Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.05.2013, 16:49   #1
2806
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



Hallo,
gestern hat Kaspersky zwei Trojaner gemeldet und den einen in die Quarantäne gesetzt. Der Andere steht auf Inaktiv. Wenn ich das richtig sehe, kommt einer davon aus Ebay.

Ich habe die hier genannten Programm durchlaufen lassen:
Code:
ATTFilter
OTL logfile created on: 5/11/2013 5:22:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.87 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 65.65% Memory free
7.74 Gb Paging File | 6.51 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230.19 Gb Total Space | 185.67 Gb Free Space | 80.66% Space Free | Partition Type: NTFS
Drive D: | 217.90 Gb Total Space | 217.80 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
 
Computer Name: ***  | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/11 17:21:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012/03/19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/12 15:30:06 | 000,897,024 | ---- | M] (Conexant Systems, Inc) -- C:\Program Files\Conexant\SAII\SmartAudio.exe
PRC - [2011/09/01 15:19:56 | 000,440,320 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/11/17 14:26:10 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/11/17 14:26:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/03/30 08:40:20 | 000,113,296 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/12/17 03:07:04 | 000,341,304 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!\IWatch.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/16 12:58:40 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/16 12:58:39 | 001,874,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\7f2bf37f8a9e93b10371fb98e1de9c6e\SmartAudio.ni.exe
MOD - [2013/02/16 11:50:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/10 04:39:46 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll
MOD - [2013/01/10 04:39:45 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\17d80cb05b074470c1e8d07eb3bc7a8c\Interop.CxHDAudioAPILib.ni.dll
MOD - [2013/01/10 04:28:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 04:28:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 04:28:35 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 04:28:17 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 04:28:14 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 04:28:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 04:28:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 04:27:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 04:27:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 04:27:49 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/03/12 15:30:08 | 000,958,976 | ---- | M] () -- C:\Program Files\Conexant\SAII\SmartAudio.Desktop.dll
MOD - [2011/02/11 16:46:15 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2010/11/21 05:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/26 22:02:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/30 15:18:43 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/03/19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/01 15:19:56 | 000,440,320 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/11/17 14:26:10 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/11/17 14:26:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/10/30 15:19:03 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/04/13 16:11:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/04/13 16:11:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/07 13:12:06 | 001,581,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/11 12:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/13 09:53:42 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/02/24 11:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/02/24 11:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 22:36:03 | 000,899,328 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fpcibase.sys -- (FPCIBASE)
DRV:64bit: - [2009/06/10 22:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {32B44E8F-207F-427F-91E1-0A278E8491C5}
IE:64bit: - HKLM\..\SearchScopes\{32B44E8F-207F-427F-91E1-0A278E8491C5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {32B44E8F-207F-427F-91E1-0A278E8491C5}
IE - HKLM\..\SearchScopes\{32B44E8F-207F-427F-91E1-0A278E8491C5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ts.fujitsu.com
IE - HKCU\..\SearchScopes,DefaultScope = {32B44E8F-207F-427F-91E1-0A278E8491C5}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 15:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 15:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 15:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/26 21:55:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/04/26 21:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/04/10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/04/10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/04/10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/04/10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/04/10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4:64bit: - HKLM..\RunOnce: [BrowserChoice] C:\Windows\SysNative\browserchoice.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BA35DE4-8F5F-4A20-8D4E-29B3F9326D55}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/26 22:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/26 22:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/04/26 22:08:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/04/26 22:08:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/26 21:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/04/26 21:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/26 21:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/11 17:20:14 | 000,000,000 | ---- | M] () -- C:\Users\Anwender\defogger_reenable
[2013/05/11 16:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/11 08:08:08 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/11 08:08:08 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/11 08:06:53 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/11 08:06:53 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/05/11 08:06:53 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/11 08:06:53 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/05/11 08:06:53 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/11 08:00:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/11 08:00:48 | 3118,350,336 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/26 22:10:18 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/26 22:08:44 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/26 21:55:15 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2013/05/11 17:20:14 | 000,000,000 | ---- | C] () -- C:\Users\Anwender\defogger_reenable
[2013/04/26 22:10:18 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/26 22:08:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/04/26 22:08:44 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/04/13 16:08:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/08/12 11:47:01 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/05/25 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\FRITZ!
[2012/05/25 12:27:48 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Fujitsu Launch Center
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 5/11/2013 5:22:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.87 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 65.65% Memory free
7.74 Gb Paging File | 6.51 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230.19 Gb Total Space | 185.67 Gb Free Space | 80.66% Space Free | Partition Type: NTFS
Drive D: | 217.90 Gb Total Space | 217.80 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03647B49-03B5-4497-A591-98A6757C9FF8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{170A0703-1F95-4C14-A4B8-3E58DF36377A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2D5D1557-6D37-4862-858A-AABD7D244E5A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{40F719D8-2B6F-4BB2-B0C4-08337FF9C32E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{490C2A2C-6A03-4A52-BF6D-FBDDEC3CCA45}" = lport=139 | protocol=6 | dir=in | app=system | 
"{52BCFC5B-335A-4B88-AE06-25E23B523327}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5949A226-C38B-491A-9288-1DBA7F064871}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64B69C91-CB50-4397-A773-B444252D4B76}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6844CEEB-5AF1-4516-A406-1D25F007E347}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6DF092AB-7709-4E34-A3E4-DB7605CD55F7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{799575C4-FC61-4CF4-B09E-D2A22824EF0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7B2AE9EA-E278-4CFD-B9BA-15CA9CE41B81}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{93980BB2-80C8-42B3-ACD0-0DB114FDF3AE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A381539A-72DF-4A94-A47D-D44699B2D8DE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B1189A93-ECF1-43AE-AA61-FA0F2E8BB64B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CBF2420F-4BAF-4165-9417-E303A5903925}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D1F9C906-29F4-47B0-9C82-E985EE661C1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{F258A6D0-262A-45CA-8240-8D3B8439C51E}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07773604-1471-4024-A051-6D0BC558B38C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{36B8F770-0B8A-41B7-81C9-19B56B08AEDE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5FB4D5B7-2CEF-4CB7-B0AA-53C1AED78C7B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{6DD0D9A9-0650-428B-9E92-08D462268E81}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{878D9AA7-C66B-4A0B-9E18-96D44CDA9152}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{92758C8C-BFE0-42CE-943D-D6DFDC7DE75B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{C1349FB7-4EA6-4E52-8497-E8BF553D805D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{C66F65A1-E382-43EE-A1B3-F12375E69228}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{D10DBC60-CB58-4EC3-A342-401D87546B42}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{D2E8E590-5879-4AA1-BD4C-5A6233C605B3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{E15C82AA-C4B4-4DF0-8D3F-F41E30200CA3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E8A2F9E5-B2E6-4BE5-A29A-C0E07132966D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F27E9436-08C0-4E46-B44C-D98E3FD1E938}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{E8CA6199-4625-4393-9A12-56910ADAE828}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | 
"UDP Query User{0A4AF9C7-6F20-462F-B1D7-EDEC2F757418}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"DeskUpdate_is1" = DeskUpdate 4.12
"FRITZ! 2.0" = AVM FRITZ!
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/3/2013 7:30:41 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0xe34  Startzeit der fehlerhaften Anwendung: 0x01ce47f18f0f5403  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 e212be73-b3e4-11e2-8253-404e57434401
 
Error - 5/6/2013 2:34:21 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/6/2013 2:41:10 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/6/2013 7:26:24 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/7/2013 2:42:21 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/7/2013 6:08:07 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 5/8/2013 1:46:58 AM | Computer Name = ***| Source = WinMgmt | ID = 10
Description = 
 
Error - 5/9/2013 4:08:50 AM | Computer Name = ***| Source = WinMgmt | ID = 10
Description = 
 
Error - 5/10/2013 1:58:52 AM | Computer Name = ***| Source = WinMgmt | ID = 10
Description = 
 
Error - 5/11/2013 2:02:44 AM | Computer Name = ***| Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 2/27/2013 3:08:10 AM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?02.?2013 um 21:31:54 unerwartet heruntergefahren.
 
Error - 3/5/2013 2:46:52 AM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?03.?2013 um 18:17:24 unerwartet heruntergefahren.
 
Error - 3/6/2013 3:02:30 AM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?03.?2013 um 21:44:05 unerwartet heruntergefahren.
 
Error - 3/9/2013 4:57:47 AM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?03.?2013 um 21:35:23 unerwartet heruntergefahren.
 
Error - 3/13/2013 4:01:12 PM | Computer Name = ELEKTROKFRANZ | Source = DCOM | ID = 10010
Description = 
 
Error - 3/14/2013 4:47:24 AM | Computer Name = ***| Source = Application Popup | ID = 877
Description = Fehler [DATABASE OPEN FAILED] beim Verarbeiten der Treiberdatenbank.
 
Error - 3/26/2013 12:49:35 PM | Computer Name = ***| Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
 
Error - 3/26/2013 12:50:19 PM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?03.?2013 um 17:49:09 unerwartet heruntergefahren.
 
Error - 3/30/2013 8:06:48 AM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?03.?2013 um 19:21:44 unerwartet heruntergefahren.
 
Error - 4/2/2013 1:35:25 AM | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?04.?2013 um 19:46:12 unerwartet heruntergefahren.
 
 
< End of report >
         
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-11 17:37:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JP2O 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Anwender\AppData\Local\Temp\uxldruob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                             fffff80002bfd000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626                                                                             fffff80002bfd042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000751c1465 2 bytes [1C, 75]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000751c14bb 2 bytes [1C, 75]
.text     ...                                                                                                                                            * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [2800:4420]                                                                                                    000007fef2e59688

---- EOF - GMER 2.1 ----
         
Danke vorab für die Hilfe

Alt 11.05.2013, 16:52   #2
markusg
/// Malware-holic
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



Hi
poste die Kaspersky Funde, danke.
__________________

__________________

Alt 11.05.2013, 16:55   #3
2806
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



Hey, hoffe das meinst du:

Code:
ATTFilter
Typ: trojanisches Programm (2)	
HEUR:Trojan.Script.Generic	Unter Quarantäne	10.05.2013 17:13:44	
HEUR:Trojan.Script.Generic	Inaktiv	10.05.2013 17:01:16
         
__________________

Geändert von 2806 (11.05.2013 um 17:02 Uhr)

Alt 11.05.2013, 17:05   #4
markusg
/// Malware-holic
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



Gabs keine Pfadangaben (quelle)?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.05.2013, 17:13   #5
2806
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



Code:
ATTFilter
C:\Documents and Settings\All Users\Kaspersky Lab\AVP12\Temp\crypt\01F26B98_67c_Crypt_io_copy.tmp
         
Status: Unter Quarantäne

Code:
ATTFilter
hxxp://my.ebay.de/ws/eBayISAPI.dll?
MyEbayBeta&CurrentPage=MyeBayNextSelling&ssPageName=STRK:ME:LNLK:MESEX[28]
         
Status: Inaktiv


das steht unter detallierter Bericht.
Leider kann man das dort nicht rauskopieren


Alt 11.05.2013, 17:14   #6
markusg
/// Malware-holic
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



ok,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic

Alt 11.05.2013, 17:35   #7
2806
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



Code:
ATTFilter
18:29:16.0468 4192  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:29:16.0793 4192  ============================================================
18:29:16.0793 4192  Current date / time: 2013/05/11 18:29:16.0793
18:29:16.0793 4192  SystemInfo:
18:29:16.0793 4192  
18:29:16.0793 4192  OS Version: 6.1.7601 ServicePack: 1.0
18:29:16.0793 4192  Product type: Workstation
18:29:16.0793 4192  ComputerName: ***
18:29:16.0793 4192  UserName: Anwender
18:29:16.0793 4192  Windows directory: C:\Windows
18:29:16.0793 4192  System windows directory: C:\Windows
18:29:16.0793 4192  Running under WOW64
18:29:16.0793 4192  Processor architecture: Intel x64
18:29:16.0793 4192  Number of processors: 2
18:29:16.0793 4192  Page size: 0x1000
18:29:16.0793 4192  Boot type: Normal boot
18:29:16.0793 4192  ============================================================
18:29:18.0305 4192  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:29:18.0317 4192  ============================================================
18:29:18.0317 4192  \Device\Harddisk0\DR0:
18:29:18.0318 4192  MBR partitions:
18:29:18.0330 4192  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x402000, BlocksNum 0x1CC5F000
18:29:18.0373 4192  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D061800, BlocksNum 0x1B3CB800
18:29:18.0474 4192  ============================================================
18:29:18.0528 4192  C: <-> \Device\Harddisk0\DR0\Partition1
18:29:18.0608 4192  D: <-> \Device\Harddisk0\DR0\Partition2
18:29:18.0608 4192  ============================================================
18:29:18.0608 4192  Initialize success
18:29:18.0608 4192  ============================================================
18:30:08.0271 4800  ============================================================
18:30:08.0271 4800  Scan started
18:30:08.0271 4800  Mode: Manual; SigCheck; TDLFS; 
18:30:08.0271 4800  ============================================================
18:30:09.0317 4800  ================ Scan system memory ========================
18:30:09.0317 4800  System memory - ok
18:30:09.0317 4800  ================ Scan services =============================
18:30:09.0535 4800  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:30:09.0691 4800  1394ohci - ok
18:30:09.0753 4800  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:30:09.0769 4800  ACPI - ok
18:30:09.0847 4800  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:30:09.0894 4800  AcpiPmi - ok
18:30:09.0956 4800  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:30:09.0972 4800  AdobeARMservice - ok
18:30:10.0065 4800  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:30:10.0065 4800  AdobeFlashPlayerUpdateSvc - ok
18:30:10.0097 4800  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:30:10.0128 4800  adp94xx - ok
18:30:10.0159 4800  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:30:10.0175 4800  adpahci - ok
18:30:10.0190 4800  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:30:10.0221 4800  adpu320 - ok
18:30:10.0237 4800  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:30:10.0346 4800  AeLookupSvc - ok
18:30:10.0393 4800  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:30:10.0440 4800  AFD - ok
18:30:10.0471 4800  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:30:10.0487 4800  agp440 - ok
18:30:10.0502 4800  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:30:10.0533 4800  ALG - ok
18:30:10.0565 4800  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:30:10.0580 4800  aliide - ok
18:30:10.0580 4800  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:30:10.0596 4800  amdide - ok
18:30:10.0627 4800  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:30:10.0658 4800  AmdK8 - ok
18:30:10.0674 4800  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:30:10.0705 4800  AmdPPM - ok
18:30:10.0721 4800  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:30:10.0736 4800  amdsata - ok
18:30:10.0752 4800  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:30:10.0767 4800  amdsbs - ok
18:30:10.0767 4800  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:30:10.0783 4800  amdxata - ok
18:30:10.0799 4800  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:30:10.0908 4800  AppID - ok
18:30:10.0939 4800  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:30:10.0986 4800  AppIDSvc - ok
18:30:11.0001 4800  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:30:11.0064 4800  Appinfo - ok
18:30:11.0095 4800  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:30:11.0126 4800  AppMgmt - ok
18:30:11.0142 4800  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
18:30:11.0142 4800  arc - ok
18:30:11.0173 4800  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:30:11.0204 4800  arcsas - ok
18:30:11.0282 4800  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:30:11.0313 4800  aspnet_state - ok
18:30:11.0345 4800  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:30:11.0391 4800  AsyncMac - ok
18:30:11.0423 4800  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:30:11.0438 4800  atapi - ok
18:30:11.0469 4800  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:30:11.0532 4800  AudioEndpointBuilder - ok
18:30:11.0532 4800  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:30:11.0563 4800  AudioSrv - ok
18:30:11.0610 4800  [ 43744F1D3CDE20F3925F10927C9036C2 ] AVMCOWAN        C:\Windows\system32\DRIVERS\AVMCOWAN.sys
18:30:11.0641 4800  AVMCOWAN - ok
18:30:11.0703 4800  [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
18:30:11.0735 4800  AVP - ok
18:30:11.0766 4800  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:30:11.0797 4800  AxInstSV - ok
18:30:11.0828 4800  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:30:11.0859 4800  b06bdrv - ok
18:30:11.0891 4800  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:30:11.0922 4800  b57nd60a - ok
18:30:11.0953 4800  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:30:12.0000 4800  BDESVC - ok
18:30:12.0015 4800  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:30:12.0047 4800  Beep - ok
18:30:12.0093 4800  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:30:12.0140 4800  BFE - ok
18:30:12.0187 4800  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:30:12.0249 4800  BITS - ok
18:30:12.0265 4800  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:30:12.0296 4800  blbdrive - ok
18:30:12.0327 4800  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:30:12.0359 4800  bowser - ok
18:30:12.0390 4800  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:30:12.0421 4800  BrFiltLo - ok
18:30:12.0437 4800  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:30:12.0452 4800  BrFiltUp - ok
18:30:12.0483 4800  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:30:12.0515 4800  Browser - ok
18:30:12.0530 4800  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:30:12.0561 4800  Brserid - ok
18:30:12.0577 4800  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:30:12.0608 4800  BrSerWdm - ok
18:30:12.0608 4800  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:30:12.0639 4800  BrUsbMdm - ok
18:30:12.0639 4800  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:30:12.0671 4800  BrUsbSer - ok
18:30:12.0702 4800  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:30:12.0717 4800  BTHMODEM - ok
18:30:12.0749 4800  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:30:12.0795 4800  bthserv - ok
18:30:12.0811 4800  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:30:12.0842 4800  cdfs - ok
18:30:12.0873 4800  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:30:12.0889 4800  cdrom - ok
18:30:12.0920 4800  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:30:12.0967 4800  CertPropSvc - ok
18:30:12.0998 4800  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
18:30:13.0014 4800  circlass - ok
18:30:13.0061 4800  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:30:13.0076 4800  CLFS - ok
18:30:13.0123 4800  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:30:13.0139 4800  clr_optimization_v2.0.50727_32 - ok
18:30:13.0170 4800  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:30:13.0185 4800  clr_optimization_v2.0.50727_64 - ok
18:30:13.0248 4800  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:30:13.0295 4800  clr_optimization_v4.0.30319_32 - ok
18:30:13.0310 4800  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:30:13.0326 4800  clr_optimization_v4.0.30319_64 - ok
18:30:13.0341 4800  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:30:13.0373 4800  CmBatt - ok
18:30:13.0388 4800  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:30:13.0404 4800  cmdide - ok
18:30:13.0435 4800  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:30:13.0466 4800  CNG - ok
18:30:13.0497 4800  [ D38A290E244FEE0E849C7A97D4D88004 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:30:13.0544 4800  CnxtHdAudService - ok
18:30:13.0575 4800  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:30:13.0575 4800  Compbatt - ok
18:30:13.0607 4800  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:30:13.0653 4800  CompositeBus - ok
18:30:13.0653 4800  COMSysApp - ok
18:30:13.0685 4800  [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:30:13.0716 4800  cphs - ok
18:30:13.0731 4800  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:30:13.0747 4800  crcdisk - ok
18:30:13.0778 4800  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:30:13.0809 4800  CryptSvc - ok
18:30:13.0825 4800  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
18:30:13.0856 4800  CSC - ok
18:30:13.0903 4800  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
18:30:13.0934 4800  CscService - ok
18:30:13.0965 4800  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:30:14.0012 4800  DcomLaunch - ok
18:30:14.0028 4800  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:30:14.0075 4800  defragsvc - ok
18:30:14.0090 4800  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:30:14.0153 4800  DfsC - ok
18:30:14.0184 4800  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:30:14.0231 4800  Dhcp - ok
18:30:14.0246 4800  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:30:14.0277 4800  discache - ok
18:30:14.0309 4800  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
18:30:14.0324 4800  Disk - ok
18:30:14.0340 4800  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
18:30:14.0387 4800  dmvsc - ok
18:30:14.0402 4800  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:30:14.0449 4800  Dnscache - ok
18:30:14.0480 4800  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:30:14.0527 4800  dot3svc - ok
18:30:14.0543 4800  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:30:14.0589 4800  DPS - ok
18:30:14.0621 4800  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:30:14.0636 4800  drmkaud - ok
18:30:14.0667 4800  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:30:14.0699 4800  DXGKrnl - ok
18:30:14.0730 4800  [ 03F4C5C12FC1C69F838DA723475EF650 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
18:30:14.0745 4800  e1cexpress - ok
18:30:14.0761 4800  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:30:14.0808 4800  EapHost - ok
18:30:14.0855 4800  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:30:14.0917 4800  ebdrv - ok
18:30:14.0948 4800  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:30:14.0964 4800  EFS - ok
18:30:15.0011 4800  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:30:15.0042 4800  ehRecvr - ok
18:30:15.0057 4800  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:30:15.0089 4800  ehSched - ok
18:30:15.0120 4800  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:30:15.0151 4800  elxstor - ok
18:30:15.0151 4800  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:30:15.0182 4800  ErrDev - ok
18:30:15.0213 4800  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:30:15.0245 4800  EventSystem - ok
18:30:15.0276 4800  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:30:15.0338 4800  exfat - ok
18:30:15.0354 4800  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:30:15.0385 4800  fastfat - ok
18:30:15.0416 4800  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:30:15.0447 4800  Fax - ok
18:30:15.0479 4800  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
18:30:15.0510 4800  fdc - ok
18:30:15.0541 4800  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:30:15.0572 4800  fdPHost - ok
18:30:15.0588 4800  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:30:15.0619 4800  FDResPub - ok
18:30:15.0650 4800  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:30:15.0666 4800  FileInfo - ok
18:30:15.0666 4800  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:30:15.0728 4800  Filetrace - ok
18:30:15.0744 4800  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:30:15.0759 4800  flpydisk - ok
18:30:15.0775 4800  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:30:15.0791 4800  FltMgr - ok
18:30:15.0822 4800  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:30:15.0853 4800  FontCache - ok
18:30:15.0900 4800  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:30:15.0900 4800  FontCache3.0.0.0 - ok
18:30:15.0947 4800  [ CE7593C10A04D08F9B043890216F5728 ] FPCIBASE        C:\Windows\system32\DRIVERS\fpcibase.sys
18:30:15.0993 4800  FPCIBASE - ok
18:30:15.0993 4800  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:30:16.0009 4800  FsDepends - ok
18:30:16.0040 4800  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:30:16.0056 4800  Fs_Rec - ok
18:30:16.0071 4800  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:30:16.0087 4800  fvevol - ok
18:30:16.0134 4800  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:30:16.0149 4800  gagp30kx - ok
18:30:16.0181 4800  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:30:16.0227 4800  gpsvc - ok
18:30:16.0259 4800  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:30:16.0290 4800  hcw85cir - ok
18:30:16.0305 4800  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:30:16.0337 4800  HdAudAddService - ok
18:30:16.0368 4800  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:30:16.0383 4800  HDAudBus - ok
18:30:16.0399 4800  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:30:16.0415 4800  HidBatt - ok
18:30:16.0430 4800  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:30:16.0461 4800  HidBth - ok
18:30:16.0477 4800  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:30:16.0493 4800  HidIr - ok
18:30:16.0524 4800  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
18:30:16.0555 4800  hidserv - ok
18:30:16.0586 4800  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:30:16.0602 4800  HidUsb - ok
18:30:16.0617 4800  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:30:16.0680 4800  hkmsvc - ok
18:30:16.0711 4800  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:30:16.0742 4800  HomeGroupListener - ok
18:30:16.0773 4800  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:30:16.0789 4800  HomeGroupProvider - ok
18:30:16.0820 4800  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:30:16.0836 4800  HpSAMD - ok
18:30:16.0867 4800  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:30:16.0914 4800  HTTP - ok
18:30:16.0914 4800  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:30:16.0929 4800  hwpolicy - ok
18:30:16.0961 4800  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:30:16.0976 4800  i8042prt - ok
18:30:17.0007 4800  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\drivers\iaStor.sys
18:30:17.0007 4800  iaStor - ok
18:30:17.0039 4800  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:30:17.0054 4800  iaStorV - ok
18:30:17.0085 4800  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:30:17.0117 4800  idsvc - ok
18:30:17.0304 4800  [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:30:17.0600 4800  igfx - ok
18:30:17.0631 4800  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:30:17.0647 4800  iirsp - ok
18:30:17.0678 4800  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:30:17.0725 4800  IKEEXT - ok
18:30:17.0741 4800  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
18:30:17.0787 4800  Impcd - ok
18:30:17.0803 4800  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:30:17.0819 4800  intelide - ok
18:30:17.0834 4800  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:30:17.0865 4800  intelppm - ok
18:30:17.0881 4800  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:30:17.0928 4800  IPBusEnum - ok
18:30:17.0943 4800  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:30:17.0975 4800  IpFilterDriver - ok
18:30:18.0006 4800  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:30:18.0037 4800  iphlpsvc - ok
18:30:18.0053 4800  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:30:18.0084 4800  IPMIDRV - ok
18:30:18.0084 4800  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:30:18.0146 4800  IPNAT - ok
18:30:18.0193 4800  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:30:18.0209 4800  IRENUM - ok
18:30:18.0224 4800  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:30:18.0224 4800  isapnp - ok
18:30:18.0255 4800  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:30:18.0255 4800  iScsiPrt - ok
18:30:18.0271 4800  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:30:18.0287 4800  kbdclass - ok
18:30:18.0302 4800  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:30:18.0318 4800  kbdhid - ok
18:30:18.0333 4800  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:30:18.0349 4800  KeyIso - ok
18:30:18.0396 4800  [ E656FE10D6D27794AFA08136685A69E8 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
18:30:18.0411 4800  KL1 - ok
18:30:18.0411 4800  [ D865DD8B0448E3F963D68C04C532858F ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
18:30:18.0427 4800  kl2 - ok
18:30:18.0474 4800  [ 8490798365236B6C8E54DEDD27A42D07 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
18:30:18.0489 4800  KLIF - ok
18:30:18.0521 4800  [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
18:30:18.0536 4800  KLIM6 - ok
18:30:18.0552 4800  [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
18:30:18.0552 4800  klmouflt - ok
18:30:18.0567 4800  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:30:18.0583 4800  KSecDD - ok
18:30:18.0599 4800  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:30:18.0614 4800  KSecPkg - ok
18:30:18.0630 4800  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:30:18.0677 4800  ksthunk - ok
18:30:18.0692 4800  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:30:18.0739 4800  KtmRm - ok
18:30:18.0770 4800  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:30:18.0801 4800  LanmanServer - ok
18:30:18.0833 4800  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:30:18.0864 4800  LanmanWorkstation - ok
18:30:18.0895 4800  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:30:18.0926 4800  lltdio - ok
18:30:18.0942 4800  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:30:18.0989 4800  lltdsvc - ok
18:30:19.0004 4800  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:30:19.0035 4800  lmhosts - ok
18:30:19.0113 4800  [ CF8C9F61108B3FA3D99E0A4F4B2C3CB9 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:30:19.0113 4800  LMS - ok
18:30:19.0129 4800  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:30:19.0160 4800  LSI_FC - ok
18:30:19.0191 4800  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:30:19.0191 4800  LSI_SAS - ok
18:30:19.0207 4800  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:30:19.0223 4800  LSI_SAS2 - ok
18:30:19.0238 4800  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:30:19.0254 4800  LSI_SCSI - ok
18:30:19.0269 4800  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:30:19.0316 4800  luafv - ok
18:30:19.0316 4800  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:30:19.0332 4800  Mcx2Svc - ok
18:30:19.0347 4800  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:30:19.0363 4800  megasas - ok
18:30:19.0379 4800  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:30:19.0394 4800  MegaSR - ok
18:30:19.0425 4800  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:30:19.0425 4800  MEIx64 - ok
18:30:19.0457 4800  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:30:19.0488 4800  MMCSS - ok
18:30:19.0519 4800  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:30:19.0550 4800  Modem - ok
18:30:19.0566 4800  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:30:19.0581 4800  monitor - ok
18:30:19.0597 4800  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:30:19.0613 4800  mouclass - ok
18:30:19.0644 4800  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:30:19.0659 4800  mouhid - ok
18:30:19.0691 4800  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:30:19.0691 4800  mountmgr - ok
18:30:19.0737 4800  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:30:19.0737 4800  MozillaMaintenance - ok
18:30:19.0753 4800  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:30:19.0769 4800  mpio - ok
18:30:19.0784 4800  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:30:19.0815 4800  mpsdrv - ok
18:30:19.0847 4800  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:30:19.0878 4800  MpsSvc - ok
18:30:19.0893 4800  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:30:19.0925 4800  MRxDAV - ok
18:30:19.0956 4800  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:30:20.0003 4800  mrxsmb - ok
18:30:20.0018 4800  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:30:20.0049 4800  mrxsmb10 - ok
18:30:20.0081 4800  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:30:20.0112 4800  mrxsmb20 - ok
18:30:20.0127 4800  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:30:20.0143 4800  msahci - ok
18:30:20.0143 4800  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:30:20.0159 4800  msdsm - ok
18:30:20.0174 4800  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:30:20.0205 4800  MSDTC - ok
18:30:20.0237 4800  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:30:20.0268 4800  Msfs - ok
18:30:20.0299 4800  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:30:20.0346 4800  mshidkmdf - ok
18:30:20.0346 4800  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:30:20.0361 4800  msisadrv - ok
18:30:20.0377 4800  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:30:20.0408 4800  MSiSCSI - ok
18:30:20.0408 4800  msiserver - ok
18:30:20.0439 4800  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:30:20.0471 4800  MSKSSRV - ok
18:30:20.0486 4800  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:30:20.0517 4800  MSPCLOCK - ok
18:30:20.0533 4800  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:30:20.0564 4800  MSPQM - ok
18:30:20.0580 4800  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:30:20.0595 4800  MsRPC - ok
18:30:20.0611 4800  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:30:20.0611 4800  mssmbios - ok
18:30:20.0642 4800  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:30:20.0673 4800  MSTEE - ok
18:30:20.0689 4800  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:30:20.0720 4800  MTConfig - ok
18:30:20.0720 4800  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:30:20.0736 4800  Mup - ok
18:30:20.0767 4800  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:30:20.0798 4800  napagent - ok
18:30:20.0845 4800  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:30:20.0861 4800  NativeWifiP - ok
18:30:20.0907 4800  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:30:20.0923 4800  NDIS - ok
18:30:20.0939 4800  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:30:21.0001 4800  NdisCap - ok
18:30:21.0017 4800  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:30:21.0032 4800  NdisTapi - ok
18:30:21.0048 4800  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:30:21.0095 4800  Ndisuio - ok
18:30:21.0095 4800  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:30:21.0141 4800  NdisWan - ok
18:30:21.0157 4800  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:30:21.0188 4800  NDProxy - ok
18:30:21.0219 4800  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:30:21.0266 4800  NetBIOS - ok
18:30:21.0282 4800  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:30:21.0313 4800  NetBT - ok
18:30:21.0329 4800  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:30:21.0329 4800  Netlogon - ok
18:30:21.0360 4800  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:30:21.0407 4800  Netman - ok
18:30:21.0438 4800  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:21.0453 4800  NetMsmqActivator - ok
18:30:21.0453 4800  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:21.0469 4800  NetPipeActivator - ok
18:30:21.0500 4800  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:30:21.0531 4800  netprofm - ok
18:30:21.0531 4800  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:21.0531 4800  NetTcpActivator - ok
18:30:21.0547 4800  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:30:21.0547 4800  NetTcpPortSharing - ok
18:30:21.0578 4800  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:30:21.0578 4800  nfrd960 - ok
18:30:21.0609 4800  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:30:21.0625 4800  NlaSvc - ok
18:30:21.0641 4800  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:30:21.0672 4800  Npfs - ok
18:30:21.0703 4800  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:30:21.0734 4800  nsi - ok
18:30:21.0750 4800  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:30:21.0781 4800  nsiproxy - ok
18:30:21.0828 4800  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:30:21.0859 4800  Ntfs - ok
18:30:21.0875 4800  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:30:21.0921 4800  Null - ok
18:30:21.0953 4800  [ 088CD71003F21F96F01C63955150A1FB ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:30:21.0968 4800  nusb3hub - ok
18:30:21.0984 4800  [ D90A2D44E93DAEA47AEA946D9E87000F ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:30:22.0015 4800  nusb3xhc - ok
18:30:22.0062 4800  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:30:22.0077 4800  nvraid - ok
18:30:22.0077 4800  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:30:22.0093 4800  nvstor - ok
18:30:22.0109 4800  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:30:22.0140 4800  nv_agp - ok
18:30:22.0155 4800  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:30:22.0171 4800  ohci1394 - ok
18:30:22.0218 4800  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:30:22.0233 4800  ose - ok
18:30:22.0327 4800  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:30:22.0421 4800  osppsvc - ok
18:30:22.0452 4800  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:30:22.0499 4800  p2pimsvc - ok
18:30:22.0514 4800  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:30:22.0545 4800  p2psvc - ok
18:30:22.0561 4800  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:30:22.0577 4800  Parport - ok
18:30:22.0608 4800  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:30:22.0623 4800  partmgr - ok
18:30:22.0639 4800  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:30:22.0670 4800  PcaSvc - ok
18:30:22.0686 4800  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:30:22.0701 4800  pci - ok
18:30:22.0717 4800  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:30:22.0717 4800  pciide - ok
18:30:22.0733 4800  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:30:22.0748 4800  pcmcia - ok
18:30:22.0764 4800  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:30:22.0779 4800  pcw - ok
18:30:22.0795 4800  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:30:22.0842 4800  PEAUTH - ok
18:30:22.0889 4800  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:30:22.0935 4800  PeerDistSvc - ok
18:30:22.0982 4800  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:30:23.0013 4800  PerfHost - ok
18:30:23.0060 4800  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:30:23.0107 4800  pla - ok
18:30:23.0154 4800  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:30:23.0185 4800  PlugPlay - ok
18:30:23.0201 4800  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:30:23.0216 4800  PNRPAutoReg - ok
18:30:23.0232 4800  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:30:23.0247 4800  PNRPsvc - ok
18:30:23.0279 4800  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:30:23.0325 4800  PolicyAgent - ok
18:30:23.0357 4800  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:30:23.0388 4800  Power - ok
18:30:23.0419 4800  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:30:23.0450 4800  PptpMiniport - ok
18:30:23.0466 4800  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
18:30:23.0481 4800  Processor - ok
18:30:23.0497 4800  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:30:23.0528 4800  ProfSvc - ok
18:30:23.0544 4800  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:30:23.0544 4800  ProtectedStorage - ok
18:30:23.0575 4800  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:30:23.0622 4800  Psched - ok
18:30:23.0653 4800  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:30:23.0684 4800  ql2300 - ok
18:30:23.0715 4800  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:30:23.0731 4800  ql40xx - ok
18:30:23.0747 4800  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:30:23.0762 4800  QWAVE - ok
18:30:23.0778 4800  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:30:23.0809 4800  QWAVEdrv - ok
18:30:23.0809 4800  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:30:23.0840 4800  RasAcd - ok
18:30:23.0856 4800  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:30:23.0887 4800  RasAgileVpn - ok
18:30:23.0903 4800  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:30:23.0949 4800  RasAuto - ok
18:30:23.0981 4800  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:30:24.0012 4800  Rasl2tp - ok
18:30:24.0043 4800  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:30:24.0074 4800  RasMan - ok
18:30:24.0090 4800  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:30:24.0137 4800  RasPppoe - ok
18:30:24.0152 4800  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:30:24.0183 4800  RasSstp - ok
18:30:24.0199 4800  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:30:24.0246 4800  rdbss - ok
18:30:24.0261 4800  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:30:24.0277 4800  rdpbus - ok
18:30:24.0308 4800  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:30:24.0355 4800  RDPCDD - ok
18:30:24.0355 4800  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:30:24.0386 4800  RDPDR - ok
18:30:24.0417 4800  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:30:24.0449 4800  RDPENCDD - ok
18:30:24.0495 4800  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:30:24.0558 4800  RDPREFMP - ok
18:30:24.0573 4800  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:30:24.0589 4800  RDPWD - ok
18:30:24.0605 4800  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:30:24.0620 4800  rdyboost - ok
18:30:24.0651 4800  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:30:24.0683 4800  RemoteAccess - ok
18:30:24.0714 4800  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:30:24.0745 4800  RemoteRegistry - ok
18:30:24.0792 4800  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
18:30:24.0823 4800  ROOTMODEM - ok
18:30:24.0839 4800  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:30:24.0870 4800  RpcEptMapper - ok
18:30:24.0901 4800  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:30:24.0917 4800  RpcLocator - ok
18:30:24.0948 4800  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:30:24.0979 4800  RpcSs - ok
18:30:24.0979 4800  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:30:25.0026 4800  rspndr - ok
18:30:25.0041 4800  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:30:25.0057 4800  s3cap - ok
18:30:25.0057 4800  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:30:25.0073 4800  SamSs - ok
18:30:25.0073 4800  SAService - ok
18:30:25.0104 4800  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:30:25.0119 4800  sbp2port - ok
18:30:25.0135 4800  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:30:25.0182 4800  SCardSvr - ok
18:30:25.0197 4800  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:30:25.0229 4800  scfilter - ok
18:30:25.0244 4800  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:30:25.0307 4800  Schedule - ok
18:30:25.0322 4800  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:30:25.0353 4800  SCPolicySvc - ok
18:30:25.0385 4800  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:30:25.0416 4800  SDRSVC - ok
18:30:25.0447 4800  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:30:25.0478 4800  secdrv - ok
18:30:25.0494 4800  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:30:25.0525 4800  seclogon - ok
18:30:25.0541 4800  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
18:30:25.0587 4800  SENS - ok
18:30:25.0603 4800  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:30:25.0634 4800  SensrSvc - ok
18:30:25.0665 4800  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:30:25.0681 4800  Serenum - ok
18:30:25.0697 4800  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:30:25.0728 4800  Serial - ok
18:30:25.0743 4800  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:30:25.0759 4800  sermouse - ok
18:30:25.0775 4800  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:30:25.0806 4800  SessionEnv - ok
18:30:25.0821 4800  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:30:25.0837 4800  sffdisk - ok
18:30:25.0853 4800  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:30:25.0884 4800  sffp_mmc - ok
18:30:25.0884 4800  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:30:25.0899 4800  sffp_sd - ok
18:30:25.0931 4800  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:30:25.0946 4800  sfloppy - ok
18:30:25.0962 4800  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:30:26.0009 4800  SharedAccess - ok
18:30:26.0024 4800  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:30:26.0071 4800  ShellHWDetection - ok
18:30:26.0087 4800  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:30:26.0102 4800  SiSRaid2 - ok
18:30:26.0118 4800  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:30:26.0133 4800  SiSRaid4 - ok
18:30:26.0165 4800  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:30:26.0196 4800  Smb - ok
18:30:26.0243 4800  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:30:26.0258 4800  SNMPTRAP - ok
18:30:26.0258 4800  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:30:26.0274 4800  spldr - ok
18:30:26.0289 4800  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:30:26.0336 4800  Spooler - ok
18:30:26.0383 4800  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:30:26.0461 4800  sppsvc - ok
18:30:26.0477 4800  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:30:26.0523 4800  sppuinotify - ok
18:30:26.0555 4800  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:30:26.0586 4800  srv - ok
18:30:26.0601 4800  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:30:26.0617 4800  srv2 - ok
18:30:26.0633 4800  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:30:26.0664 4800  srvnet - ok
18:30:26.0695 4800  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:30:26.0742 4800  SSDPSRV - ok
18:30:26.0757 4800  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:30:26.0789 4800  SstpSvc - ok
18:30:26.0789 4800  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:30:26.0804 4800  stexstor - ok
18:30:26.0835 4800  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:30:26.0867 4800  stisvc - ok
18:30:26.0898 4800  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:30:26.0898 4800  storflt - ok
18:30:26.0929 4800  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
18:30:26.0960 4800  StorSvc - ok
18:30:26.0976 4800  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:30:26.0976 4800  storvsc - ok
18:30:26.0991 4800  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:30:27.0007 4800  swenum - ok
18:30:27.0007 4800  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:30:27.0054 4800  swprv - ok
18:30:27.0101 4800  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:30:27.0147 4800  SysMain - ok
18:30:27.0163 4800  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:30:27.0194 4800  TabletInputService - ok
18:30:27.0210 4800  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:30:27.0257 4800  TapiSrv - ok
18:30:27.0272 4800  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:30:27.0303 4800  TBS - ok
18:30:27.0335 4800  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:30:27.0381 4800  Tcpip - ok
18:30:27.0413 4800  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:30:27.0444 4800  TCPIP6 - ok
18:30:27.0459 4800  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:30:27.0475 4800  tcpipreg - ok
18:30:27.0491 4800  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:30:27.0522 4800  TDPIPE - ok
18:30:27.0553 4800  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:30:27.0569 4800  TDTCP - ok
18:30:27.0584 4800  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:30:27.0615 4800  tdx - ok
18:30:27.0693 4800  [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:30:27.0740 4800  TeamViewer7 - ok
18:30:27.0756 4800  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:30:27.0771 4800  TermDD - ok
18:30:27.0787 4800  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:30:27.0834 4800  TermService - ok
18:30:27.0849 4800  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:30:27.0865 4800  Themes - ok
18:30:27.0881 4800  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:30:27.0912 4800  THREADORDER - ok
18:30:27.0927 4800  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
18:30:27.0959 4800  TPM - ok
18:30:27.0974 4800  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:30:28.0005 4800  TrkWks - ok
18:30:28.0052 4800  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:30:28.0083 4800  TrustedInstaller - ok
18:30:28.0099 4800  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:30:28.0146 4800  tssecsrv - ok
18:30:28.0161 4800  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:30:28.0177 4800  TsUsbFlt - ok
18:30:28.0208 4800  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:30:28.0208 4800  TsUsbGD - ok
18:30:28.0224 4800  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:30:28.0271 4800  tunnel - ok
18:30:28.0271 4800  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:30:28.0286 4800  uagp35 - ok
18:30:28.0302 4800  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:30:28.0349 4800  udfs - ok
18:30:28.0380 4800  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:30:28.0380 4800  UI0Detect - ok
18:30:28.0411 4800  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:30:28.0411 4800  uliagpkx - ok
18:30:28.0427 4800  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:30:28.0442 4800  umbus - ok
18:30:28.0458 4800  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:30:28.0489 4800  UmPass - ok
18:30:28.0505 4800  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
18:30:28.0536 4800  UmRdpService - ok
18:30:28.0614 4800  [ B5160F84057BD9A2CB0B857E1E1648BA ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:30:28.0661 4800  UNS - ok
18:30:28.0692 4800  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:30:28.0723 4800  upnphost - ok
18:30:28.0770 4800  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:30:28.0801 4800  usbccgp - ok
18:30:28.0817 4800  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:30:28.0848 4800  usbcir - ok
18:30:28.0863 4800  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:30:28.0895 4800  usbehci - ok
18:30:28.0926 4800  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:30:28.0941 4800  usbhub - ok
18:30:28.0957 4800  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:30:28.0973 4800  usbohci - ok
18:30:29.0004 4800  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:30:29.0019 4800  usbprint - ok
18:30:29.0066 4800  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:30:29.0082 4800  usbscan - ok
18:30:29.0097 4800  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:30:29.0144 4800  USBSTOR - ok
18:30:29.0160 4800  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:30:29.0191 4800  usbuhci - ok
18:30:29.0207 4800  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:30:29.0253 4800  UxSms - ok
18:30:29.0253 4800  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:30:29.0269 4800  VaultSvc - ok
18:30:29.0269 4800  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:30:29.0285 4800  vdrvroot - ok
18:30:29.0300 4800  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:30:29.0347 4800  vds - ok
18:30:29.0363 4800  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:30:29.0378 4800  vga - ok
18:30:29.0394 4800  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:30:29.0425 4800  VgaSave - ok
18:30:29.0441 4800  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:30:29.0456 4800  vhdmp - ok
18:30:29.0472 4800  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:30:29.0487 4800  viaide - ok
18:30:29.0503 4800  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:30:29.0519 4800  vmbus - ok
18:30:29.0519 4800  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:30:29.0550 4800  VMBusHID - ok
18:30:29.0565 4800  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:30:29.0565 4800  volmgr - ok
18:30:29.0597 4800  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:30:29.0612 4800  volmgrx - ok
18:30:29.0628 4800  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:30:29.0643 4800  volsnap - ok
18:30:29.0675 4800  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:30:29.0690 4800  vsmraid - ok
18:30:29.0721 4800  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:30:29.0784 4800  VSS - ok
18:30:29.0799 4800  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:30:29.0815 4800  vwifibus - ok
18:30:29.0846 4800  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:30:29.0893 4800  W32Time - ok
18:30:29.0924 4800  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:30:29.0940 4800  WacomPen - ok
18:30:29.0971 4800  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:30:29.0987 4800  WANARP - ok
18:30:30.0002 4800  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:30:30.0018 4800  Wanarpv6 - ok
18:30:30.0065 4800  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:30:30.0111 4800  wbengine - ok
18:30:30.0127 4800  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:30:30.0143 4800  WbioSrvc - ok
18:30:30.0174 4800  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:30:30.0205 4800  wcncsvc - ok
18:30:30.0221 4800  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:30:30.0267 4800  WcsPlugInService - ok
18:30:30.0283 4800  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
18:30:30.0299 4800  Wd - ok
18:30:30.0330 4800  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:30:30.0345 4800  Wdf01000 - ok
18:30:30.0361 4800  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:30:30.0408 4800  WdiServiceHost - ok
18:30:30.0408 4800  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:30:30.0423 4800  WdiSystemHost - ok
18:30:30.0439 4800  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:30:30.0455 4800  WebClient - ok
18:30:30.0470 4800  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:30:30.0517 4800  Wecsvc - ok
18:30:30.0533 4800  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:30:30.0579 4800  wercplsupport - ok
18:30:30.0595 4800  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:30:30.0642 4800  WerSvc - ok
18:30:30.0657 4800  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:30:30.0689 4800  WfpLwf - ok
18:30:30.0689 4800  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:30:30.0704 4800  WIMMount - ok
18:30:30.0720 4800  WinDefend - ok
18:30:30.0720 4800  WinHttpAutoProxySvc - ok
18:30:30.0751 4800  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:30:30.0798 4800  Winmgmt - ok
18:30:30.0845 4800  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:30:30.0891 4800  WinRM - ok
18:30:30.0923 4800  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:30:30.0954 4800  Wlansvc - ok
18:30:30.0985 4800  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:30:30.0985 4800  wlcrasvc - ok
18:30:31.0032 4800  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:30:31.0079 4800  wlidsvc - ok
18:30:31.0094 4800  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:30:31.0110 4800  WmiAcpi - ok
18:30:31.0125 4800  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:30:31.0141 4800  wmiApSrv - ok
18:30:31.0157 4800  WMPNetworkSvc - ok
18:30:31.0188 4800  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:30:31.0203 4800  WPCSvc - ok
18:30:31.0219 4800  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:30:31.0235 4800  WPDBusEnum - ok
18:30:31.0250 4800  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:30:31.0297 4800  ws2ifsl - ok
18:30:31.0328 4800  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
18:30:31.0344 4800  wscsvc - ok
18:30:31.0344 4800  WSearch - ok
18:30:31.0391 4800  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:30:31.0437 4800  wuauserv - ok
18:30:31.0453 4800  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:30:31.0484 4800  WudfPf - ok
18:30:31.0500 4800  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:31.0515 4800  WUDFRd - ok
18:30:31.0547 4800  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:30:31.0562 4800  wudfsvc - ok
18:30:31.0578 4800  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:30:31.0609 4800  WwanSvc - ok
18:30:31.0625 4800  ================ Scan global ===============================
18:30:31.0640 4800  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:30:31.0656 4800  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:30:31.0671 4800  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:30:31.0687 4800  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:30:31.0703 4800  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:30:31.0703 4800  [Global] - ok
18:30:31.0703 4800  ================ Scan MBR ==================================
18:30:31.0718 4800  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:30:32.0061 4800  \Device\Harddisk0\DR0 - ok
18:30:32.0061 4800  ================ Scan VBR ==================================
18:30:32.0108 4800  [ 38E2F6FC6F2119B55FE9C998CCF64D9E ] \Device\Harddisk0\DR0\Partition1
18:30:32.0108 4800  \Device\Harddisk0\DR0\Partition1 - ok
18:30:32.0124 4800  [ EA0681BD8C8BEC059C8A80F8DE6D3CDC ] \Device\Harddisk0\DR0\Partition2
18:30:32.0124 4800  \Device\Harddisk0\DR0\Partition2 - ok
18:30:32.0124 4800  ============================================================
18:30:32.0124 4800  Scan finished
18:30:32.0124 4800  ============================================================
18:30:32.0139 4792  Detected object count: 0
18:30:32.0139 4792  Actual detected object count: 0
         

Alt 11.05.2013, 17:40   #8
markusg
/// Malware-holic
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.05.2013, 17:55   #9
2806
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



bitteschön:
Code:
ATTFilter
ComboFix 13-05-11.01 - Anwender 11.05.2013  18:46:27.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3965.2800 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0AD9850D-BF56-443A-A6AF-4E512099020F}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3FB160B0-A2C4-41DA-A8FB-6A21A5D16704}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B1E1C3B5-0EB2-4D67-96E3-E1D2D737FADD}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D7407590-F17D-4DCE-B7F3-62FF1241FAB6}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D7487CB5-CF6A-4D40-BDD1-FFBCF66D1DD6}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF175A4B-33F3-4A14-9DEB-53A517170FC7}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD4021BE-DE89-4E6F-8015-E0C581088000}.xps
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FDD2A295-CD57-4E79-BBF0-2345AABB7185}.xps
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-11 bis 2013-05-11  ))))))))))))))))))))))))))))))
.
.
2013-05-10 06:01 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{43E6A9B0-DE69-4032-AE08-EC437A83C60E}\mpengine.dll
2013-04-26 20:08 . 2013-04-26 20:08	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-04-26 19:55 . 2013-04-10 06:57	263064	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-04-26 19:55 . 2013-04-10 06:57	96664	----a-w-	c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-04-26 19:55 . 2013-04-10 06:57	170232	----a-w-	c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-04-26 19:55 . 2013-04-10 06:57	26520	----a-w-	c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-26 19:55 . 2013-04-10 06:56	74136	----a-w-	c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-04-26 19:48 . 2013-04-26 19:48	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-04-26 19:48 . 2013-04-26 19:47	866720	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-04-26 19:48 . 2013-04-26 19:47	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-04-26 19:48 . 2013-04-26 19:47	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-26 19:47 . 2013-04-26 19:47	--------	d-----w-	c:\program files (x86)\Java
2013-04-24 08:40 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-09 08:07 . 2010-06-24 09:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-26 20:02 . 2012-05-25 14:15	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-26 20:02 . 2012-05-25 14:15	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 22:48 . 2012-05-25 11:36	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-19 06:04 . 2013-04-10 15:15	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 15:15	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 15:15	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 15:15	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 15:15	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 15:15	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-01 03:36 . 2013-04-10 15:15	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-22 06:57 . 2013-04-10 22:47	17817088	----a-w-	c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 22:47	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 22:47	2312704	----a-w-	c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 22:47	1346560	----a-w-	c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 22:47	1392128	----a-w-	c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 22:47	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 22:47	237056	----a-w-	c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 22:47	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 22:47	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 22:47	599040	----a-w-	c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 22:47	816640	----a-w-	c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 22:47	729088	----a-w-	c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 22:47	2147840	----a-w-	c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 22:47	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 22:47	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 22:47	248320	----a-w-	c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 22:47	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 22:47	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 22:47	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 22:47	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 22:47	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 22:47	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-02-15 06:08 . 2013-04-10 15:16	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 15:16	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 15:16	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 15:16	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 15:16	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 15:16	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2013-02-12 05:45 . 2013-03-13 10:12	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 10:12	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 10:12	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 10:12	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 10:12	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 10:12	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-26 06:40	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-05-22 160872]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-30 206448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ISDNWatch.lnk - c:\program files (x86)\FRITZ!\IWatch.exe [2012-5-25 341304]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\LaunchCenter.exe [2012-5-25 375296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-04-13 158976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-17 2656280]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys [2009-06-10 79872]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys [2009-06-10 899328]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 78336]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 181248]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 93321780
*Deregistered* - 93321780
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 20:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-09-06 563328]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1647616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"BrowserChoice"="browserchoice.exe" [2010-02-23 294912]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ts.fujitsu.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-11  18:51:56
ComboFix-quarantined-files.txt  2013-05-11 16:51
.
Vor Suchlauf: 8 Verzeichnis(se), 200.671.211.520 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 201.170.522.112 Bytes frei
.
- - End Of File - - 44BDB0326A7D5896F448534DF41BA830
         

Alt 11.05.2013, 18:19   #10
markusg
/// Malware-holic
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.05.2013, 19:05   #11
2806
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anwender :: *** [Administrator]

11.05.2013 19:23:25
mbam-log-2013-05-11 (19-23-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382078
Laufzeit: 28 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Es wurden keine infizierten Objekte gefunden, schreibt das Programm..

lg

Alt 11.05.2013, 19:22   #12
markusg
/// Malware-holic
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.05.2013, 19:39   #13
2806
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



hoffentlich ist es verständlich:
Code:
ATTFilter
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	13.03.2013	6,00MB	11.6.602.180 unbekannt
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	26.04.2013	6,00MB	11.7.700.169 unbekannt
Adobe Reader XI (11.0.02) - Deutsch	Adobe Systems Incorporated	26.04.2013	133MB	11.0.02 notwendig
AVM FRITZ!	AVM Berlin	01.06.2012 notwendig		
Canon CanoScan Toolbox 5.0		29.06.2012	 notwendig	
Canon iP4700 series Printer Driver		25.05.2012 notwendig		
CanoScan 4400F		14.09.2012	notwendig	
CCleaner	Piriform	23.04.2013		4.01
Conexant HD Audio	Conexant	25.05.2012		8.32.35.0 unbekannt
DeskUpdate 4.12	Fujitsu Technology Solutions	25.05.2012	3,27MB	4.12.0088 unbekannt
Intel(R) Management Engine Components	Intel Corporation	25.05.2012		7.0.0.1144 unbekannt
Java 7 Update 21	Oracle	26.04.2013	129MB	7.0.210 unbekannt
Kaspersky Internet Security 2012	Kaspersky Lab	25.05.2012		12.0.0.374 notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	11.05.2013	19,2MB	1.75.0.1300 unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	15.04.2011	38,8MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended	Microsoft Corporation	15.04.2011	51,9MB	4.0.30319 unbekannt
Microsoft Office Home and Business 2010	Microsoft Corporation	25.05.2012		14.0.6029.1000 notwendig
Microsoft Silverlight	Microsoft Corporation	13.03.2013	50,6MB	5.1.20125.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	25.05.2012	1,69MB	3.1.0000 unbekannt
Microsoft Sync Framework 2.0 Core Components (x86) ENU 	Microsoft Corporation	25.05.2012	959KB	2.0.1578.0 unbekannt
Microsoft Sync Framework 2.0 Provider Services (x86) ENU 	Microsoft Corporation	25.05.2012	2,27MB	2.0.1578.0 unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	25.05.2012	300KB	8.0.56336 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	28.05.2012	838KB	8.0.61000 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	25.05.2012	784KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	25.05.2012	788KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	25.05.2012	592KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	25.05.2012	600KB	9.0.30729.6161 unbekannt
Mozilla Firefox 20.0.1 (x86 de)	Mozilla	26.04.2013	44,7MB	20.0.1 notwendig
Mozilla Maintenance Service	Mozilla	26.04.2013	330KB	20.0.1 unbekannt
NEC Electronics USB 3.0 Host Controller Driver	NEC Electronics Corporation	25.05.2012	1,02MB	1.0.20.0 unbekannt
PDF24 Creator 4.6.0	PDF24.org	25.05.2012	33,8MB	notwendig
SyncToy 2.1 (x86)	Microsoft	25.05.2012	1,43MB	2.1.0 notwendig
TeamViewer 7	TeamViewer	25.05.2012		7.0.12979  notwendig
VLC media player 2.0.6	VideoLAN	26.04.2013		2.0.6 notwendig
Windows Live Essentials	Microsoft Corporation	25.05.2012		15.4.3508.1109 unbekannt 
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	25.05.2012	5,57MB	15.4.5722.2 unbekannt
         

Alt 11.05.2013, 19:46   #14
markusg
/// Malware-holic
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:

Java
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren

kaspersky:
Kaspersky Lab: Virenschutz für Heimanwender und Unternehmen
Neuste Version laden, Upgrades sind kostenlos.

TeamViewer : würde ich nur bei Bedarf instalieren, ansonsten, bitte Version 8 instalieren.


deinstaliere:
Windows Live , alle für dich unnötigen

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.05.2013, 20:20   #15
2806
 
Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Standard

Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic



so habe alles ausgeführt, hier kommt der log:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 11/05/2013 um 21:14:56 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Anwender - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [619 octets] - [11/05/2013 21:14:56]

########## EOF - \AdwCleaner[S1].txt - [678 octets] ##########
         

Antwort

Themen zu Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic
autorun, bho, error, failed, firefox, flash player, helper, heur, heur:trojan.script.generic, home, install.exe, kaspersky, launch, logfile, mozilla, object, popup, programm, registry, rundll, scan, security, software, tastatur, trojan.script.generic, trojaner, usb, windows



Ähnliche Themen: Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic


  1. HEUR:Exploit.Script.Generic durch Kaspersky entdeckt - ist der Befall wirklich bereinigt?
    Log-Analyse und Auswertung - 07.09.2014 (3)
  2. Kaspersky-Meldung : HEUR:Trojan-Downloader.Script.Generic
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (10)
  3. Kaspersky Fund HEUR:AdWare.Script.Generic
    Log-Analyse und Auswertung - 19.05.2014 (5)
  4. HEUR:Trojan.Script.Generic
    Plagegeister aller Art und deren Bekämpfung - 09.05.2014 (39)
  5. HEUR:Trojan.Script.Generic gemeldet
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (10)
  6. HEUR:Trojan.Script.Generic
    Plagegeister aller Art und deren Bekämpfung - 24.04.2014 (3)
  7. trojanisches Programm: HEUR: Trojan.Script.Generic
    Plagegeister aller Art und deren Bekämpfung - 08.04.2014 (10)
  8. Kaspersky findet HEUR:Trojan.Script.Generic
    Plagegeister aller Art und deren Bekämpfung - 31.01.2014 (13)
  9. HEUR:Trojan.Script.Generic auf meiner Webseite
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (1)
  10. HEUR:Trojan.Script.Generic
    Log-Analyse und Auswertung - 10.12.2013 (17)
  11. Womöglich alles inordnung geht um kaspersky heur trojan.script.generic
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (3)
  12. Kaspersky meldet: Das Objekt ist infiziert HEUR:Trojan.Script.Generic
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (32)
  13. Kaspersky findet trojanisches Programm HEUR:Trojan.Script.generic
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (4)
  14. HEUR:Trojan.Script.Generic
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (3)
  15. Heur: Exploit.Script.Generic, Kaspersky konnte erst nichts tun, nach Update in Quarantäne
    Log-Analyse und Auswertung - 11.11.2012 (10)
  16. Virus Heur: Trojan- Downloader.Script.Generic
    Mülltonne - 28.07.2011 (3)
  17. Kaspersky erkennt HEUR:Trojan-Downloader.Script.Generic im Fritz.Box Interface
    Plagegeister aller Art und deren Bekämpfung - 12.04.2011 (3)

Zum Thema Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic - Hallo, gestern hat Kaspersky zwei Trojaner gemeldet und den einen in die Quarantäne gesetzt. Der Andere steht auf Inaktiv. Wenn ich das richtig sehe, kommt einer davon aus Ebay. Ich - Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic...
Archiv
Du betrachtest: Kaspersky findet: Trojaner HEUR:Trojan.Script.Generic auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.