Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner MitB PC1

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.05.2013, 19:21   #1
daalbock
 
Trojaner MitB PC1 - Standard

Trojaner MitB PC1



OTL logfile created on: 02.05.2013 19:05:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,93 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 42,87% Memory free
7,86 Gb Paging File | 5,08 Gb Available in Paging File | 64,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,87 Gb Total Space | 374,69 Gb Free Space | 81,65% Space Free | Partition Type: NTFS
Drive D: | 458,87 Gb Total Space | 458,77 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive K: | 1,87 Gb Total Space | 0,04 Gb Free Space | 2,07% Space Free | Partition Type: FAT

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.02 18:16:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2013.03.20 17:36:28 | 001,100,120 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
PRC - [2013.03.20 17:35:40 | 000,186,200 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013.03.20 14:38:50 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.12.21 18:56:44 | 001,090,040 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.12.19 10:49:12 | 000,149,480 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012.11.15 21:44:35 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.08 14:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011.03.09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
PRC - [2011.03.09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2010.09.15 11:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2010.09.14 12:12:46 | 001,701,232 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
PRC - [2010.03.26 04:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010.02.05 12:33:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.02.01 20:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.12.25 03:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009.12.25 03:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2013.02.13 18:51:29 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\1505fb78e94fbe5ee73563a5e10ecead\System.Messaging.ni.dll
MOD - [2013.02.13 16:05:37 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.02.13 16:05:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.13 15:25:16 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.01.11 09:19:27 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebf949aee7febad1902974b1a2bd77a2\System.ServiceModel.Discovery.ni.dll
MOD - [2013.01.11 09:19:27 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b26c0ed378c4b15c60cef0baada4e0dc\System.ServiceModel.Routing.ni.dll
MOD - [2013.01.11 09:19:26 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\800370766976fd4ec232b4e29781717d\System.ServiceModel.Channels.ni.dll
MOD - [2013.01.11 09:19:25 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b15622741724e17f1335c4771c3700a0\System.ServiceModel.Activities.ni.dll
MOD - [2013.01.11 09:19:24 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013.01.11 09:19:08 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll
MOD - [2013.01.11 09:18:01 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013.01.11 09:18:00 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013.01.11 09:18:00 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013.01.11 09:17:58 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.11 09:17:58 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll
MOD - [2013.01.11 09:15:59 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013.01.10 17:34:17 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 17:34:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 17:33:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 17:33:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 17:33:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.10 15:26:43 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013.01.10 15:26:33 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013.01.10 15:26:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 15:26:26 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013.01.10 15:26:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.10 15:26:22 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013.01.10 15:26:20 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.10 15:26:19 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.10 15:26:18 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.10 15:26:14 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.12.21 18:57:44 | 000,276,984 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.12.21 18:57:44 | 000,093,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012.12.21 18:57:28 | 002,653,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.12.21 18:57:28 | 000,364,536 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.12.21 18:57:26 | 011,166,712 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.12.21 18:57:24 | 000,206,328 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.12.21 18:57:22 | 001,347,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.12.21 18:57:22 | 001,014,776 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.12.21 18:57:22 | 000,720,888 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.12.21 18:57:20 | 008,507,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.12.21 18:57:20 | 000,520,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.12.21 18:57:18 | 002,481,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.12.21 18:57:18 | 002,354,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.12.21 18:57:14 | 000,446,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.12.21 18:57:10 | 000,207,352 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
MOD - [2012.12.21 18:57:10 | 000,035,832 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
MOD - [2012.12.21 18:57:08 | 000,033,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
MOD - [2012.12.21 18:56:40 | 000,438,264 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012.12.21 18:56:00 | 000,606,200 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.12.21 16:29:52 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.12.21 16:29:52 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.12.21 16:29:14 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2012.08.17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2010.11.17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010.03.26 04:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010.03.26 04:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.20 17:35:40 | 000,186,200 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.11.17 01:10:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.15 21:44:35 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stop_Pending] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.02.10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.01 20:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.04.24 19:20:40 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.04.24 19:20:40 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013.04.24 19:20:40 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.12.21 15:17:02 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012.11.16 08:57:44 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.11.16 08:57:44 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.11.09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.11.09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.10.05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.04.19 20:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010.01.28 03:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2000.01.01 02:00:00 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.24 19:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.24 19:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.24 19:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.24 19:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.24 19:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.23 08:21:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010.11.14 12:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2011.11.02 10:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\2pgrv76g.default\extensions
[2011.11.02 10:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\2pgrv76g.default\extensions\https-everywhere@eff.org

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX635FWD" File not found
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_20-windows-i586.cab (Java Plug-in 1.3.1_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F584493-4D38-4F20-8C5F-7B74F2718B7C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4867BF7D-B5FF-4180-9575-D29900E2C6FD}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D8F1415-8C04-4568-B91D-13DD956AA1F6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D2CF868-B58F-400E-A67B-025D6E4A40C1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77E05783-9DA1-425A-BBC3-9A5C89C94808}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A51C236-B420-4302-BAA9-81AF3FC63368}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D6B1BD9-547E-4E44-8BEB-3F4C1245CAFE}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1CE918A-C531-4D68-8702-AAE2E40BE7B4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{4fb1b424-879d-11e0-a365-90fba6e09155}\Shell - "" = AutoRun
O33 - MountPoints2\{4fb1b424-879d-11e0-a365-90fba6e09155}\Shell\AutoRun\command - "" = H:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{6f971ad9-117e-11e0-a6bf-90fba6e09155}\Shell - "" = AutoRun
O33 - MountPoints2\{6f971ad9-117e-11e0-a6bf-90fba6e09155}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.02 18:16:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.04.27 09:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.04.27 09:59:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Programs

========== Files - Modified Within 30 Days ==========

[2013.05.02 19:04:48 | 000,438,142 | ---- | M] () -- C:\Users\*****\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf
[2013.05.02 19:01:52 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2013.05.02 19:00:28 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe
[2013.05.02 18:40:49 | 000,377,856 | ---- | M] () -- C:\Users\*****\Desktop\vhdj91g1.exe
[2013.05.02 18:16:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.05.02 18:08:40 | 000,000,483 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.05.02 03:12:55 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 03:12:55 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 03:05:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.02 03:05:22 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.01 03:22:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.01 03:22:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.29 20:37:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.29 20:37:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.29 20:37:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.29 20:37:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.29 20:37:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.27 09:59:25 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.04.27 09:59:25 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.04.24 19:20:40 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.04.24 19:20:40 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013.04.24 19:20:40 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.04.24 19:20:40 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.04.13 09:52:04 | 000,001,938 | ---- | M] () -- C:\Users\*****\Desktop\KM Watertec - Verknüpfung.lnk
[2013.04.13 09:25:42 | 000,439,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013.05.02 19:04:54 | 000,438,142 | ---- | C] () -- C:\Users\*****\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf
[2013.05.02 19:01:52 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2013.05.02 19:00:25 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe
[2013.05.02 18:40:46 | 000,377,856 | ---- | C] () -- C:\Users\*****\Desktop\vhdj91g1.exe
[2013.05.01 03:22:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.01 03:22:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.27 09:59:25 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.04.27 09:59:25 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.12.21 16:39:26 | 000,007,601 | ---- | C] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg
[2012.12.01 18:29:25 | 000,000,126 | ---- | C] () -- C:\Windows\APDatabaseUI.INI
[2012.12.01 18:22:26 | 000,000,073 | ---- | C] () -- C:\Windows\RestorePath.ini
[2012.11.29 08:58:43 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.11.29 08:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.11.20 15:35:40 | 000,007,588 | ---- | C] () -- C:\Users\*****\.erpclient.properties
[2012.08.04 17:43:13 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.17 13:11:04 | 000,000,144 | ---- | C] () -- C:\Windows\Pcfk32.INI
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.29 09:34:34 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.10 16:30:15 | 000,000,031 | ---- | C] () -- C:\Windows\DeskCalc.INI
[2011.05.26 11:24:42 | 000,000,078 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.27 10:14:32 | 000,005,632 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.20 01:05:19 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011.05.26 11:24:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl
[2013.03.08 12:38:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Epson
[2013.03.22 10:53:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Garmin
[2012.01.29 16:10:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2010.11.14 10:23:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\JonDo
[2012.11.23 08:25:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\kompozer.net
[2010.11.25 18:48:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lexware
[2013.02.11 09:59:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia
[2011.09.14 00:50:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Ovi Suite
[2012.01.16 19:30:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Suite
[2010.11.13 19:12:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OEM
[2011.08.02 12:48:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite
[2012.11.29 10:01:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC-FAX TX
[2011.09.04 10:58:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\pdfforge
[2011.02.27 12:08:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PowerCinema
[2012.11.20 15:35:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Scopevisio
[2012.11.23 08:21:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird

========== Purity Check ==========

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-02 19:59:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 931,51GB
Running: vhdj91g1.exe; Driver: C:\Users\*****\AppData\Local\Temp\kxdiypod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80003405000 45 bytes [00, 00, AF, 00, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 606 fffff8000340502e 17 bytes [44, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]
.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????-B???????????e??????tap0901??????????????{?????????emd????.????????g????????1????z???????|??? ??0????|??????????? ???????i??????????? ???????u?????????????,????????????&???????????????????????? ???????u?????????????,????????????&????????????????????"??? ???|???C??????d-????N??????|???????|????@??????.???????????????????h???????????????????6???-??????-A??????????????s???Apple???{254D9314-3CC6-4D89-BCB3-D26A4408CBF0}??????56??????0??????????r????????1??????????????x?????????k???E???m???????????1????????????????`??????"???C??Microsoft???192.168.2.1???? ?????1????????l??Microsoft Windows Management Interface for ACPI???????D???????????????????`??????8???-????N?????????????????????????????????????????????????????????????SCSIAdapter?????????????????????????????????? ???????|???????|??????1???????????????????1???????????????? ??!????e?????ros????V??????????????d??????r???Enable?30A??????????? ??0????????????????????????p?p?p?p?p?p?p?p?p?p?p?????????ft???????@???????????? ???????????????????5?,?????? ????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???x?????????????????????????????i??t????????g??????? ???x??? ??!????o??????? ???????x???????????????????{???n???x??? h??x???-??????????????? ??????e???WINMOBIL????? ??W????:????????????~????????g????? h??x???i??????oi??????t????????e???????e???????????:??????7&304c8f3&0??6?????*0??,1??x???x???x???????????92??:3??;4??;5??;6??;7??;8??x9???????????? N??x??????????e1????????????????????h?????H???@???????@???????H???????????????????????.1??? ???????x???????????@?:????????h????????????????????????x???????o???????????x??? ?????????????x?????x?:????????N????????????x???????????????????????i???????x??5-31-2007?????~????????????????x???x?:???????????c??????Brother?????{4D8F1415-8C04-4568-B91D-13DD956AA1F6}???????????????????????????????i???????x?x?x?x?:??????????????????????? h??x???x????????????h?????H???@???????@???????H???????????????????????H???? ??W?????????????????????????????????X??????3?g?3??? ???????x???????????;?:????????h????????????j?k?k?k?l?i?k?l?l??? ??!??????????????????x???x?:??????A1??????? ???????x?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???o????FSFilter Activity Monitor???? ??!????_??????????Ports???????????????????????????????????????????t?????????????<??o????????h?????\SystemRoot\system32\drivers\kbdclass.sys??????????? ????t????????@????????????????????????????.??o?????????e????LocalSystem??????????????????????????????????????????o??????????LegacyDriver??????$??o???? ??p????????????e??????system32\DRIVERS\intelppm.sys?ntelppm.sys????????o?????????????????????????g????? ???????n???????????o?o?o?o?o?p?????o??FltMgr??TR??????????????p???Tastaturklassentreiber???????????????D???????k??KLIM6??????????????????????????????? ?????????o????T??s?????????e???????????????????s????KLIM6??o?o???o???????????????????o???d??p3??? ???o??????????????noupper?FL???????????o???????e?????????????????????o?????????????????d??????s???System32\Drivers\ksecdd.sys??????????????e???o?????? ?o???.?.?f?.?g?j?A?o?o???????o??????p???????????? ????????J??p??????????????????????Cryptography?????????????????????????o??? ???o??????????????????????????Af?????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???o?????????????????d??????s???System32\Drivers\ksecdd.sys??????????????e???o???????o???.?.?f?.?g?j?A?o?o???????o??????p???????????? ????????J??p??????????????????????Cryptography?????????????????????????o??? ???o??????????????????????????Af???????????????????????????? ??o???????????e??????????????????? ?????????????e?????o?,????????J????????????????o???????e????????????H??p???m??????Microsoft???????????????????? ???o??????????????????????????????????????????t???????????????????????????? ???????????o??????id???????????????????????o??????p?????X??????&???&??PNP Filter???????????????6?k?o???o???????????????????????o?????????s????nolower?????PerfMon_Collect??????e?e?o?o?o?o?o?o?j???????????????y???????????U???? ???????????o??PerfMon_Close?????????????????????????&??o?????????e?????????????????????????????????????u?u?u???o??SCSI Miniport???System???????e????D??p???????????e?????????????? 2??5???????????????Ralink???????&???????????????????????????????&???????P???????????????????R???&?????????????????????????????

---- EOF - GMER 2.1 ----


< End of report >

Eine Datei "Extra" wurd nicht abgelegt!

Alt 03.05.2013, 05:35   #2
Psychotic
/// Malwareteam
 
Trojaner MitB PC1 - Standard

Trojaner MitB PC1





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.




Scan mit TDSS-Killer




Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 03.05.2013, 18:03   #3
daalbock
 
Trojaner MitB PC1 - Standard

Trojaner MitB PC1



OTL Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.05.2013 18:33:49 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 58,57% Memory free
7,86 Gb Paging File | 6,08 Gb Available in Paging File | 77,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,87 Gb Total Space | 377,50 Gb Free Space | 82,27% Space Free | Partition Type: NTFS
Drive D: | 458,87 Gb Total Space | 458,77 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive K: | 1,87 Gb Total Space | 0,04 Gb Free Space | 2,07% Space Free | Partition Type: FAT
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.03 18:33:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2013.03.20 17:35:40 | 000,186,200 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013.03.20 14:38:50 | 000,162,856 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.12.19 10:49:12 | 000,149,480 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
PRC - [2011.03.09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2010.03.26 04:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010.02.05 12:33:46 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010.02.01 20:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.12.25 03:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009.12.25 03:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.11.17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.03.26 04:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010.03.26 04:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.20 17:35:40 | 000,186,200 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.11.17 01:10:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.15 21:44:35 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.02.10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.01 20:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.24 19:20:40 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.04.24 19:20:40 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013.04.24 19:20:40 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.12.21 15:17:02 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012.11.16 08:57:44 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.11.16 08:57:44 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.11.09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.11.09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.10.05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.04.19 20:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010.01.28 03:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2000.01.01 02:00:00 | 000,685,160 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.24 19:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.24 19:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.24 19:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.24 19:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.24 19:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.23 08:21:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.11.14 12:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2011.11.02 10:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\2pgrv76g.default\extensions
[2011.11.02 10:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\2pgrv76g.default\extensions\https-everywhere@eff.org
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX635FWD" File not found
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_20-windows-i586.cab (Java Plug-in 1.3.1_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F584493-4D38-4F20-8C5F-7B74F2718B7C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4867BF7D-B5FF-4180-9575-D29900E2C6FD}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D8F1415-8C04-4568-B91D-13DD956AA1F6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D2CF868-B58F-400E-A67B-025D6E4A40C1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77E05783-9DA1-425A-BBC3-9A5C89C94808}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A51C236-B420-4302-BAA9-81AF3FC63368}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D6B1BD9-547E-4E44-8BEB-3F4C1245CAFE}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1CE918A-C531-4D68-8702-AAE2E40BE7B4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{4fb1b424-879d-11e0-a365-90fba6e09155}\Shell - "" = AutoRun
O33 - MountPoints2\{4fb1b424-879d-11e0-a365-90fba6e09155}\Shell\AutoRun\command - "" = H:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{6f971ad9-117e-11e0-a6bf-90fba6e09155}\Shell - "" = AutoRun
O33 - MountPoints2\{6f971ad9-117e-11e0-a6bf-90fba6e09155}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.03 18:33:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.04.27 09:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.04.27 09:59:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.03 18:33:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.05.03 18:30:17 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 18:30:17 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 18:29:09 | 000,000,483 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.05.03 18:22:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.03 18:22:50 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.02 20:41:02 | 1330,205,712 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.02 19:04:48 | 000,438,142 | ---- | M] () -- C:\Users\*****\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf
[2013.05.02 19:01:52 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2013.05.02 19:00:28 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe
[2013.05.02 18:40:49 | 000,377,856 | ---- | M] () -- C:\Users\*****\Desktop\vhdj91g1.exe
[2013.05.01 03:22:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.01 03:22:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.29 20:37:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.29 20:37:27 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.29 20:37:27 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.29 20:37:27 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.29 20:37:27 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.27 09:59:25 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.04.27 09:59:25 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.04.24 19:20:40 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.04.24 19:20:40 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013.04.24 19:20:40 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.04.24 19:20:40 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.04.13 09:52:04 | 000,001,938 | ---- | M] () -- C:\Users\*****\Desktop\KM Watertec - Verknüpfung.lnk
[2013.04.13 09:25:42 | 000,439,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.02 19:04:54 | 000,438,142 | ---- | C] () -- C:\Users\*****\Desktop\69886-alle-hilfesuchenden-eroeffnu.pdf
[2013.05.02 19:01:52 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2013.05.02 19:00:25 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe
[2013.05.02 18:40:46 | 000,377,856 | ---- | C] () -- C:\Users\*****\Desktop\vhdj91g1.exe
[2013.05.01 03:22:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.01 03:22:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.27 09:59:25 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.04.27 09:59:25 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.12.21 16:39:26 | 000,007,601 | ---- | C] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg
[2012.12.01 18:29:25 | 000,000,126 | ---- | C] () -- C:\Windows\APDatabaseUI.INI
[2012.12.01 18:22:26 | 000,000,073 | ---- | C] () -- C:\Windows\RestorePath.ini
[2012.11.29 08:58:43 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.11.29 08:58:43 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.11.20 15:35:40 | 000,007,588 | ---- | C] () -- C:\Users\*****\.erpclient.properties
[2012.08.04 17:43:13 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.17 13:11:04 | 000,000,144 | ---- | C] () -- C:\Windows\Pcfk32.INI
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.29 09:34:34 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.10 16:30:15 | 000,000,031 | ---- | C] () -- C:\Windows\DeskCalc.INI
[2011.05.26 11:24:42 | 000,000,078 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.27 10:14:32 | 000,005,632 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.20 01:05:19 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.05.26 11:24:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl
[2013.03.08 12:38:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Epson
[2013.03.22 10:53:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Garmin
[2012.01.29 16:10:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2010.11.14 10:23:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\JonDo
[2012.11.23 08:25:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\kompozer.net
[2010.11.25 18:48:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lexware
[2013.02.11 09:59:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia
[2011.09.14 00:50:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Ovi Suite
[2012.01.16 19:30:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia Suite
[2010.11.13 19:12:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OEM
[2011.08.02 12:48:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite
[2012.11.29 10:01:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC-FAX TX
[2011.09.04 10:58:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\pdfforge
[2011.02.27 12:08:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PowerCinema
[2012.11.20 15:35:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Scopevisio
[2012.11.23 08:21:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Gmer:
[CODE]
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-03 18:59:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 931,51GB
Running: vhdj91g1.exe; Driver: C:\Users\*****\AppData\Local\Temp\kxdiypod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075c21465 2 bytes [C2, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075c214bb 2 bytes [C2, 75]
.text  ...                                                                                                                          * 2
.text  C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075c21465 2 bytes [C2, 75]
.text  C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075c214bb 2 bytes [C2, 75]
.text  ...                                                                                                                          * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                           ????-B???????????e??????tap0901??????????????{?????????emd????.????????g????????1????z???????|??? ??0????|??????????? ???????i??????????? ???????u?????????????,????????????&???????????????????????? ???????u?????????????,????????????&????????????????????"??? ???|???C??????d-????N??????|???????|????@??????.???????????????????h???????????????????6???-??????-A??????????????s???Apple???{254D9314-3CC6-4D89-BCB3-D26A4408CBF0}??????56??????0??????????r????????1??????????????x?????????k???E???m??WAN Miniport (IKEv2)??????`??????"???C??Microsoft???192.168.2.1?????????1????????l??Microsoft Windows Management Interface for ACPI???????D???????????????????`??????8???-????N?????????????????????????????????????????????????????????????SCSIAdapter?????????????????????????????????? ???????|???????|??????1???????????????????1???????????????? ??!????e?????ros????V????????????n????????r???Enable?30A??????????? ??0????????????????????????p?p?p?p?p?p?p?p?p?p?p?????????ft???????@???????????? ???????????????????5?,?????? ????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                      ???x?????????????????????????????i??t????????g??????? ???x??? ??!????o??????? ???????x???????????????????{???n???x??? h??x???-??????????????? ??????e???WINMOBIL????? ??W????:????????????~????????g????? h??x???i??????oi??????t????????e???????e???????????:??????7&304c8f3&0??6?????*0??,1??x???x???x???????????92??:3??;4??;5??;6??;7??;8??x9???????????? N??x??????????e1????????????????????h?????H???@???????@???????H???????????????????????.1??? ???????x???????????@?:????????h????????????????????????x???????o???????????x??? ?????????????x?????x?:????????N????????????x???????????????????????i???????x??5-31-2007?????~????????????????x???x?:???????????c??????Brother?????{4D8F1415-8C04-4568-B91D-13DD956AA1F6}???????????????????????????????i???????x?x?x?x?:??????????????????????? h??x???x????????????h?????H???@???????@???????H???????????????????????H???? ??W?????????????????????????????????X??????3?g?3??? ???????x???????????;?:????????h????????????j?k?k?k?l?i?k?l?l??? ??!??????????????????x???x?:??????A1??????? ???????x?
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                               ???o????FSFilter Activity Monitor???? ??!????_??????????Ports???????????????????????????????????????????t?????????????<??o????????h?????\SystemRoot\system32\drivers\kbdclass.sys???????????????t????????@????????????????????????????.??o?????????e????LocalSystem??????????????????????????????????????????o??????????LegacyDriver??????$??o??????p????????????e??????system32\DRIVERS\intelppm.sys?ntelppm.sys????????o?????????????????????????g????? ???????n???????????o?o?o?o?o?p?????o??FltMgr??TR??????????????p???Tastaturklassentreiber???????????????D???????k??KLIM6????????????????????????????????????????o????T??s?????????e???????????????????s????KLIM6??o?o???o???????????????????????????y??? ???o??????????????noupper?FL???????????o???????e?????????????????????o?????????????????d??????s???System32\Drivers\ksecdd.sys??????????????e???o???????o???.?.?f?.?g?j?A?o?o???????o??????p???????????? ????????J??p??????????????????????Cryptography?????????????????????????o??? ???o??????????????????????????Af?????????????????????????
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                          ???o?????????????????d??????s???System32\Drivers\ksecdd.sys??????????????e???o???????o???.?.?f?.?g?j?A?o?o???????o??????p???????????? ????????J??p??????????????????????Cryptography?????????????????????????o??? ???o??????????????????????????Af???????????????????????????? ??o???????????e??????????????????? ?????????????e?????o?,????????J????????????????o???????e????????????H??p???m??????Microsoft???????????????????? ???o??????????????????????????????????????????t???????????????????????????? ???????????o??????id???????????????????????o??????p?????X??????&???&??PNP Filter???????????????6?k?o???o???????????????????????o?????????s????nolower?????PerfMon_Collect??????e?e?j?o?o?o?o?o?o???????o???d??p3???????????U???????????????o??PerfMon_Close?????????????????????????&??o?????????e?????????????????????????????????????u?u?u????8??o??????????????System???????o????D??p???????????e?????????????? 2??5???????????????Ralink???????&???????????????????????????????&???????P???????????????????R???&?????????????????????????????

---- EOF - GMER 2.1 ----
         
--- --- ---

Gmer:
[CODE]
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-03 18:59:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 931,51GB
Running: vhdj91g1.exe; Driver: C:\Users\*****\AppData\Local\Temp\kxdiypod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075c21465 2 bytes [C2, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075c214bb 2 bytes [C2, 75]
.text  ...                                                                                                                          * 2
.text  C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075c21465 2 bytes [C2, 75]
.text  C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[4076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075c214bb 2 bytes [C2, 75]
.text  ...                                                                                                                          * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                           ????-B???????????e??????tap0901??????????????{?????????emd????.????????g????????1????z???????|??? ??0????|??????????? ???????i??????????? ???????u?????????????,????????????&???????????????????????? ???????u?????????????,????????????&????????????????????"??? ???|???C??????d-????N??????|???????|????@??????.???????????????????h???????????????????6???-??????-A??????????????s???Apple???{254D9314-3CC6-4D89-BCB3-D26A4408CBF0}??????56??????0??????????r????????1??????????????x?????????k???E???m??WAN Miniport (IKEv2)??????`??????"???C??Microsoft???192.168.2.1?????????1????????l??Microsoft Windows Management Interface for ACPI???????D???????????????????`??????8???-????N?????????????????????????????????????????????????????????????SCSIAdapter?????????????????????????????????? ???????|???????|??????1???????????????????1???????????????? ??!????e?????ros????V????????????n????????r???Enable?30A??????????? ??0????????????????????????p?p?p?p?p?p?p?p?p?p?p?????????ft???????@???????????? ???????????????????5?,?????? ????????????
Reg    HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                      ???x?????????????????????????????i??t????????g??????? ???x??? ??!????o??????? ???????x???????????????????{???n???x??? h??x???-??????????????? ??????e???WINMOBIL????? ??W????:????????????~????????g????? h??x???i??????oi??????t????????e???????e???????????:??????7&304c8f3&0??6?????*0??,1??x???x???x???????????92??:3??;4??;5??;6??;7??;8??x9???????????? N??x??????????e1????????????????????h?????H???@???????@???????H???????????????????????.1??? ???????x???????????@?:????????h????????????????????????x???????o???????????x??? ?????????????x?????x?:????????N????????????x???????????????????????i???????x??5-31-2007?????~????????????????x???x?:???????????c??????Brother?????{4D8F1415-8C04-4568-B91D-13DD956AA1F6}???????????????????????????????i???????x?x?x?x?:??????????????????????? h??x???x????????????h?????H???@???????@???????H???????????????????????H???? ??W?????????????????????????????????X??????3?g?3??? ???????x???????????;?:????????h????????????j?k?k?k?l?i?k?l?l??? ??!??????????????????x???x?:??????A1??????? ???????x?
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                               ???o????FSFilter Activity Monitor???? ??!????_??????????Ports???????????????????????????????????????????t?????????????<??o????????h?????\SystemRoot\system32\drivers\kbdclass.sys???????????????t????????@????????????????????????????.??o?????????e????LocalSystem??????????????????????????????????????????o??????????LegacyDriver??????$??o??????p????????????e??????system32\DRIVERS\intelppm.sys?ntelppm.sys????????o?????????????????????????g????? ???????n???????????o?o?o?o?o?p?????o??FltMgr??TR??????????????p???Tastaturklassentreiber???????????????D???????k??KLIM6????????????????????????????????????????o????T??s?????????e???????????????????s????KLIM6??o?o???o???????????????????????????y??? ???o??????????????noupper?FL???????????o???????e?????????????????????o?????????????????d??????s???System32\Drivers\ksecdd.sys??????????????e???o???????o???.?.?f?.?g?j?A?o?o???????o??????p???????????? ????????J??p??????????????????????Cryptography?????????????????????????o??? ???o??????????????????????????Af?????????????????????????
Reg    HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                          ???o?????????????????d??????s???System32\Drivers\ksecdd.sys??????????????e???o???????o???.?.?f?.?g?j?A?o?o???????o??????p???????????? ????????J??p??????????????????????Cryptography?????????????????????????o??? ???o??????????????????????????Af???????????????????????????? ??o???????????e??????????????????? ?????????????e?????o?,????????J????????????????o???????e????????????H??p???m??????Microsoft???????????????????? ???o??????????????????????????????????????????t???????????????????????????? ???????????o??????id???????????????????????o??????p?????X??????&???&??PNP Filter???????????????6?k?o???o???????????????????????o?????????s????nolower?????PerfMon_Collect??????e?e?j?o?o?o?o?o?o???????o???d??p3???????????U???????????????o??PerfMon_Close?????????????????????????&??o?????????e?????????????????????????????????????u?u?u????8??o??????????????System???????o????D??p???????????e?????????????? 2??5???????????????Ralink???????&???????????????????????????????&???????P???????????????????R???&?????????????????????????????

---- EOF - GMER 2.1 ----
         
--- --- ---
__________________

Alt 03.05.2013, 18:10   #4
daalbock
 
Trojaner MitB PC1 - Standard

Trojaner MitB PC1



TDSS Killer:
Code:
ATTFilter
19:07:47.0250 3336  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:07:47.0406 3336  ============================================================
19:07:47.0406 3336  Current date / time: 2013/05/03 19:07:47.0406
19:07:47.0406 3336  SystemInfo:
19:07:47.0406 3336  
19:07:47.0406 3336  OS Version: 6.1.7601 ServicePack: 1.0
19:07:47.0406 3336  Product type: Workstation
19:07:47.0406 3336  ComputerName: *****-PC
19:07:47.0406 3336  UserName: *****
19:07:47.0406 3336  Windows directory: C:\Windows
19:07:47.0406 3336  System windows directory: C:\Windows
19:07:47.0406 3336  Running under WOW64
19:07:47.0406 3336  Processor architecture: Intel x64
19:07:47.0406 3336  Number of processors: 4
19:07:47.0406 3336  Page size: 0x1000
19:07:47.0406 3336  Boot type: Normal boot
19:07:47.0406 3336  ============================================================
19:07:47.0812 3336  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:47.0812 3336  Drive \Device\Harddisk1\DR1 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:07:47.0827 3336  ============================================================
19:07:47.0827 3336  \Device\Harddisk0\DR0:
19:07:47.0827 3336  MBR partitions:
19:07:47.0827 3336  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
19:07:47.0827 3336  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x395BD000
19:07:47.0827 3336  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B147800, BlocksNum 0x395BEDB0
19:07:47.0827 3336  \Device\Harddisk1\DR1:
19:07:47.0827 3336  MBR partitions:
19:07:47.0827 3336  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3BFFE0
19:07:47.0827 3336  ============================================================
19:07:47.0843 3336  C: <-> \Device\Harddisk0\DR0\Partition2
19:07:47.0874 3336  D: <-> \Device\Harddisk0\DR0\Partition3
19:07:47.0874 3336  ============================================================
19:07:47.0874 3336  Initialize success
19:07:47.0874 3336  ============================================================
19:07:49.0403 4252  ============================================================
19:07:49.0403 4252  Scan started
19:07:49.0403 4252  Mode: Manual; 
19:07:49.0403 4252  ============================================================
19:07:49.0793 4252  ================ Scan system memory ========================
19:07:49.0793 4252  System memory - ok
19:07:49.0793 4252  ================ Scan services =============================
19:07:49.0933 4252  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:07:49.0949 4252  1394ohci - ok
19:07:49.0980 4252  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:07:49.0980 4252  ACPI - ok
19:07:50.0027 4252  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:07:50.0027 4252  AcpiPmi - ok
19:07:50.0105 4252  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:07:50.0105 4252  AdobeARMservice - ok
19:07:50.0167 4252  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:07:50.0167 4252  adp94xx - ok
19:07:50.0199 4252  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:07:50.0199 4252  adpahci - ok
19:07:50.0230 4252  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:07:50.0230 4252  adpu320 - ok
19:07:50.0261 4252  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:07:50.0261 4252  AeLookupSvc - ok
19:07:50.0308 4252  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:07:50.0308 4252  AFD - ok
19:07:50.0355 4252  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:07:50.0355 4252  agp440 - ok
19:07:50.0370 4252  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:07:50.0386 4252  ALG - ok
19:07:50.0417 4252  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:07:50.0417 4252  aliide - ok
19:07:50.0464 4252  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:07:50.0464 4252  AMD External Events Utility - ok
19:07:50.0511 4252  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:07:50.0511 4252  amdide - ok
19:07:50.0526 4252  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:07:50.0526 4252  AmdK8 - ok
19:07:50.0729 4252  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:07:50.0916 4252  amdkmdag - ok
19:07:50.0947 4252  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:07:50.0947 4252  amdkmdap - ok
19:07:50.0963 4252  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:07:50.0963 4252  AmdPPM - ok
19:07:50.0994 4252  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:07:50.0994 4252  amdsata - ok
19:07:50.0994 4252  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:07:51.0010 4252  amdsbs - ok
19:07:51.0010 4252  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:07:51.0010 4252  amdxata - ok
19:07:51.0057 4252  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:07:51.0057 4252  AppID - ok
19:07:51.0088 4252  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:07:51.0088 4252  AppIDSvc - ok
19:07:51.0135 4252  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:07:51.0135 4252  Appinfo - ok
19:07:51.0197 4252  [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:07:51.0197 4252  Apple Mobile Device - ok
19:07:51.0213 4252  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:07:51.0213 4252  arc - ok
19:07:51.0228 4252  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:07:51.0228 4252  arcsas - ok
19:07:51.0244 4252  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:07:51.0244 4252  AsyncMac - ok
19:07:51.0275 4252  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:07:51.0275 4252  atapi - ok
19:07:51.0322 4252  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:07:51.0322 4252  AtiHDAudioService - ok
19:07:51.0353 4252  [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
19:07:51.0353 4252  AtiHdmiService - ok
19:07:51.0400 4252  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:07:51.0400 4252  AudioEndpointBuilder - ok
19:07:51.0415 4252  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:07:51.0415 4252  AudioSrv - ok
19:07:51.0525 4252  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
19:07:51.0525 4252  AVP - ok
19:07:51.0603 4252  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:07:51.0603 4252  AxInstSV - ok
19:07:51.0634 4252  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:07:51.0649 4252  b06bdrv - ok
19:07:51.0681 4252  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:07:51.0681 4252  b57nd60a - ok
19:07:51.0696 4252  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:07:51.0696 4252  BDESVC - ok
19:07:51.0712 4252  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:07:51.0712 4252  Beep - ok
19:07:51.0790 4252  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:07:51.0805 4252  BFE - ok
19:07:51.0883 4252  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:07:51.0899 4252  BITS - ok
19:07:51.0915 4252  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:07:51.0915 4252  blbdrive - ok
19:07:51.0930 4252  [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
19:07:51.0946 4252  Bonjour Service - ok
19:07:51.0977 4252  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:07:51.0977 4252  bowser - ok
19:07:51.0993 4252  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:07:51.0993 4252  BrFiltLo - ok
19:07:52.0008 4252  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:07:52.0008 4252  BrFiltUp - ok
19:07:52.0039 4252  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:07:52.0039 4252  Browser - ok
19:07:52.0055 4252  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:07:52.0055 4252  Brserid - ok
19:07:52.0071 4252  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:52.0071 4252  BrSerWdm - ok
19:07:52.0071 4252  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:52.0071 4252  BrUsbMdm - ok
19:07:52.0086 4252  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:52.0086 4252  BrUsbSer - ok
19:07:52.0086 4252  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:07:52.0086 4252  BTHMODEM - ok
19:07:52.0117 4252  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:07:52.0117 4252  bthserv - ok
19:07:52.0133 4252  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:07:52.0133 4252  cdfs - ok
19:07:52.0164 4252  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:07:52.0164 4252  cdrom - ok
19:07:52.0211 4252  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:07:52.0211 4252  CertPropSvc - ok
19:07:52.0227 4252  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:07:52.0227 4252  circlass - ok
19:07:52.0258 4252  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:07:52.0258 4252  CLFS - ok
19:07:52.0305 4252  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:07:52.0305 4252  clr_optimization_v2.0.50727_32 - ok
19:07:52.0320 4252  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:07:52.0336 4252  clr_optimization_v2.0.50727_64 - ok
19:07:52.0383 4252  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:07:52.0383 4252  clr_optimization_v4.0.30319_32 - ok
19:07:52.0414 4252  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:07:52.0429 4252  clr_optimization_v4.0.30319_64 - ok
19:07:52.0429 4252  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:07:52.0429 4252  CmBatt - ok
19:07:52.0461 4252  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:07:52.0461 4252  cmdide - ok
19:07:52.0492 4252  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:07:52.0492 4252  CNG - ok
19:07:52.0507 4252  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:07:52.0507 4252  Compbatt - ok
19:07:52.0554 4252  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:07:52.0554 4252  CompositeBus - ok
19:07:52.0554 4252  COMSysApp - ok
19:07:52.0570 4252  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:07:52.0570 4252  crcdisk - ok
19:07:52.0585 4252  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:07:52.0601 4252  CryptSvc - ok
19:07:52.0632 4252  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:07:52.0632 4252  DcomLaunch - ok
19:07:52.0679 4252  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:07:52.0679 4252  defragsvc - ok
19:07:52.0710 4252  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:07:52.0710 4252  DfsC - ok
19:07:52.0741 4252  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:07:52.0741 4252  Dhcp - ok
19:07:52.0757 4252  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:07:52.0757 4252  discache - ok
19:07:52.0788 4252  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:07:52.0788 4252  Disk - ok
19:07:52.0804 4252  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:07:52.0804 4252  Dnscache - ok
19:07:52.0835 4252  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:07:52.0835 4252  dot3svc - ok
19:07:52.0866 4252  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:07:52.0866 4252  DPS - ok
19:07:52.0897 4252  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:07:52.0897 4252  drmkaud - ok
19:07:52.0944 4252  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:07:52.0944 4252  DXGKrnl - ok
19:07:52.0975 4252  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:07:52.0975 4252  EapHost - ok
19:07:53.0053 4252  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:07:53.0116 4252  ebdrv - ok
19:07:53.0147 4252  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:07:53.0147 4252  EFS - ok
19:07:53.0194 4252  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:07:53.0209 4252  ehRecvr - ok
19:07:53.0225 4252  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:07:53.0241 4252  ehSched - ok
19:07:53.0272 4252  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:07:53.0287 4252  elxstor - ok
19:07:53.0323 4252  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:07:53.0324 4252  ErrDev - ok
19:07:53.0339 4252  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:07:53.0349 4252  EventSystem - ok
19:07:53.0359 4252  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:07:53.0359 4252  exfat - ok
19:07:53.0369 4252  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:07:53.0379 4252  fastfat - ok
19:07:53.0409 4252  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:07:53.0409 4252  Fax - ok
19:07:53.0424 4252  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:07:53.0424 4252  fdc - ok
19:07:53.0440 4252  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:07:53.0440 4252  fdPHost - ok
19:07:53.0455 4252  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:07:53.0455 4252  FDResPub - ok
19:07:53.0455 4252  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:07:53.0455 4252  FileInfo - ok
19:07:53.0471 4252  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:07:53.0471 4252  Filetrace - ok
19:07:53.0471 4252  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:07:53.0471 4252  flpydisk - ok
19:07:53.0518 4252  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:07:53.0518 4252  FltMgr - ok
19:07:53.0565 4252  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:07:53.0580 4252  FontCache - ok
19:07:53.0627 4252  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:07:53.0643 4252  FontCache3.0.0.0 - ok
19:07:53.0643 4252  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:07:53.0643 4252  FsDepends - ok
19:07:53.0658 4252  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:07:53.0658 4252  Fs_Rec - ok
19:07:53.0705 4252  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:07:53.0705 4252  fvevol - ok
19:07:53.0721 4252  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:07:53.0721 4252  gagp30kx - ok
19:07:53.0783 4252  [ 25619A6281DDCC6C60C6959E62112F98 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
19:07:53.0783 4252  Garmin Core Update Service - ok
19:07:53.0830 4252  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:07:53.0830 4252  GEARAspiWDM - ok
19:07:53.0861 4252  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:07:53.0877 4252  gpsvc - ok
19:07:53.0939 4252  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
19:07:53.0955 4252  Greg_Service - ok
19:07:54.0033 4252  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:07:54.0033 4252  gusvc - ok
19:07:54.0033 4252  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:07:54.0033 4252  hcw85cir - ok
19:07:54.0095 4252  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:07:54.0095 4252  HdAudAddService - ok
19:07:54.0111 4252  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:07:54.0111 4252  HDAudBus - ok
19:07:54.0142 4252  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:07:54.0142 4252  HidBatt - ok
19:07:54.0142 4252  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:07:54.0142 4252  HidBth - ok
19:07:54.0173 4252  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:07:54.0173 4252  HidIr - ok
19:07:54.0189 4252  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:07:54.0189 4252  hidserv - ok
19:07:54.0235 4252  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:07:54.0235 4252  HidUsb - ok
19:07:54.0267 4252  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:07:54.0282 4252  hkmsvc - ok
19:07:54.0313 4252  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:07:54.0313 4252  HomeGroupListener - ok
19:07:54.0345 4252  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:07:54.0345 4252  HomeGroupProvider - ok
19:07:54.0376 4252  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:07:54.0376 4252  HpSAMD - ok
19:07:54.0407 4252  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:07:54.0423 4252  HTTP - ok
19:07:54.0454 4252  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:07:54.0454 4252  hwpolicy - ok
19:07:54.0485 4252  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:07:54.0485 4252  i8042prt - ok
19:07:54.0516 4252  [ BF5442DC14608D18949DC83DE37E667A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:07:54.0516 4252  iaStor - ok
19:07:54.0563 4252  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:07:54.0563 4252  iaStorV - ok
19:07:54.0610 4252  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:07:54.0625 4252  idsvc - ok
19:07:54.0657 4252  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:07:54.0657 4252  iirsp - ok
19:07:54.0703 4252  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:07:54.0703 4252  IKEEXT - ok
19:07:54.0828 4252  [ F1A3ECE3809AF333810ED0A872200226 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:07:54.0906 4252  IntcAzAudAddService - ok
19:07:54.0937 4252  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:07:54.0953 4252  intelide - ok
19:07:54.0969 4252  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:07:54.0969 4252  intelppm - ok
19:07:55.0000 4252  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:07:55.0000 4252  IPBusEnum - ok
19:07:55.0031 4252  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:07:55.0031 4252  IpFilterDriver - ok
19:07:55.0062 4252  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:07:55.0062 4252  iphlpsvc - ok
19:07:55.0109 4252  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:07:55.0109 4252  IPMIDRV - ok
19:07:55.0125 4252  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:07:55.0125 4252  IPNAT - ok
19:07:55.0187 4252  [ 3D62FE4FEFE9C67DAFEC52B534DFA1FB ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:07:55.0203 4252  iPod Service - ok
19:07:55.0218 4252  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:07:55.0218 4252  IRENUM - ok
19:07:55.0249 4252  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:07:55.0249 4252  isapnp - ok
19:07:55.0281 4252  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:07:55.0296 4252  iScsiPrt - ok
19:07:55.0312 4252  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:07:55.0312 4252  kbdclass - ok
19:07:55.0359 4252  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:07:55.0359 4252  kbdhid - ok
19:07:55.0374 4252  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:07:55.0374 4252  KeyIso - ok
19:07:55.0437 4252  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
19:07:55.0437 4252  kl1 - ok
19:07:55.0530 4252  [ 2CBD248370721DCAD632DB70D09C5A6D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
19:07:55.0530 4252  KLIF - ok
19:07:55.0546 4252  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
19:07:55.0546 4252  KLIM6 - ok
19:07:55.0593 4252  [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
19:07:55.0593 4252  klkbdflt - ok
19:07:55.0608 4252  [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
19:07:55.0608 4252  klmouflt - ok
19:07:55.0639 4252  [ 982974975E679276F0FA39EFA331A268 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
19:07:55.0639 4252  kltdi - ok
19:07:55.0655 4252  [ 1FCB657B581CC4DF17FD6571F93602DE ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
19:07:55.0671 4252  kneps - ok
19:07:55.0702 4252  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:07:55.0702 4252  KSecDD - ok
19:07:55.0733 4252  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:07:55.0733 4252  KSecPkg - ok
19:07:55.0749 4252  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:07:55.0749 4252  ksthunk - ok
19:07:55.0780 4252  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:07:55.0780 4252  KtmRm - ok
19:07:55.0827 4252  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:07:55.0827 4252  LanmanServer - ok
19:07:55.0873 4252  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:07:55.0873 4252  LanmanWorkstation - ok
19:07:55.0889 4252  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:07:55.0889 4252  lltdio - ok
19:07:55.0905 4252  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:07:55.0905 4252  lltdsvc - ok
19:07:55.0936 4252  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:07:55.0936 4252  lmhosts - ok
19:07:55.0951 4252  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:07:55.0967 4252  LSI_FC - ok
19:07:55.0967 4252  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:07:55.0967 4252  LSI_SAS - ok
19:07:55.0983 4252  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:07:55.0983 4252  LSI_SAS2 - ok
19:07:55.0998 4252  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:07:56.0014 4252  LSI_SCSI - ok
19:07:56.0029 4252  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:07:56.0029 4252  luafv - ok
19:07:56.0061 4252  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:07:56.0061 4252  Mcx2Svc - ok
19:07:56.0061 4252  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:07:56.0061 4252  megasas - ok
19:07:56.0076 4252  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:07:56.0076 4252  MegaSR - ok
19:07:56.0092 4252  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:07:56.0092 4252  MMCSS - ok
19:07:56.0107 4252  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:07:56.0107 4252  Modem - ok
19:07:56.0123 4252  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:07:56.0123 4252  monitor - ok
19:07:56.0139 4252  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
19:07:56.0139 4252  mouclass - ok
19:07:56.0154 4252  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:07:56.0154 4252  mouhid - ok
19:07:56.0185 4252  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:07:56.0185 4252  mountmgr - ok
19:07:56.0248 4252  [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:07:56.0248 4252  MozillaMaintenance - ok
19:07:56.0279 4252  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:07:56.0279 4252  mpio - ok
19:07:56.0295 4252  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:07:56.0295 4252  mpsdrv - ok
19:07:56.0326 4252  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:07:56.0341 4252  MpsSvc - ok
19:07:56.0404 4252  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:07:56.0404 4252  MRxDAV - ok
19:07:56.0435 4252  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:07:56.0435 4252  mrxsmb - ok
19:07:56.0466 4252  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:07:56.0482 4252  mrxsmb10 - ok
19:07:56.0513 4252  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:07:56.0513 4252  mrxsmb20 - ok
19:07:56.0529 4252  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:07:56.0529 4252  msahci - ok
19:07:56.0560 4252  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:07:56.0560 4252  msdsm - ok
19:07:56.0575 4252  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:07:56.0575 4252  MSDTC - ok
19:07:56.0591 4252  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:07:56.0591 4252  Msfs - ok
19:07:56.0607 4252  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:07:56.0607 4252  mshidkmdf - ok
19:07:56.0638 4252  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:07:56.0638 4252  msisadrv - ok
19:07:56.0653 4252  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:07:56.0653 4252  MSiSCSI - ok
19:07:56.0669 4252  msiserver - ok
19:07:56.0685 4252  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:07:56.0685 4252  MSKSSRV - ok
19:07:56.0700 4252  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:07:56.0700 4252  MSPCLOCK - ok
19:07:56.0700 4252  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:07:56.0716 4252  MSPQM - ok
19:07:56.0731 4252  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:07:56.0731 4252  MsRPC - ok
19:07:56.0763 4252  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:07:56.0763 4252  mssmbios - ok
19:07:56.0778 4252  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:07:56.0778 4252  MSTEE - ok
19:07:56.0794 4252  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:07:56.0794 4252  MTConfig - ok
19:07:56.0809 4252  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:07:56.0809 4252  Mup - ok
19:07:56.0825 4252  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:07:56.0825 4252  mwlPSDFilter - ok
19:07:56.0841 4252  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:07:56.0841 4252  mwlPSDNServ - ok
19:07:56.0856 4252  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:07:56.0856 4252  mwlPSDVDisk - ok
19:07:56.0903 4252  [ 22A4905C958BEB68D78385B633C1351B ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
19:07:56.0903 4252  MWLService - ok
19:07:56.0965 4252  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:07:56.0981 4252  napagent - ok
19:07:57.0012 4252  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:07:57.0028 4252  NativeWifiP - ok
19:07:57.0090 4252  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:07:57.0090 4252  NDIS - ok
19:07:57.0106 4252  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:07:57.0106 4252  NdisCap - ok
19:07:57.0121 4252  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:07:57.0121 4252  NdisTapi - ok
19:07:57.0137 4252  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:07:57.0137 4252  Ndisuio - ok
19:07:57.0184 4252  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:07:57.0184 4252  NdisWan - ok
19:07:57.0215 4252  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:07:57.0215 4252  NDProxy - ok
19:07:57.0262 4252  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:07:57.0262 4252  Nero BackItUp Scheduler 4.0 - ok
19:07:57.0324 4252  [ 307BC83250FC8E3B2878D81E7D760299 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
19:07:57.0324 4252  Netaapl - ok
19:07:57.0340 4252  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:07:57.0355 4252  NetBIOS - ok
19:07:57.0387 4252  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:07:57.0387 4252  NetBT - ok
19:07:57.0387 4252  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:07:57.0402 4252  Netlogon - ok
19:07:57.0433 4252  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:07:57.0433 4252  Netman - ok
19:07:57.0465 4252  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:07:57.0480 4252  netprofm - ok
19:07:57.0543 4252  [ F3A1D8B7317939813568992D1BFDDE37 ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
19:07:57.0543 4252  netr7364 - ok
19:07:57.0589 4252  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:07:57.0589 4252  NetTcpPortSharing - ok
19:07:57.0589 4252  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:07:57.0589 4252  nfrd960 - ok
19:07:57.0621 4252  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:07:57.0621 4252  NlaSvc - ok
19:07:57.0636 4252  [ 4903177FC90E77ABEB19021451E9475E ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
19:07:57.0652 4252  nmwcd - ok
19:07:57.0683 4252  [ E6844A4C97E5409BBE24BB4ED000320D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
19:07:57.0683 4252  nmwcdc - ok
19:07:57.0699 4252  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:07:57.0699 4252  Npfs - ok
19:07:57.0730 4252  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:07:57.0730 4252  nsi - ok
19:07:57.0745 4252  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:07:57.0745 4252  nsiproxy - ok
19:07:57.0808 4252  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:07:57.0839 4252  Ntfs - ok
19:07:57.0839 4252  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:07:57.0839 4252  Null - ok
19:07:57.0870 4252  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:07:57.0870 4252  nvraid - ok
19:07:57.0901 4252  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:07:57.0901 4252  nvstor - ok
19:07:57.0933 4252  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:07:57.0933 4252  nv_agp - ok
19:07:57.0979 4252  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:07:57.0995 4252  odserv - ok
19:07:58.0011 4252  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:07:58.0011 4252  ohci1394 - ok
19:07:58.0042 4252  [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService  C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
19:07:58.0042 4252  OpenVPNService - ok
19:07:58.0057 4252  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:07:58.0057 4252  ose - ok
19:07:58.0120 4252  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:07:58.0120 4252  p2pimsvc - ok
19:07:58.0135 4252  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:07:58.0151 4252  p2psvc - ok
19:07:58.0167 4252  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:07:58.0167 4252  Parport - ok
19:07:58.0198 4252  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:07:58.0198 4252  partmgr - ok
19:07:58.0229 4252  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:07:58.0229 4252  PcaSvc - ok
19:07:58.0276 4252  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:07:58.0276 4252  pccsmcfd - ok
19:07:58.0291 4252  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:07:58.0291 4252  pci - ok
19:07:58.0307 4252  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:07:58.0307 4252  pciide - ok
19:07:58.0323 4252  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:07:58.0323 4252  pcmcia - ok
19:07:58.0338 4252  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:07:58.0338 4252  pcw - ok
19:07:58.0354 4252  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:07:58.0369 4252  PEAUTH - ok
19:07:58.0416 4252  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:07:58.0416 4252  PerfHost - ok
19:07:58.0479 4252  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:07:58.0494 4252  pla - ok
19:07:58.0541 4252  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:07:58.0541 4252  PlugPlay - ok
19:07:58.0588 4252  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:07:58.0588 4252  PNRPAutoReg - ok
19:07:58.0588 4252  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:07:58.0603 4252  PNRPsvc - ok
19:07:58.0635 4252  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:07:58.0650 4252  PolicyAgent - ok
19:07:58.0681 4252  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:07:58.0681 4252  Power - ok
19:07:58.0697 4252  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:07:58.0713 4252  PptpMiniport - ok
19:07:58.0713 4252  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:07:58.0713 4252  Processor - ok
19:07:58.0744 4252  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:07:58.0759 4252  ProfSvc - ok
19:07:58.0759 4252  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:07:58.0775 4252  ProtectedStorage - ok
19:07:58.0806 4252  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:07:58.0806 4252  Psched - ok
19:07:58.0837 4252  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:07:58.0869 4252  ql2300 - ok
19:07:58.0869 4252  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:07:58.0884 4252  ql40xx - ok
19:07:58.0900 4252  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:07:58.0900 4252  QWAVE - ok
19:07:58.0900 4252  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:07:58.0900 4252  QWAVEdrv - ok
19:07:58.0978 4252  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
19:07:58.0978 4252  RapiMgr - ok
19:07:58.0993 4252  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:07:58.0993 4252  RasAcd - ok
19:07:59.0025 4252  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:07:59.0025 4252  RasAgileVpn - ok
19:07:59.0040 4252  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:07:59.0040 4252  RasAuto - ok
19:07:59.0056 4252  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:07:59.0071 4252  Rasl2tp - ok
19:07:59.0103 4252  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:07:59.0118 4252  RasMan - ok
19:07:59.0134 4252  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:07:59.0134 4252  RasPppoe - ok
19:07:59.0149 4252  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:07:59.0149 4252  RasSstp - ok
19:07:59.0165 4252  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:07:59.0165 4252  rdbss - ok
19:07:59.0181 4252  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:07:59.0181 4252  rdpbus - ok
19:07:59.0196 4252  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:07:59.0196 4252  RDPCDD - ok
19:07:59.0212 4252  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:07:59.0212 4252  RDPENCDD - ok
19:07:59.0243 4252  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:07:59.0243 4252  RDPREFMP - ok
19:07:59.0305 4252  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:07:59.0305 4252  RdpVideoMiniport - ok
19:07:59.0337 4252  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:07:59.0337 4252  RDPWD - ok
19:07:59.0368 4252  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:07:59.0383 4252  rdyboost - ok
19:07:59.0399 4252  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:07:59.0399 4252  RemoteAccess - ok
19:07:59.0430 4252  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:07:59.0430 4252  RemoteRegistry - ok
19:07:59.0477 4252  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
19:07:59.0477 4252  RichVideo - ok
19:07:59.0493 4252  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:07:59.0493 4252  RpcEptMapper - ok
19:07:59.0508 4252  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:07:59.0508 4252  RpcLocator - ok
19:07:59.0555 4252  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:07:59.0555 4252  RpcSs - ok
19:07:59.0571 4252  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:07:59.0586 4252  rspndr - ok
19:07:59.0633 4252  [ C5CD940EFFADE1F6246730BCA14E9FE6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:07:59.0649 4252  RTL8167 - ok
19:07:59.0680 4252  [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
19:07:59.0680 4252  s0016bus - ok
19:07:59.0680 4252  [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
19:07:59.0680 4252  s0016mdfl - ok
19:07:59.0695 4252  [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
19:07:59.0711 4252  s0016mdm - ok
19:07:59.0727 4252  [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
19:07:59.0727 4252  s0016mgmt - ok
19:07:59.0727 4252  [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
19:07:59.0727 4252  s0016nd5 - ok
19:07:59.0742 4252  [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
19:07:59.0758 4252  s0016obex - ok
19:07:59.0773 4252  [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
19:07:59.0773 4252  s0016unic - ok
19:07:59.0773 4252  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:07:59.0773 4252  SamSs - ok
19:07:59.0805 4252  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:07:59.0805 4252  sbp2port - ok
19:07:59.0820 4252  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:07:59.0836 4252  SCardSvr - ok
19:07:59.0851 4252  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:07:59.0851 4252  scfilter - ok
19:07:59.0898 4252  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:07:59.0914 4252  Schedule - ok
19:07:59.0961 4252  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:07:59.0961 4252  SCPolicySvc - ok
19:07:59.0992 4252  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:07:59.0992 4252  SDRSVC - ok
19:08:00.0007 4252  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:08:00.0007 4252  secdrv - ok
19:08:00.0039 4252  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:08:00.0039 4252  seclogon - ok
19:08:00.0085 4252  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:08:00.0085 4252  SENS - ok
19:08:00.0101 4252  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:08:00.0101 4252  SensrSvc - ok
19:08:00.0117 4252  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:08:00.0117 4252  Serenum - ok
19:08:00.0132 4252  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:08:00.0132 4252  Serial - ok
19:08:00.0163 4252  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:08:00.0163 4252  sermouse - ok
19:08:00.0241 4252  [ 289E853881E688286AD24299FCC485D8 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:08:00.0241 4252  ServiceLayer - ok
19:08:00.0288 4252  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:08:00.0288 4252  SessionEnv - ok
19:08:00.0319 4252  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:08:00.0319 4252  sffdisk - ok
19:08:00.0351 4252  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:08:00.0351 4252  sffp_mmc - ok
19:08:00.0351 4252  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:08:00.0351 4252  sffp_sd - ok
19:08:00.0366 4252  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:08:00.0366 4252  sfloppy - ok
19:08:00.0397 4252  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:08:00.0413 4252  SharedAccess - ok
19:08:00.0444 4252  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:08:00.0444 4252  ShellHWDetection - ok
19:08:00.0460 4252  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:08:00.0475 4252  SiSRaid2 - ok
19:08:00.0475 4252  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:08:00.0491 4252  SiSRaid4 - ok
19:08:00.0522 4252  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:08:00.0522 4252  Smb - ok
19:08:00.0522 4252  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:08:00.0538 4252  SNMPTRAP - ok
19:08:00.0616 4252  [ 86216565B0E5CC28FC7D305EC80457D4 ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
19:08:00.0616 4252  Sony Ericsson PCCompanion - ok
19:08:00.0616 4252  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:08:00.0631 4252  spldr - ok
19:08:00.0663 4252  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:08:00.0678 4252  Spooler - ok
19:08:00.0787 4252  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:08:00.0865 4252  sppsvc - ok
19:08:00.0881 4252  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:08:00.0897 4252  sppuinotify - ok
19:08:00.0928 4252  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:08:00.0943 4252  srv - ok
19:08:00.0959 4252  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:08:00.0975 4252  srv2 - ok
19:08:00.0975 4252  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:08:00.0990 4252  srvnet - ok
19:08:01.0006 4252  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:08:01.0006 4252  SSDPSRV - ok
19:08:01.0021 4252  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:08:01.0021 4252  SstpSvc - ok
19:08:01.0037 4252  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:08:01.0037 4252  stexstor - ok
19:08:01.0068 4252  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
19:08:01.0084 4252  StillCam - ok
19:08:01.0131 4252  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:08:01.0131 4252  stisvc - ok
19:08:01.0177 4252  [ 6F715D00024CB60C2B60278425AD6EC2 ] SWDUMon         C:\Windows\system32\DRIVERS\SWDUMon.sys
19:08:01.0177 4252  SWDUMon - ok
19:08:01.0209 4252  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:08:01.0209 4252  swenum - ok
19:08:01.0224 4252  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:08:01.0240 4252  swprv - ok
19:08:01.0302 4252  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:08:01.0333 4252  SysMain - ok
19:08:01.0349 4252  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:08:01.0349 4252  TabletInputService - ok
19:08:01.0396 4252  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
19:08:01.0396 4252  tap0901 - ok
19:08:01.0411 4252  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:08:01.0411 4252  TapiSrv - ok
19:08:01.0443 4252  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:08:01.0443 4252  TBS - ok
19:08:01.0521 4252  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:08:01.0567 4252  Tcpip - ok
19:08:01.0599 4252  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:08:01.0614 4252  TCPIP6 - ok
19:08:01.0645 4252  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:08:01.0645 4252  tcpipreg - ok
19:08:01.0661 4252  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:08:01.0661 4252  TDPIPE - ok
19:08:01.0677 4252  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:08:01.0677 4252  TDTCP - ok
19:08:01.0723 4252  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:08:01.0723 4252  tdx - ok
19:08:01.0739 4252  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:08:01.0739 4252  TermDD - ok
19:08:01.0770 4252  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:08:01.0786 4252  TermService - ok
19:08:01.0801 4252  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:08:01.0801 4252  Themes - ok
19:08:01.0833 4252  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:08:01.0833 4252  THREADORDER - ok
19:08:01.0833 4252  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:08:01.0833 4252  TrkWks - ok
19:08:01.0895 4252  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:08:01.0895 4252  TrustedInstaller - ok
19:08:01.0926 4252  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:08:01.0926 4252  tssecsrv - ok
19:08:01.0957 4252  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:08:01.0957 4252  TsUsbFlt - ok
19:08:01.0989 4252  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:08:01.0989 4252  tunnel - ok
19:08:02.0004 4252  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:08:02.0004 4252  uagp35 - ok
19:08:02.0035 4252  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:08:02.0035 4252  udfs - ok
19:08:02.0067 4252  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:08:02.0067 4252  UI0Detect - ok
19:08:02.0098 4252  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:08:02.0098 4252  uliagpkx - ok
19:08:02.0129 4252  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:08:02.0129 4252  umbus - ok
19:08:02.0129 4252  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:08:02.0129 4252  UmPass - ok
19:08:02.0176 4252  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:08:02.0176 4252  Updater Service - ok
19:08:02.0207 4252  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:08:02.0207 4252  upnphost - ok
19:08:02.0238 4252  [ 907F50B8695DAA65A9445D27AD306E65 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:08:02.0238 4252  upperdev - ok
19:08:02.0269 4252  [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:08:02.0269 4252  USBAAPL64 - ok
19:08:02.0301 4252  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
19:08:02.0301 4252  usbccgp - ok
19:08:02.0332 4252  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:08:02.0332 4252  usbcir - ok
19:08:02.0332 4252  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:08:02.0332 4252  usbehci - ok
19:08:02.0363 4252  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:08:02.0363 4252  usbhub - ok
19:08:02.0394 4252  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:08:02.0394 4252  usbohci - ok
19:08:02.0394 4252  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:08:02.0394 4252  usbprint - ok
19:08:02.0441 4252  [ B5E6C4F280EBF0B16F74A5B415F2E0DF ] USBS3S4Detection C:\OEM\USBDECTION\USBS3S4Detection.exe
19:08:02.0441 4252  USBS3S4Detection - ok
19:08:02.0488 4252  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
19:08:02.0488 4252  usbser - ok
19:08:02.0535 4252  [ 3F7498527B48657091C355F683BEB0DD ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
19:08:02.0535 4252  UsbserFilt - ok
19:08:02.0535 4252  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:08:02.0535 4252  USBSTOR - ok
19:08:02.0550 4252  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:08:02.0550 4252  usbuhci - ok
19:08:02.0566 4252  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:08:02.0566 4252  UxSms - ok
19:08:02.0581 4252  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:08:02.0581 4252  VaultSvc - ok
19:08:02.0597 4252  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:08:02.0597 4252  vdrvroot - ok
19:08:02.0628 4252  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:08:02.0644 4252  vds - ok
19:08:02.0644 4252  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:08:02.0644 4252  vga - ok
19:08:02.0644 4252  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:08:02.0644 4252  VgaSave - ok
19:08:02.0691 4252  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:08:02.0691 4252  vhdmp - ok
19:08:02.0706 4252  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:08:02.0706 4252  viaide - ok
19:08:02.0722 4252  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:08:02.0737 4252  volmgr - ok
19:08:02.0769 4252  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:08:02.0784 4252  volmgrx - ok
19:08:02.0800 4252  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:08:02.0800 4252  volsnap - ok
19:08:02.0815 4252  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:08:02.0815 4252  vsmraid - ok
19:08:02.0862 4252  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:08:02.0893 4252  VSS - ok
19:08:02.0909 4252  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:08:02.0909 4252  vwifibus - ok
19:08:02.0940 4252  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:08:02.0940 4252  vwififlt - ok
19:08:02.0956 4252  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:08:02.0956 4252  vwifimp - ok
19:08:02.0987 4252  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:08:02.0987 4252  W32Time - ok
19:08:03.0003 4252  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:08:03.0003 4252  WacomPen - ok
19:08:03.0018 4252  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:08:03.0018 4252  WANARP - ok
19:08:03.0034 4252  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:08:03.0034 4252  Wanarpv6 - ok
19:08:03.0081 4252  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:08:03.0112 4252  wbengine - ok
19:08:03.0127 4252  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:08:03.0127 4252  WbioSrvc - ok
19:08:03.0174 4252  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
19:08:03.0174 4252  WcesComm - ok
19:08:03.0205 4252  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:08:03.0205 4252  wcncsvc - ok
19:08:03.0237 4252  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:08:03.0237 4252  WcsPlugInService - ok
19:08:03.0252 4252  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:08:03.0252 4252  Wd - ok
19:08:03.0283 4252  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:08:03.0299 4252  Wdf01000 - ok
19:08:03.0299 4252  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:08:03.0299 4252  WdiServiceHost - ok
19:08:03.0315 4252  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:08:03.0315 4252  WdiSystemHost - ok
19:08:03.0346 4252  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:08:03.0346 4252  WebClient - ok
19:08:03.0361 4252  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:08:03.0361 4252  Wecsvc - ok
19:08:03.0377 4252  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:08:03.0377 4252  wercplsupport - ok
19:08:03.0393 4252  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:08:03.0393 4252  WerSvc - ok
19:08:03.0393 4252  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:08:03.0408 4252  WfpLwf - ok
19:08:03.0424 4252  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:08:03.0424 4252  WIMMount - ok
19:08:03.0439 4252  WinDefend - ok
19:08:03.0439 4252  WinHttpAutoProxySvc - ok
19:08:03.0486 4252  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:08:03.0486 4252  Winmgmt - ok
19:08:03.0549 4252  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:08:03.0595 4252  WinRM - ok
19:08:03.0673 4252  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:08:03.0673 4252  WinUsb - ok
19:08:03.0689 4252  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:08:03.0705 4252  Wlansvc - ok
19:08:03.0736 4252  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:08:03.0736 4252  WmiAcpi - ok
19:08:03.0751 4252  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:08:03.0751 4252  wmiApSrv - ok
19:08:03.0767 4252  WMPNetworkSvc - ok
19:08:03.0783 4252  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:08:03.0783 4252  WPCSvc - ok
19:08:03.0798 4252  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:08:03.0798 4252  WPDBusEnum - ok
19:08:03.0798 4252  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:08:03.0814 4252  ws2ifsl - ok
19:08:03.0829 4252  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:08:03.0829 4252  wscsvc - ok
19:08:03.0861 4252  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
19:08:03.0861 4252  WSDPrintDevice - ok
19:08:03.0876 4252  WSearch - ok
19:08:03.0954 4252  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:08:04.0001 4252  wuauserv - ok
19:08:04.0032 4252  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:08:04.0032 4252  WudfPf - ok
19:08:04.0048 4252  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:04.0063 4252  WUDFRd - ok
19:08:04.0079 4252  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:08:04.0079 4252  wudfsvc - ok
19:08:04.0110 4252  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:08:04.0110 4252  WwanSvc - ok
19:08:04.0219 4252  ================ Scan global ===============================
19:08:04.0219 4252  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:08:04.0251 4252  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:08:04.0251 4252  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:08:04.0266 4252  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:08:04.0297 4252  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:08:04.0313 4252  [Global] - ok
19:08:04.0313 4252  ================ Scan MBR ==================================
19:08:04.0329 4252  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:08:04.0531 4252  \Device\Harddisk0\DR0 - ok
19:08:04.0531 4252  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:08:06.0466 4252  \Device\Harddisk1\DR1 - ok
19:08:06.0466 4252  ================ Scan VBR ==================================
19:08:06.0466 4252  [ B57F793D31CCF623B804A8D8D8DA0EDC ] \Device\Harddisk0\DR0\Partition1
19:08:06.0466 4252  \Device\Harddisk0\DR0\Partition1 - ok
19:08:06.0481 4252  [ 93A065B17F3FCBC77761D9F5F2F0A9CB ] \Device\Harddisk0\DR0\Partition2
19:08:06.0481 4252  \Device\Harddisk0\DR0\Partition2 - ok
19:08:06.0497 4252  [ B70BC37F2FBBF0A2B167933B878DE5F0 ] \Device\Harddisk0\DR0\Partition3
19:08:06.0497 4252  \Device\Harddisk0\DR0\Partition3 - ok
19:08:06.0497 4252  [ 971EE0732AF0A2595298C68B9B0AB694 ] \Device\Harddisk1\DR1\Partition1
19:08:06.0497 4252  \Device\Harddisk1\DR1\Partition1 - ok
19:08:06.0497 4252  ============================================================
19:08:06.0497 4252  Scan finished
19:08:06.0497 4252  ============================================================
19:08:06.0513 2928  Detected object count: 0
19:08:06.0513 2928  Actual detected object count: 0
19:08:09.0601 3640  Deinitialize success
         

Alt 05.05.2013, 09:49   #5
daalbock
 
Trojaner MitB PC1 - Standard

Trojaner MitB PC1



Analog zu PC3 hab ich hier mal den Malware Log:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
***** :: *****-PC [Administrator]

Schutz: Aktiviert

05.05.2013 09:55:19
mbam-log-2013-05-05 (09-55-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 424968
Laufzeit: 40 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Der ESET Scan lieferte keine Funde!


Alt 06.05.2013, 07:10   #6
Psychotic
/// Malwareteam
 
Trojaner MitB PC1 - Standard

Trojaner MitB PC1



same here...


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).







Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
--> Trojaner MitB PC1

Alt 08.05.2013, 11:56   #7
Psychotic
/// Malwareteam
 
Trojaner MitB PC1 - Standard

Trojaner MitB PC1



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 12.05.2013, 09:22   #8
daalbock
 
Trojaner MitB PC1 - Standard

Trojaner MitB PC1



Die genannten Punkte sind in Bearbeitung... :-)

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 12/05/2013 um 10:23:08 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Gast\AppData\Local\Temp\boost_interprocess
Ordner Gefunden : C:\Users\*****\AppData\Local\Temp\boost_interprocess
Ordner Gefunden : C:\Users\*****\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

*************************

AdwCleaner[R1].txt - [2218 octets] - [12/05/2013 10:23:08]

########## EOF - C:\AdwCleaner[R1].txt - [2278 octets] ##########
         
--- --- ---

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 22
Java 2 Runtime Environment Standard Edition 1.3.1_20
Java version out of Date!
Adobe Flash Player 11.2.202.235 Flash Player out of Date!
Adobe Reader 10.1.0 Adobe Reader out of Date!
Mozilla Thunderbird (17.0.)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 12/05/2013 um 10:41:09 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\*****\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

*************************

AdwCleaner[R1].txt - [2343 octets] - [12/05/2013 10:23:08]
AdwCleaner[R2].txt - [2403 octets] - [12/05/2013 10:39:58]
AdwCleaner[S1].txt - [2340 octets] - [12/05/2013 10:41:09]

########## EOF - C:\AdwCleaner[S1].txt - [2400 octets] ##########
         
--- --- ---

Alt 13.05.2013, 05:32   #9
Psychotic
/// Malwareteam
 
Trojaner MitB PC1 - Standard

Trojaner MitB PC1



Schritt 1: Java update


Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme, speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version herunterladen.
  • Wenn die Installation beendet wurde, gehe zu Start --> Systemsteuerung --> Programme und Funktionen (bzw. Software unter Windows XP) und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu, sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart:
  • Öffne die Systemsteuerung und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen ....
  • Gehe sicher, dass überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.




Schritt 2: Adobe Flash Player update


Dein Flash-Player ist veraltet. Da gerade diese Software gerne von Schädlingen als Sprungbrett ins System genutzt wird, muss sie immer aktuell gehalten werden.
Um den Flash Player zu aktualisieren, gehe bitte wie folgt vor:
  • Lade dir den aktuellen Adobe Flash Player von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
  • Starte das Setup und folge den Anweisungen auf dem Bildschirm.
  • Melde dich umgehend, falls Schwierigkeiten auftreten.




Schritt 3: Adobe Reader update


Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.

  • Lade dir den aktuellen Adobe Reader von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
  • Starte die Installation und folge den Anweisungen auf dem Bildschirm.
  • Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
  • Suche und entferne alle älteren Reader-Versionen.



Defogger re-enable

Starte bitte den Defogger und klicke den re-enable Button




Systemwiederherstellungspunkte löschen

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:Commands
[clearallrestorepoints]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.




OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.




adwCleaner

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.
Antviren-Software
  • Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
    Eine Auswahl kostenloser Antivirenprogramme:
Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.
Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.
Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 13.05.2013, 18:28   #10
daalbock
 
Trojaner MitB PC1 - Standard

Trojaner MitB PC1



So, das wäre erledigt... :-)

An dieser Stelle das erste mal vielen Dank!

Alt 14.05.2013, 05:58   #11
Psychotic
/// Malwareteam
 
Trojaner MitB PC1 - Standard

Trojaner MitB PC1



Schön, dass wir helfen konnten!


Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu Trojaner MitB PC1
antivirus, bho, bonjour, ebanking, error, excel, firefox, format, google, helper, home, iexplore.exe, internet security 2013, kaspersky, kaspersky internet security 2013, logfile, monitor, mozilla, object, realtek, registry, scan, security, software, symantec, tastatur, trojaner, windows



Ähnliche Themen: Trojaner MitB PC1


  1. Hinweis der Sparkasse wegen MITB-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.06.2014 (13)
  2. Hinweis der Sparkasse wegen MITB-Trojaner
    Lob, Kritik und Wünsche - 23.06.2014 (0)
  3. Konten gesperrt - MITB Trojaner - mehrere Computer
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (8)
  4. Trojaner mitb entfernen - Sparkassen Info
    Plagegeister aller Art und deren Bekämpfung - 16.06.2014 (3)
  5. Trojaner "mitb" laut Sparkasse auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (15)
  6. Windows 7: mitb Trojaner - Onlinebanking wurde von Bank gesperrt
    Log-Analyse und Auswertung - 04.06.2014 (1)
  7. MITB Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.05.2014 (13)
  8. MITB - online Banking gesperrt - 1&1 meldet Zeus per Mail
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (29)
  9. Online Banking gesperrt. PC mit mitb kompromittiert?
    Log-Analyse und Auswertung - 20.05.2013 (11)
  10. Trojaner MitB PC 2
    Log-Analyse und Auswertung - 15.05.2013 (10)
  11. Trojaner MitB PC3
    Log-Analyse und Auswertung - 14.05.2013 (21)
  12. MITB Trojaner Online Banking gesperrt Avira Free Version findet nichts
    Plagegeister aller Art und deren Bekämpfung - 08.05.2013 (13)
  13. Trojaner MitB
    Log-Analyse und Auswertung - 05.05.2013 (11)
  14. Trojaner MitB
    Mülltonne - 03.05.2013 (1)
  15. Wegen "MitB" internetbanking von Sparkasse gesperrt.
    Log-Analyse und Auswertung - 04.02.2013 (9)

Zum Thema Trojaner MitB PC1 - OTL logfile created on: 02.05.2013 19:05:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type - Trojaner MitB PC1...
Archiv
Du betrachtest: Trojaner MitB PC1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.