728  msiserver - ok
16:59:21.0921 4728  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:59:21.0957 4728  MSKSSRV - ok
16:59:21.0974 4728  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:59:22.0022 4728  MSPCLOCK - ok
16:59:22.0031 4728  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:59:22.0069 4728  MSPQM - ok
16:59:22.0098 4728  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:59:22.0117 4728  MsRPC - ok
16:59:22.0128 4728  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:59:22.0141 4728  mssmbios - ok
16:59:22.0155 4728  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:59:22.0206 4728  MSTEE - ok
16:59:22.0209 4728  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:59:22.0224 4728  MTConfig - ok
16:59:22.0251 4728  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
16:59:22.0263 4728  MTsensor - ok
16:59:22.0273 4728  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:59:22.0286 4728  Mup - ok
16:59:22.0324 4728  mysql - ok
16:59:22.0343 4728  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:59:22.0391 4728  napagent - ok
16:59:22.0422 4728  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:59:22.0459 4728  NativeWifiP - ok
16:59:22.0506 4728  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:59:22.0536 4728  NDIS - ok
16:59:22.0546 4728  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:59:22.0581 4728  NdisCap - ok
16:59:22.0598 4728  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:59:22.0632 4728  NdisTapi - ok
16:59:22.0646 4728  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:59:22.0679 4728  Ndisuio - ok
16:59:22.0697 4728  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:59:22.0735 4728  NdisWan - ok
16:59:22.0756 4728  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:59:22.0804 4728  NDProxy - ok
16:59:22.0825 4728  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:59:22.0861 4728  NetBIOS - ok
16:59:22.0870 4728  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:59:22.0907 4728  NetBT - ok
16:59:22.0917 4728  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:59:22.0933 4728  Netlogon - ok
16:59:22.0961 4728  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:59:23.0022 4728  Netman - ok
16:59:23.0050 4728  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:59:23.0095 4728  netprofm - ok
16:59:23.0120 4728  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:59:23.0134 4728  NetTcpPortSharing - ok
16:59:23.0143 4728  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:59:23.0157 4728  nfrd960 - ok
16:59:23.0179 4728  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:59:23.0199 4728  NlaSvc - ok
16:59:23.0207 4728  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:59:23.0242 4728  Npfs - ok
16:59:23.0255 4728  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:59:23.0308 4728  nsi - ok
16:59:23.0337 4728  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:59:23.0386 4728  nsiproxy - ok
16:59:23.0440 4728  [ B8965FB53551B5455630A4B804D0791F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:59:23.0499 4728  Ntfs - ok
16:59:23.0514 4728  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:59:23.0551 4728  Null - ok
16:59:23.0565 4728  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:59:23.0579 4728  nvraid - ok
16:59:23.0592 4728  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:59:23.0607 4728  nvstor - ok
16:59:23.0635 4728  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:59:23.0649 4728  nv_agp - ok
16:59:23.0703 4728  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:59:23.0722 4728  odserv - ok
16:59:23.0739 4728  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:59:23.0755 4728  ohci1394 - ok
16:59:23.0790 4728  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:59:23.0806 4728  ose - ok
16:59:23.0842 4728  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:59:23.0864 4728  p2pimsvc - ok
16:59:23.0878 4728  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:59:23.0900 4728  p2psvc - ok
16:59:23.0960 4728  [ 1011C779C9FCD01AFA96490C86A50421 ] PanService      C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
16:59:23.0983 4728  PanService - ok
16:59:24.0005 4728  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:59:24.0021 4728  Parport - ok
16:59:24.0037 4728  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:59:24.0051 4728  partmgr - ok
16:59:24.0062 4728  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:59:24.0094 4728  PcaSvc - ok
16:59:24.0121 4728  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:59:24.0136 4728  pci - ok
16:59:24.0150 4728  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:59:24.0163 4728  pciide - ok
16:59:24.0177 4728  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:59:24.0193 4728  pcmcia - ok
16:59:24.0206 4728  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:59:24.0219 4728  pcw - ok
16:59:24.0243 4728  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:59:24.0302 4728  PEAUTH - ok
16:59:24.0368 4728  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:59:24.0401 4728  PerfHost - ok
16:59:24.0452 4728  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:59:24.0515 4728  pla - ok
16:59:24.0542 4728  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:59:24.0563 4728  PlugPlay - ok
16:59:24.0577 4728  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:59:24.0608 4728  PNRPAutoReg - ok
16:59:24.0633 4728  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:59:24.0651 4728  PNRPsvc - ok
16:59:24.0669 4728  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:59:24.0727 4728  PolicyAgent - ok
16:59:24.0758 4728  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:59:24.0815 4728  Power - ok
16:59:24.0844 4728  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:59:24.0879 4728  PptpMiniport - ok
16:59:24.0883 4728  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:59:24.0914 4728  Processor - ok
16:59:24.0953 4728  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:59:24.0981 4728  ProfSvc - ok
16:59:25.0000 4728  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:59:25.0015 4728  ProtectedStorage - ok
16:59:25.0027 4728  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:59:25.0078 4728  Psched - ok
16:59:25.0112 4728  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:59:25.0159 4728  ql2300 - ok
16:59:25.0174 4728  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:59:25.0189 4728  ql40xx - ok
16:59:25.0206 4728  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:59:25.0229 4728  QWAVE - ok
16:59:25.0240 4728  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:59:25.0258 4728  QWAVEdrv - ok
16:59:25.0270 4728  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:59:25.0305 4728  RasAcd - ok
16:59:25.0327 4728  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:59:25.0379 4728  RasAgileVpn - ok
16:59:25.0401 4728  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:59:25.0450 4728  RasAuto - ok
16:59:25.0477 4728  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:59:25.0527 4728  Rasl2tp - ok
16:59:25.0550 4728  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:59:25.0599 4728  RasMan - ok
16:59:25.0630 4728  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:59:25.0664 4728  RasPppoe - ok
16:59:25.0671 4728  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:59:25.0707 4728  RasSstp - ok
16:59:25.0722 4728  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:59:25.0775 4728  rdbss - ok
16:59:25.0779 4728  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:59:25.0797 4728  rdpbus - ok
16:59:25.0816 4728  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:59:25.0852 4728  RDPCDD - ok
16:59:25.0861 4728  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:59:25.0908 4728  RDPENCDD - ok
16:59:25.0913 4728  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:59:25.0948 4728  RDPREFMP - ok
16:59:25.0975 4728  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:59:25.0991 4728  RDPWD - ok
16:59:26.0012 4728  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:59:26.0028 4728  rdyboost - ok
16:59:26.0050 4728  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:59:26.0100 4728  RemoteAccess - ok
16:59:26.0132 4728  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:59:26.0171 4728  RemoteRegistry - ok
16:59:26.0198 4728  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:59:26.0254 4728  RpcEptMapper - ok
16:59:26.0276 4728  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:59:26.0292 4728  RpcLocator - ok
16:59:26.0309 4728  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:59:26.0352 4728  RpcSs - ok
16:59:26.0366 4728  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:59:26.0414 4728  rspndr - ok
16:59:26.0448 4728  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:59:26.0469 4728  RTL8167 - ok
16:59:26.0505 4728  [ 92EEA5F44DBFD36D794660A4E1F8DAC5 ] SAlphamHid      C:\Windows\system32\DRIVERS\SAlpham64.sys
16:59:26.0536 4728  SAlphamHid - ok
16:59:26.0558 4728  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:59:26.0573 4728  SamSs - ok
16:59:26.0593 4728  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:59:26.0606 4728  sbp2port - ok
16:59:26.0674 4728  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:59:26.0706 4728  SBSDWSCService - ok
16:59:26.0734 4728  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:59:26.0792 4728  SCardSvr - ok
16:59:26.0815 4728  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:59:26.0849 4728  scfilter - ok
16:59:26.0875 4728  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:59:26.0939 4728  Schedule - ok
16:59:26.0964 4728  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:59:27.0002 4728  SCPolicySvc - ok
16:59:27.0023 4728  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:59:27.0052 4728  SDRSVC - ok
16:59:27.0082 4728  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:59:27.0118 4728  secdrv - ok
16:59:27.0136 4728  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:59:27.0173 4728  seclogon - ok
16:59:27.0285 4728  [ 69500F5EAFDE80040F8465CD6E72037E ] SelfUpdateService C:\Program Files (x86)\Freetec\SystemStore\SelfUpdate.exe
16:59:27.0415 4728  SelfUpdateService ( UnsignedFile.Multi.Generic ) - warning
16:59:27.0415 4728  SelfUpdateService - detected UnsignedFile.Multi.Generic (1)
16:59:27.0442 4728  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:59:27.0500 4728  SENS - ok
16:59:27.0515 4728  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:59:27.0530 4728  SensrSvc - ok
16:59:27.0544 4728  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:59:27.0561 4728  Serenum - ok
16:59:27.0576 4728  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:59:27.0611 4728  Serial - ok
16:59:27.0640 4728  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:59:27.0671 4728  sermouse - ok
16:59:27.0704 4728  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:59:27.0756 4728  SessionEnv - ok
16:59:27.0778 4728  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:59:27.0811 4728  sffdisk - ok
16:59:27.0825 4728  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:59:27.0854 4728  sffp_mmc - ok
16:59:27.0868 4728  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:59:27.0900 4728  sffp_sd - ok
16:59:27.0931 4728  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:59:27.0946 4728  sfloppy - ok
16:59:27.0962 4728  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:59:28.0013 4728  SharedAccess - ok
16:59:28.0039 4728  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:59:28.0085 4728  ShellHWDetection - ok
16:59:28.0095 4728  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:59:28.0108 4728  SiSRaid2 - ok
16:59:28.0123 4728  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:59:28.0136 4728  SiSRaid4 - ok
16:59:28.0170 4728  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:59:28.0185 4728  SkypeUpdate - ok
16:59:28.0269 4728  [ 5B43F0286A5106552004309DEB38BF93 ] slb             C:\AeriaGames\ScarletBlade\avital\scarlb64.sys
16:59:28.0282 4728  slb ( UnsignedFile.Multi.Generic ) - warning
16:59:28.0282 4728  slb - detected UnsignedFile.Multi.Generic (1)
16:59:28.0294 4728  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:59:28.0346 4728  Smb - ok
16:59:28.0372 4728  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:59:28.0390 4728  SNMPTRAP - ok
16:59:28.0396 4728  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:59:28.0409 4728  spldr - ok
16:59:28.0481 4728  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:59:28.0506 4728  Spooler - ok
16:59:28.0573 4728  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:59:28.0680 4728  sppsvc - ok
16:59:28.0690 4728  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:59:28.0730 4728  sppuinotify - ok
16:59:28.0753 4728  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:59:28.0774 4728  srv - ok
16:59:28.0793 4728  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:59:28.0825 4728  srv2 - ok
16:59:28.0844 4728  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:59:28.0872 4728  srvnet - ok
16:59:28.0897 4728  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:59:28.0953 4728  SSDPSRV - ok
16:59:28.0968 4728  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:59:29.0007 4728  SstpSvc - ok
16:59:29.0025 4728  Steam Client Service - ok
16:59:29.0034 4728  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:59:29.0047 4728  stexstor - ok
16:59:29.0075 4728  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:59:29.0122 4728  stisvc - ok
16:59:29.0151 4728  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:59:29.0166 4728  swenum - ok
16:59:29.0184 4728  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:59:29.0230 4728  swprv - ok
16:59:29.0268 4728  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:59:29.0335 4728  SysMain - ok
16:59:29.0378 4728  [ ACAA605B51AD413DE7595194AD0F486F ] SystemStoreService C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe
16:59:29.0388 4728  SystemStoreService ( UnsignedFile.Multi.Generic ) - warning
16:59:29.0388 4728  SystemStoreService - detected UnsignedFile.Multi.Generic (1)
16:59:29.0402 4728  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:59:29.0424 4728  TabletInputService - ok
16:59:29.0447 4728  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
16:59:29.0475 4728  tap0901 - ok
16:59:29.0512 4728  [ A3F7EAB3947ADA804D60168119306D43 ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
16:59:29.0525 4728  taphss6 - ok
16:59:29.0545 4728  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:59:29.0598 4728  TapiSrv - ok
16:59:29.0617 4728  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:59:29.0657 4728  TBS - ok
16:59:29.0702 4728  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:59:29.0765 4728  Tcpip - ok
16:59:29.0794 4728  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:59:29.0834 4728  TCPIP6 - ok
16:59:29.0859 4728  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:59:29.0885 4728  tcpipreg - ok
16:59:29.0900 4728  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:59:29.0931 4728  TDPIPE - ok
16:59:29.0972 4728  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:59:29.0986 4728  TDTCP - ok
16:59:30.0008 4728  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:59:30.0044 4728  tdx - ok
16:59:30.0151 4728  [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
16:59:30.0247 4728  TeamViewer8 - ok
16:59:30.0264 4728  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:59:30.0278 4728  TermDD - ok
16:59:30.0307 4728  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:59:30.0368 4728  TermService - ok
16:59:30.0391 4728  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:59:30.0426 4728  Themes - ok
16:59:30.0459 4728  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:59:30.0497 4728  THREADORDER - ok
16:59:30.0505 4728  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:59:30.0555 4728  TrkWks - ok
16:59:30.0597 4728  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:59:30.0648 4728  TrustedInstaller - ok
16:59:30.0745 4728  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:59:30.0782 4728  tssecsrv - ok
16:59:30.0816 4728  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:59:30.0917 4728  TsUsbFlt - ok
16:59:30.0963 4728  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:59:31.0024 4728  tunnel - ok
16:59:31.0040 4728  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:59:31.0053 4728  uagp35 - ok
16:59:31.0068 4728  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:59:31.0108 4728  udfs - ok
16:59:31.0125 4728  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:59:31.0155 4728  UI0Detect - ok
16:59:31.0177 4728  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:59:31.0191 4728  uliagpkx - ok
16:59:31.0221 4728  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
16:59:31.0254 4728  umbus - ok
16:59:31.0261 4728  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:59:31.0277 4728  UmPass - ok
16:59:31.0298 4728  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:59:31.0343 4728  upnphost - ok
16:59:31.0366 4728  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:59:31.0396 4728  USBAAPL64 - ok
16:59:31.0426 4728  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:59:31.0444 4728  usbaudio - ok
16:59:31.0458 4728  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:59:31.0489 4728  usbccgp - ok
16:59:31.0514 4728  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:59:31.0531 4728  usbcir - ok
16:59:31.0558 4728  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:59:31.0591 4728  usbehci - ok
16:59:31.0612 4728  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:59:31.0644 4728  usbhub - ok
16:59:31.0661 4728  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:59:31.0687 4728  usbohci - ok
16:59:31.0713 4728  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:59:31.0746 4728  usbprint - ok
16:59:31.0815 4728  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:59:31.0835 4728  usbscan - ok
16:59:31.0885 4728  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:59:31.0911 4728  USBSTOR - ok
16:59:31.0932 4728  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:59:31.0957 4728  usbuhci - ok
16:59:31.0973 4728  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:59:32.0012 4728  UxSms - ok
16:59:32.0026 4728  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:59:32.0041 4728  VaultSvc - ok
16:59:32.0075 4728  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
16:59:32.0089 4728  VClone - ok
16:59:32.0097 4728  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:59:32.0111 4728  vdrvroot - ok
16:59:32.0132 4728  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:59:32.0177 4728  vds - ok
16:59:32.0184 4728  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:59:32.0201 4728  vga - ok
16:59:32.0213 4728  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:59:32.0249 4728  VgaSave - ok
16:59:32.0272 4728  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:59:32.0288 4728  vhdmp - ok
16:59:32.0330 4728  [ D4944DBF92E07F1F641CB512065966E6 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
16:59:32.0383 4728  VIAHdAudAddService - ok
16:59:32.0415 4728  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:59:32.0429 4728  viaide - ok
16:59:32.0447 4728  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:59:32.0462 4728  volmgr - ok
16:59:32.0479 4728  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:59:32.0499 4728  volmgrx - ok
16:59:32.0512 4728  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:59:32.0531 4728  volsnap - ok
16:59:32.0545 4728  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:59:32.0562 4728  vsmraid - ok
16:59:32.0607 4728  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:59:32.0692 4728  VSS - ok
16:59:32.0713 4728  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:59:32.0730 4728  vwifibus - ok
16:59:32.0760 4728  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:59:32.0805 4728  W32Time - ok
16:59:32.0822 4728  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:59:32.0856 4728  WacomPen - ok
16:59:32.0885 4728  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:59:32.0923 4728  WANARP - ok
16:59:32.0928 4728  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:59:32.0964 4728  Wanarpv6 - ok
16:59:32.0996 4728  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:59:33.0041 4728  wbengine - ok
16:59:33.0055 4728  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:59:33.0080 4728  WbioSrvc - ok
16:59:33.0098 4728  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:59:33.0125 4728  wcncsvc - ok
16:59:33.0142 4728  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:59:33.0159 4728  WcsPlugInService - ok
16:59:33.0169 4728  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:59:33.0182 4728  Wd - ok
16:59:33.0214 4728  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:59:33.0243 4728  Wdf01000 - ok
16:59:33.0253 4728  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:59:33.0277 4728  WdiServiceHost - ok
16:59:33.0281 4728  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:59:33.0305 4728  WdiSystemHost - ok
16:59:33.0333 4728  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:59:33.0361 4728  WebClient - ok
16:59:33.0374 4728  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:59:33.0434 4728  Wecsvc - ok
16:59:33.0451 4728  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:59:33.0503 4728  wercplsupport - ok
16:59:33.0522 4728  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:59:33.0562 4728  WerSvc - ok
16:59:33.0576 4728  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:59:33.0613 4728  WfpLwf - ok
16:59:33.0622 4728  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:59:33.0636 4728  WIMMount - ok
16:59:33.0651 4728  WinDefend - ok
16:59:33.0668 4728  WinHttpAutoProxySvc - ok
16:59:33.0716 4728  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:59:33.0789 4728  Winmgmt - ok
16:59:33.0839 4728  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:59:33.0932 4728  WinRM - ok
16:59:33.0982 4728  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:59:34.0000 4728  WinUsb - ok
16:59:34.0028 4728  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:59:34.0062 4728  Wlansvc - ok
16:59:34.0078 4728  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:59:34.0112 4728  WmiAcpi - ok
16:59:34.0146 4728  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:59:34.0178 4728  wmiApSrv - ok
16:59:34.0197 4728  WMPNetworkSvc - ok
16:59:34.0221 4728  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:59:34.0238 4728  WPCSvc - ok
16:59:34.0255 4728  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:59:34.0275 4728  WPDBusEnum - ok
16:59:34.0283 4728  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:59:34.0339 4728  ws2ifsl - ok
16:59:34.0363 4728  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:59:34.0387 4728  wscsvc - ok
16:59:34.0392 4728  WSearch - ok
16:59:34.0448 4728  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:59:34.0524 4728  wuauserv - ok
16:59:34.0549 4728  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:59:34.0564 4728  WudfPf - ok
16:59:34.0589 4728  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:59:34.0623 4728  WUDFRd - ok
16:59:34.0638 4728  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:59:34.0669 4728  wudfsvc - ok
16:59:34.0695 4728  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:59:34.0732 4728  WwanSvc - ok
16:59:34.0798 4728  X6va011 - ok
16:59:34.0812 4728  X6va012 - ok
16:59:34.0841 4728  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
16:59:34.0869 4728  xusb21 - ok
16:59:34.0895 4728  ================ Scan global ===============================
16:59:34.0905 4728  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:59:34.0938 4728  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:59:34.0947 4728  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:59:34.0963 4728  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:59:34.0983 4728  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:59:34.0989 4728  [Global] - ok
16:59:34.0989 4728  ================ Scan MBR ==================================
16:59:35.0002 4728  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:59:35.0210 4728  \Device\Harddisk0\DR0 - ok
16:59:35.0211 4728  ================ Scan VBR ==================================
16:59:35.0213 4728  [ 54BA4C37D203C2B279E01A9F91269268 ] \Device\Harddisk0\DR0\Partition1
16:59:35.0214 4728  \Device\Harddisk0\DR0\Partition1 - ok
16:59:35.0236 4728  [ 074FF4AA793892C4DBBF2FC9F3B478B8 ] \Device\Harddisk0\DR0\Partition2
16:59:35.0237 4728  \Device\Harddisk0\DR0\Partition2 - ok
16:59:35.0238 4728  ============================================================
16:59:35.0238 4728  Scan finished
16:59:35.0238 4728  ============================================================
16:59:35.0248 3076  Detected object count: 6
16:59:35.0248 3076  Actual detected object count: 6
17:00:18.0692 3076  Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:18.0692 3076  Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:00:18.0693 3076  FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:18.0693 3076  FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:00:18.0694 3076  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:18.0695 3076  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:00:18.0696 3076  SelfUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:18.0696 3076  SelfUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:00:18.0697 3076  slb ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:18.0697 3076  slb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:00:18.0698 3076  SystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:18.0698 3076  SystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 15.04.2013, 12:48   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2013, 14:16   #9
Ocrim001
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



Code:
ATTFilter
ComboFix 13-04-15.01 - Mirco 15.04.2013  13:57:20.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8174.6124 [GMT 2:00]
ausgeführt von:: c:\users\Mirco\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20130123.txt
C:\install.exe
c:\users\Mirco\AppData\Local\Temp\34d80461-26c7-4268-b914-6f5055c6a1d2\CliSecureRT64.dll
c:\users\Mirco\AppData\Roaming\Mircolog.dat
c:\windows\SysWow64\install
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-15 bis 2013-04-15  ))))))))))))))))))))))))))))))
.
.
2013-04-15 12:03 . 2013-04-15 12:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-13 12:52 . 2013-04-13 12:52	--------	d-----w-	c:\users\Mirco\AppData\Roaming\OBS
2013-04-13 12:52 . 2013-04-13 12:52	--------	d-----w-	c:\program files (x86)\OBS
2013-04-13 12:42 . 2013-04-13 12:42	--------	d-----w-	c:\users\Mirco\AppData\Local\SplitMediaLabs
2013-04-13 12:42 . 2013-04-13 12:42	--------	d-----w-	c:\programdata\SplitMediaLabs
2013-04-13 12:42 . 2013-04-13 12:42	--------	d-----w-	c:\program files (x86)\SplitMediaLabs
2013-04-13 12:41 . 2013-04-13 12:41	--------	d-----w-	c:\users\Mirco\AppData\Roaming\SplitMediaLabs
2013-04-12 18:48 . 2013-04-12 18:48	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-12 18:35 . 2013-04-12 18:35	--------	d-----w-	c:\program files (x86)\Aeria Games
2013-04-12 18:35 . 2013-04-12 18:35	--------	d-sh--w-	c:\windows\SysWow64\AI_RecycleBin
2013-04-12 06:36 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6319EBDD-C769-40B7-ADDB-8237B3C503D1}\mpengine.dll
2013-04-10 19:02 . 2013-02-21 12:59	775216	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2013-04-10 16:08 . 2013-02-15 06:06	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 15:00 . 2013-04-13 18:00	--------	d-----w-	c:\users\Mirco\AppData\Roaming\.minecraft
2013-04-10 14:58 . 2013-04-10 15:00	--------	d-----w-	c:\users\Mirco\AppData\Roaming\ftblauncher
2013-04-08 14:30 . 2013-04-08 14:30	--------	d-----w-	c:\program files (x86)\LOLReplay
2013-04-08 13:08 . 2013-04-08 13:08	--------	d-----w-	c:\users\Mirco\AppData\Roaming\BitTorrent
2013-04-05 15:10 . 2013-04-05 15:10	--------	d-----w-	C:\_OTL
2013-04-05 13:12 . 2013-04-05 13:12	--------	d-----w-	c:\users\Mirco\AppData\Local\Aspire_Softs
2013-03-28 10:39 . 2013-03-28 10:39	--------	d-----w-	c:\users\Mirco\AppData\Roaming\Scarlet Blade
2013-03-28 10:18 . 2013-03-28 10:18	--------	d-----w-	c:\users\Mirco\AppData\Local\Aeria Games
2013-03-28 10:18 . 2013-03-28 10:18	--------	d-----w-	c:\programdata\Aeria Games
2013-03-28 10:13 . 2013-03-28 10:13	--------	d-----w-	c:\users\Mirco\AppData\Roaming\Aeria Games & Entertainment
2013-03-28 10:01 . 2013-03-28 10:01	--------	d-----w-	c:\users\Mirco\AppData\Local\Akamai
2013-03-28 10:01 . 2013-03-28 10:13	--------	d-----w-	C:\AeriaGames
2013-03-21 09:40 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-15 12:03 . 2013-04-15 12:03	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6319EBDD-C769-40B7-ADDB-8237B3C503D1}\offreg.dll
2013-04-10 19:04 . 2012-11-17 15:01	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-13 13:32 . 2012-09-28 18:37	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 13:32 . 2012-09-28 18:37	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-11 23:10 . 2012-09-28 19:11	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-03-07 19:26 . 2013-03-07 19:26	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 19:26 . 2012-10-23 05:52	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-07 19:26 . 2012-10-23 05:52	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-03 18:01 . 2013-02-27 18:46	21840	----atw-	c:\windows\SysWow64\SIntfNT.dll
2013-03-03 18:01 . 2013-02-27 18:46	17212	----atw-	c:\windows\SysWow64\SIntf32.dll
2013-03-03 18:01 . 2013-02-27 18:46	12067	----atw-	c:\windows\SysWow64\SIntf16.dll
2013-02-12 05:45 . 2013-03-15 14:24	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-15 14:24	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-15 14:24	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-15 14:24	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-15 14:24	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-15 14:24	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-20 06:07 . 2013-01-20 06:07	42696	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2012-11-07 2080376]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2013-01-11 20:50	233288	----a-w-	c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"LSI"="c:\riot games\League of Legends\LSI v1.14.exe" [2012-12-09 2466304]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-11-28 237056]
"F.lux"="c:\users\Mirco\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Spotify Web Helper"="c:\users\Mirco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-24 1199576]
"Akamai NetSession Interface"="c:\users\Mirco\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-17 2489456]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-04-08 1917464]
.
c:\users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MySig.lnk - c:\users\Mirco\Desktop\Downloads\MySig.exe [2012-9-29 696320]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE OC_GURU.lnk - c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe [2012-7-23 17432576]
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2013-2-14 523264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [2007-01-09 20539]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [2010-02-04 14376]
R3 slb;slb;c:\aeriagames\ScarletBlade\avital\scarlb64.sys [2013-03-28 81880]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R4 FreemiumSelfUpdateService;Freemium Self Update Service;c:\program files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe [2012-09-26 5686272]
R4 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
R4 SelfUpdateService;Self Update Service;c:\program files (x86)\Freetec\SystemStore\SelfUpdate.exe  -displayname Self Update Service -servicename SelfUpdateService [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-01-20 42696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-01-23 534824]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2013-01-22 389928]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SystemStoreService;System Store Service;c:\program files (x86)\Freetec\SystemStore\SystemStore.exe  -displayname System Store Service -servicename:SystemStoreService [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-11-11 131072]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-10-15 38016]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-10 42184]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-01 1349232]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 16:53	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-28 13:32]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-28 18:38]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-28 18:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Mirco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Mirco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Mirco\AppData\Roaming\Mozilla\Firefox\Profiles\owhfudzd.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=161b819f000000000000c860005642db
FF - ExtSQL: 2013-02-18 17:47; exif_viewer@mozilla.doslash.org; c:\users\Mirco\AppData\Roaming\Mozilla\Firefox\Profiles\owhfudzd.default\extensions\exif_viewer@mozilla.doslash.org.xpi
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=161b819f000000000000c860005642db&q=
FF - user.js: extensions.BabylonToolbar.id - 161b819f000000000000c860005642db
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15666
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.817:40
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - 161b819f000000000000c860005642db
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15666
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1017:52
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - irhnew
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{T3804S8H-5BB7-0242-6FXD-G1J02HKB3UL3} - c:\windows\system32\install\server.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SystemStoreService]
"ImagePath"="\"c:\program files (x86)\Freetec\SystemStore\SystemStore.exe\"  -displayname \"System Store Service\" -servicename:SystemStoreService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-15  14:06:27
ComboFix-quarantined-files.txt  2013-04-15 12:06
.
Vor Suchlauf: 20 Verzeichnis(se), 739.008.278.528 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 738.607.710.208 Bytes frei
.
- - End Of File - - 7D193D93B2724939DAC0BE3DFD7A530C
         
Hast du bist jetzt eigentlich schon was böse Artiges gefunden? Sieht alles sehr Intressant aus.

MfG Mirco

Alt 15.04.2013, 14:26   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2013, 15:04   #11
Ocrim001
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



Muss dir die Logs leider wieder als anhang schicken.

Alt 15.04.2013, 21:07   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.04.2013, 17:51   #13
Ocrim001
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.16.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Mirco :: MIRCO-PC [Administrator]

Schutz: Aktiviert

16.04.2013 15:37:17
mbam-log-2013-04-16 (15-37-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221536
Laufzeit: 2 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=57bc23dd63a30543b37b112e3214eb58
# engine=13629
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-16 03:47:09
# local_time=2013-04-16 05:47:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 94 11166411 142837101 0 0
# compatibility_mode=5893 16776573 100 94 8016 117757079 0 0
# scanned=254575
# found=2
# cleaned=0
# scan_time=7346
sh=BAB601761C2E5D3C67D365AAD26145EBFB21FDDD ft=1 fh=e7cd7b108abb91bb vn="probably a variant of Win32/Agent.MRPCYKS trojan" ac=I fn="C:\Users\Mirco\Desktop\Programme\Tools by Unpublished.exe"
sh=BAB601761C2E5D3C67D365AAD26145EBFB21FDDD ft=1 fh=e7cd7b108abb91bb vn="probably a variant of Win32/Agent.MRPCYKS trojan" ac=I fn="C:\Users\Mirco\Desktop\Programme\Textdokumente & Bilder\Tools by Unpublished.exe"
         

Alt 17.04.2013, 10:25   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



Zitat:
"C:\Users\Mirco\Desktop\Programme\Tools by Unpublished.exe"
"C:\Users\Mirco\Desktop\Programme\Textdokumente & Bilder\Tools by Unpublished.exe"
Was für Programme sind das denn? Quelle?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.04.2013, 13:42   #15
Ocrim001
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]



Zitat:
Zitat von cosinus Beitrag anzeigen
Was für Programme sind das denn? Quelle?
Ist ein Bot für ein Online Game. Ich denke es wird falsch angezeigt. Kann es aber natürlich löschen, da ich es eh nicht benutze & das spiel auch nicht mehr spiele.

Quelle: hxxp://www.elitepvpers.com/forum/metin2-hacks-bots-cheats-exploits-macros/1503114-release-tools-unpublished.html

Geändert von Ocrim001 (17.04.2013 um 13:50 Uhr)

Antwort

Themen zu W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]
autostart, avast, bruder, check, cmd, cyberghost, datei, exe, file, folge, hotspot, launch, league of legends, log, löschen, neustart, ordner, programme, safer networking, scan, screenshot, senden, server.exe, spotify web helper, spybot, system, system32, tipps, trojaner-board, virus, virus?, windows



Ähnliche Themen: W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]


  1. Kasperski meldet c:\windows\system32\fsvk.exe.exe, Wartungscenter Befall Win32/Small.CA Virus
    Log-Analyse und Auswertung - 04.11.2013 (7)
  2. C:\Windows\System32\lsass.exe (file missing)
    Log-Analyse und Auswertung - 29.10.2012 (3)
  3. Win32:Malware-gen und Win32:Downloader-PKU.C:\Windows\System32\services.exe.Weitere Meldungen
    Log-Analyse und Auswertung - 12.09.2012 (10)
  4. Win32: Sirefef-AHF [Trj] und Win32: Malware-gen in C:\Windows\System32\services.exe Windows 7 64bit
    Log-Analyse und Auswertung - 31.08.2012 (16)
  5. failed to safe all the components for the file \\system32\985479 (rootkit virus)
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (11)
  6. Windows 7 Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (5)
  7. Failed to save all the compenents for the file system32-Virus hat mich erwischt!
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (12)
  8. C:\dir\install\install\Windows Update.exe
    Log-Analyse und Auswertung - 23.11.2011 (36)
  9. Windows xp freeze direkt nach install von anti virus
    Alles rund um Windows - 08.09.2011 (4)
  10. Trojaner C:\windows\system32\install\server.exe
    Plagegeister aller Art und deren Bekämpfung - 28.05.2011 (1)
  11. Virus WIN32.Rbot.fm + Trojaner in C:Windows/System32.....dll
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (7)
  12. Virus WIN32.Rbot.fm + Trojaner in C:Windows/System32.....dll
    Mülltonne - 04.04.2011 (1)
  13. virus? C:\WINXP\system32\install\drive.exe
    Log-Analyse und Auswertung - 21.02.2011 (32)
  14. O10 - Unknown file in Winsock LSP: c:\windows\system32\xdogcat.dll VIRUS?
    Log-Analyse und Auswertung - 25.07.2010 (1)
  15. O10 - Unknown file in Winsock LSP: c:\windows\system32\policylsp.dll
    Log-Analyse und Auswertung - 24.11.2009 (4)
  16. ist es möglich über ein 2.install.windows die daten der 1. windows install.zu retten?
    Alles rund um Windows - 11.11.2007 (5)
  17. Hilfe c:\windows\system32\directx.exe (file missing)
    Plagegeister aller Art und deren Bekämpfung - 26.04.2007 (13)

Zum Thema W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Hallo liebes Trojaner-Board Team, ich habe ein Problem. Vor ca 2 Stunden hat sich eine exe Namens "File Name.exe" gestartet und hat versucht Datein im System32 Ordner zubringen. Spybot hat - W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]...
Archiv
Du betrachtest: W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.