Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7: Computer wird remote gesteuert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.03.2014, 22:41   #1
Dorogai
 
Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



Meine lieben PC-Gurus vom Trojaner-Board! Juli 2012 habt ihr den PC von meinem Sohn gerettet und jetzt bitte ich im Namen meiner Tochter um Hilfe!

Seit etwa zwei Wochen berichtet sie von kompletten Übernahmen ihres PCs. Sowohl Maus als auch Tastatur werden ferngesteuert. Es wird in Spiele ( z.B. Minecraft ) aktiv eingegriffen oder es werden Chats ( z.B. in Skype ) geöffnet und mit groben Beschimpfungen gefüllt.

Ein voller Scan mit Kaspersky Pure gab keinen Fund und keine Änderung.

Ich bedanke mich schon mal vorab für Eure Bemühungen. Ein Wahnsinn was ihr hier anliefert!

LG Erik
Angehängte Dateien
Dateityp: txt Gmer.txt (22,9 KB, 121x aufgerufen)
Dateityp: txt FRST.txt (41,1 KB, 140x aufgerufen)
Dateityp: log defogger_disable.log (472 Bytes, 120x aufgerufen)
Dateityp: txt Addition.txt (34,8 KB, 132x aufgerufen)

Alt 22.03.2014, 07:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 22.03.2014, 14:54   #3
Dorogai
 
Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



Hi! Hoffentlich mach ich es so richtig!

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:58 on 21/03/2014 (KATHI)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-21 22:23:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.15.0 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\KATHI\AppData\Local\Temp\pwloqpow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                        00000000750b1465 2 bytes [0B, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                       00000000750b14bb 2 bytes [0B, 75]
.text    ...                                                                                                                                                                                               * 2
.text    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                    00000000750b1465 2 bytes [0B, 75]
.text    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                   00000000750b14bb 2 bytes [0B, 75]
.text    ...                                                                                                                                                                                               * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                 00000000750b1465 2 bytes [0B, 75]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                00000000750b14bb 2 bytes [0B, 75]
.text    ...                                                                                                                                                                                               * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                             00000000750b1465 2 bytes [0B, 75]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            00000000750b14bb 2 bytes [0B, 75]
.text    ...                                                                                                                                                                                               * 2
.text    C:\Program Files (x86)\Steam\Steam.exe[3748] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                                                                        000000007632549c 5 bytes JMP 0000000100080800
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                   00000000750b1465 2 bytes [0B, 75]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  00000000750b14bb 2 bytes [0B, 75]
.text    ...                                                                                                                                                                                               * 2
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                                                                                    000000007732c4dd 5 bytes JMP 0000000110014b10
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps                                                                                                 0000000075034de0 5 bytes JMP 0000000110007ac9
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!SelectObject                                                                                                  0000000075034f70 5 bytes JMP 0000000110007aa8
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!SaveDC                                                                                                        0000000075036e05 5 bytes JMP 0000000110007a67
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!RestoreDC                                                                                                     0000000075036ead 5 bytes JMP 0000000110007a87
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!GetViewportOrgEx                                                                                              0000000075038659 5 bytes JMP 0000000110007931
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!SetViewportOrgEx                                                                                              00000000750386cc 5 bytes JMP 000000011000796b
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn                                                                                              000000007503879f 5 bytes JMP 0000000110007a21
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!GetClipRgn                                                                                                    0000000075038a43 5 bytes JMP 0000000110007b0c
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!GetRandomRgn                                                                                                  000000007503ae3a 5 bytes JMP 0000000110007b2f
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!SetWindowOrgEx                                                                                                000000007503af0a 5 bytes JMP 00000001100079c6
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!GetClipBox                                                                                                    000000007503af9f 5 bytes JMP 00000001100064ff
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!GetDCOrgEx                                                                                                    000000007503bcf3 5 bytes JMP 0000000110007aed
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\GDI32.dll!GetWindowOrgEx                                                                                                000000007503e310 5 bytes JMP 000000011000794e
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!TranslateMessage                                                                                             00000000765d7809 5 bytes JMP 0000000110007c42
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!GetMessageW                                                                                                  00000000765d78e2 5 bytes JMP 0000000110007711
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!GetMessageA                                                                                                  00000000765d7bd3 5 bytes JMP 00000001100076ca
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!GetWindowRect                                                                                                00000000765d7f34 5 bytes JMP 0000000110006a34
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!SetWindowLongW                                                                                               00000000765d8332 5 bytes JMP 00000001100078cd
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!MapWindowPoints                                                                                              00000000765d8c40 5 bytes JMP 0000000110007b90
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!SetWindowPos                                                                                                 00000000765d8e4e 5 bytes JMP 0000000110006b8f
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!DestroyWindow                                                                                                00000000765d9a55 5 bytes JMP 0000000110007135
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                              00000000765dd22e 5 bytes JMP 00000001100072e0
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                 00000000765e05ba 5 bytes JMP 0000000110007799
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!GetCursorPos                                                                                                 00000000765e1218 5 bytes JMP 0000000110006397
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!InvalidateRect                                                                                               00000000765e1381 5 bytes JMP 0000000110006a5b
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!RedrawWindow                                                                                                 00000000765e140b 5 bytes JMP 0000000110006acf
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!ScreenToClient                                                                                               00000000765e227d 5 bytes JMP 0000000110006b0f
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!ClientToScreen                                                                                               00000000765e2606 5 bytes JMP 00000001100068ff
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!SetWindowRgn                                                                                                 00000000765e284d 5 bytes JMP 000000011000752f
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                  00000000765e291f 5 bytes JMP 0000000110007beb
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!SetParent                                                                                                    00000000765e2d64 5 bytes JMP 000000011000615d
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!TrackMouseEvent                                                                                              00000000765e360e 5 bytes JMP 00000001100070a1
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!MoveWindow                                                                                                   00000000765e3698 5 bytes JMP 0000000110006aa1
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!SetWindowPlacement                                                                                           00000000765e4ab6 5 bytes JMP 00000001100070dc
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                 00000000765e5f74 5 bytes JMP 0000000110007758
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!SetWindowLongA                                                                                               00000000765e6110 5 bytes JMP 00000001100078b3
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!DeferWindowPos                                                                                               00000000765e640f 5 bytes JMP 0000000110006926
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!InvalidateRgn                                                                                                00000000765e6604 5 bytes JMP 0000000110007112
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!ValidateRect                                                                                                 00000000765e7849 5 bytes JMP 00000001100070fa
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!ValidateRgn                                                                                                  00000000765e8e72 5 bytes JMP 0000000110007469
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!ScrollWindow                                                                                                 00000000765e9320 5 bytes JMP 00000001100077da
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindow                                                                                          00000000765eba4a 5 bytes JMP 00000001100068a5
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW                                                                                   00000000765fce54 5 bytes JMP 00000001100074fa
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!ScrollWindowEx                                                                                               00000000765fd56b 5 bytes JMP 0000000110007803
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                             00000000765feb96 5 bytes JMP 0000000110007c09
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!GetKeyboardState                                                                                             00000000765fec68 5 bytes JMP 0000000110007040
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!SetLayeredWindowAttributes                                                                                   00000000765fec88 5 bytes JMP 00000001100070bc
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!WindowFromPoint                                                                                              00000000765fed12 5 bytes JMP 0000000110006c10
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                                                                               00000000765fed49 5 bytes JMP 000000011000705b
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!SetCapture                                                                                                   00000000765fed56 5 bytes JMP 0000000110006b36
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!SetForegroundWindow                                                                                          00000000765ff170 5 bytes JMP 0000000110007ce5
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW                                                                                00000000766010a0 5 bytes JMP 00000001100074c5
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                     00000000750b1465 2 bytes [0B, 75]
.text    C:\Program Files (x86)\Razer\Core\RazerCore.exe[3892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                    00000000750b14bb 2 bytes [0B, 75]
.text    ...                                                                                                                                                                                               * 2
.text    C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                  00000000750b1465 2 bytes [0B, 75]
.text    C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                 00000000750b14bb 2 bytes [0B, 75]
.text    ...                                                                                                                                                                                               * 2
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                           00000000750b1465 2 bytes [0B, 75]
.text    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[4332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          00000000750b14bb 2 bytes [0B, 75]
.text    ...                                                                                                                                                                                               * 2
.text    C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                  00000000750b1465 2 bytes [0B, 75]
.text    C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                 00000000750b14bb 2 bytes [0B, 75]
.text    ...                                                                                                                                                                                               * 2
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[4484] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69                                                                             00000000750b1465 2 bytes [0B, 75]
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[4484] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155                                                                            00000000750b14bb 2 bytes [0B, 75]
.text    ...                                                                                                                                                                                               * 2
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                           00000000750b1465 2 bytes [0B, 75]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          00000000750b14bb 2 bytes [0B, 75]
.text    ...                                                                                                                                                                                               * 2
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5516] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                                                    000000007632549c 5 bytes JMP 00000001003c0800
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5516] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                          00000000750b1465 2 bytes [0B, 75]
.text    C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5516] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                         00000000750b14bb 2 bytes [0B, 75]
.text    ...                                                                                                                                                                                               * 2

---- Threads - GMER 2.1 ----

Thread   c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [3952:3312]                                                                                                                        000007fef47c3e0c
Thread   c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [3952:3332]                                                                                                                        000007fef47c3e0c
Thread   c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [3952:3328]                                                                                                                        000007fef322c680
Thread   c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [3952:5824]                                                                                                                        000007fef47c3e0c
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [4364] (Razer Configurator/Razer Inc.)(2014-03-11 10:44:50)  0000000051630000

---- EOF - GMER 2.1 ----
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by KATHI (administrator) on KATHI-PC on 21-03-2014 22:02:03
Running from C:\Users\KATHI\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\RazerCore.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-27] ()
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [] - [X]
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1053056 2011-11-01] (Nokia)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [Razer Comms] - C:\Program Files (x86)\Razer\Core\RazerCore.exe [1094848 2013-12-11] (Razer, Inc.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\MountPoints2: {a435feca-e873-11e0-96ac-806e6f6e6963} - D:\Autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBED244D4817CCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {3A6147C0-360F-478F-A8B8-CD21201887F6} URL = 
SearchScopes: HKCU - {D791FBDB-8E33-4C0C-A01C-1AC3AFC2085F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=C4919090-DBBE-451D-BAF2-6C28642459DF&apn_sauid=A00794BA-F0A3-4993-BC90-E5CED8CE6CF3
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\KATHI\AppData\Roaming\Mozilla\Firefox\Profiles\w2ii0pkk.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=de_US&apn_uid=C4919090-DBBE-451D-BAF2-6C28642459DF&apn_ptnrs=U3&apn_sauid=A00794BA-F0A3-4993-BC90-E5CED8CE6CF3&apn_dtid=YYYYYYYYAT&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\KATHI\AppData\Roaming\Mozilla\Firefox\Profiles\w2ii0pkk.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: iCloud Bookmarks - C:\Users\KATHI\AppData\Roaming\Mozilla\Firefox\Profiles\w2ii0pkk.default\Extensions\firefoxdav@icloud.com [2013-12-20]
FF Extension: Ask Toolbar - C:\Users\KATHI\AppData\Roaming\Mozilla\Firefox\Profiles\w2ii0pkk.default\Extensions\toolbar@ask.com [2013-02-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [fe_7.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011-12-26]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-26]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-11] (Razer, Inc.)

==================== Drivers (Whitelisted) ====================

S1 6086719drv; C:\Windows\System32\DRIVERS\6086719drv.sys [556632 2013-12-25] ()
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\drivers\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-12-11] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-12-11] (Razer, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 22:02 - 2014-03-21 22:02 - 00023400 _____ () C:\Users\KATHI\Desktop\FRST.txt
2014-03-21 22:02 - 2014-03-21 22:02 - 00000000 ____D () C:\FRST
2014-03-21 22:00 - 2014-03-21 22:00 - 02157056 _____ (Farbar) C:\Users\KATHI\Desktop\FRST64.exe
2014-03-21 21:57 - 2014-03-21 21:58 - 00000472 _____ () C:\Users\KATHI\Desktop\defogger_disable.log
2014-03-21 21:57 - 2014-03-21 21:57 - 00000000 _____ () C:\Users\KATHI\defogger_reenable
2014-03-21 21:47 - 2014-03-21 21:47 - 00050477 _____ () C:\Users\KATHI\Desktop\Defogger.exe
2014-03-13 20:38 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 20:38 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 20:38 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 20:38 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 20:38 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 20:38 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 20:38 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 20:38 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 20:38 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 20:38 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 20:38 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 20:38 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 20:38 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 20:38 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 20:38 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 20:38 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 20:38 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 20:38 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 20:38 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 20:38 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 20:38 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 20:38 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 20:38 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 20:38 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 20:38 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 20:38 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 20:38 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 20:38 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 20:38 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 20:38 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 20:38 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 20:38 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 20:38 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 20:38 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 20:38 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 20:38 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 20:38 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 20:38 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 20:38 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 20:38 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 20:38 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 20:38 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 20:38 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 20:38 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 20:37 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 20:37 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 20:37 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 20:37 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-09 19:14 - 2014-03-09 19:14 - 02060742 _____ () C:\Users\KATHI\Downloads\Dandelion_3(1).zip
2014-03-09 18:49 - 2014-03-09 18:49 - 02060742 _____ () C:\Users\KATHI\Downloads\Dandelion_3.zip
2014-03-09 18:48 - 2014-03-09 18:48 - 00223312 _____ () C:\Users\KATHI\Downloads\FLVPlayerSetup-cU5LwNPg.exe
2014-03-02 11:09 - 2014-03-02 11:09 - 00000000 ____D () C:\Users\KATHI\AppData\Local\Skype
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-01 16:12 - 2014-03-01 16:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-01 16:02 - 2014-03-01 16:02 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======

2014-03-21 22:02 - 2014-03-21 22:02 - 00023400 _____ () C:\Users\KATHI\Desktop\FRST.txt
2014-03-21 22:02 - 2014-03-21 22:02 - 00000000 ____D () C:\FRST
2014-03-21 22:00 - 2014-03-21 22:00 - 02157056 _____ (Farbar) C:\Users\KATHI\Desktop\FRST64.exe
2014-03-21 21:58 - 2014-03-21 21:57 - 00000472 _____ () C:\Users\KATHI\Desktop\defogger_disable.log
2014-03-21 21:57 - 2014-03-21 21:57 - 00000000 _____ () C:\Users\KATHI\defogger_reenable
2014-03-21 21:57 - 2011-09-26 20:21 - 00000000 ____D () C:\Users\KATHI
2014-03-21 21:47 - 2014-03-21 21:47 - 00050477 _____ () C:\Users\KATHI\Desktop\Defogger.exe
2014-03-21 21:47 - 2012-06-04 14:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-21 21:38 - 2011-12-03 22:57 - 00000000 ____D () C:\Users\KATHI\AppData\Roaming\.minecraft
2014-03-21 20:47 - 2011-09-27 13:53 - 00000000 ____D () C:\Users\KATHI\AppData\Local\PMB Files
2014-03-21 20:34 - 2012-12-30 13:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-21 20:24 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 20:24 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 20:23 - 2011-09-26 20:19 - 01340607 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 20:17 - 2013-08-31 18:50 - 00000000 ____D () C:\Users\KATHI\AppData\Roaming\TS3Client
2014-03-21 20:17 - 2013-07-31 11:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-21 20:17 - 2012-07-22 14:41 - 00000000 ____D () C:\Users\KATHI\AppData\Local\LogMeIn Hamachi
2014-03-21 20:17 - 2011-12-26 14:08 - 00000000 ____D () C:\Users\KATHI\AppData\Local\Htc
2014-03-21 20:16 - 2011-10-26 18:26 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-03-21 20:16 - 2011-09-15 07:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-21 20:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 20:16 - 2009-07-14 05:51 - 00142237 _____ () C:\Windows\setupact.log
2014-03-20 21:55 - 2013-08-25 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 21:51 - 2011-09-26 20:28 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-20 19:24 - 2011-10-26 18:42 - 00000000 ____D () C:\Users\KATHI\AppData\Roaming\Skype
2014-03-15 22:51 - 2011-10-26 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-15 01:20 - 2011-12-26 12:53 - 00163540 _____ () C:\Windows\DPINST.LOG
2014-03-15 01:19 - 2013-12-24 18:09 - 00001952 _____ () C:\Users\KATHI\Desktop\Razer Synapse 2.0.lnk
2014-03-14 23:01 - 2014-01-17 18:40 - 00000000 ____D () C:\Users\KATHI\AppData\Local\CrashDumps
2014-03-14 18:05 - 2009-07-14 05:45 - 00341400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 18:04 - 2013-03-13 21:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 18:04 - 2013-03-13 21:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 18:47 - 2012-06-04 14:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 18:47 - 2012-06-04 14:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 18:47 - 2011-10-07 16:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 19:14 - 2014-03-09 19:14 - 02060742 _____ () C:\Users\KATHI\Downloads\Dandelion_3(1).zip
2014-03-09 18:49 - 2014-03-09 18:49 - 02060742 _____ () C:\Users\KATHI\Downloads\Dandelion_3.zip
2014-03-09 18:48 - 2014-03-09 18:48 - 00223312 _____ () C:\Users\KATHI\Downloads\FLVPlayerSetup-cU5LwNPg.exe
2014-03-04 18:23 - 2011-09-27 18:00 - 00000000 ____D () C:\Users\KATHI\AppData\Local\Turbine
2014-03-03 20:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-02 11:09 - 2014-03-02 11:09 - 00000000 ____D () C:\Users\KATHI\AppData\Local\Skype
2014-03-02 11:09 - 2011-10-26 18:41 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-02 11:09 - 2011-10-26 18:41 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-01 16:17 - 2012-12-25 14:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-01 16:12 - 2014-03-01 16:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-01 16:12 - 2012-12-25 14:42 - 00001852 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-01 16:02 - 2014-03-01 16:02 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-01 07:05 - 2014-03-13 20:38 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 20:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 20:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 20:38 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 20:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 20:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 20:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 20:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 20:38 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 20:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 20:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 20:38 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 20:38 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 20:38 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 20:38 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 20:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 20:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 20:38 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 20:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 20:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 20:38 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 20:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 20:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 20:38 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 20:38 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 20:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 20:38 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 20:38 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 20:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 20:38 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 20:38 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 20:38 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 20:38 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 20:38 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 20:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 20:38 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 20:38 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 20:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 20:38 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\KATHI\AppData\Local\Temp\ApnStub.exe
C:\Users\KATHI\AppData\Local\Temp\AskSLib.dll
C:\Users\KATHI\AppData\Local\Temp\EAD3572.exe
C:\Users\KATHI\AppData\Local\Temp\installerdll1604361.dll
C:\Users\KATHI\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\KATHI\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\KATHI\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\KATHI\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\KATHI\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\KATHI\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\KATHI\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\KATHI\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\KATHI\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\KATHI\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\KATHI\AppData\Local\Temp\NEventMessages.dll
C:\Users\KATHI\AppData\Local\Temp\Nokia_Suite_WU.exe
C:\Users\KATHI\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\KATHI\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\KATHI\AppData\Local\Temp\nvStInst.exe
C:\Users\KATHI\AppData\Local\Temp\Samsung_MonSetup_091006.exe
C:\Users\KATHI\AppData\Local\Temp\setup.exe
C:\Users\KATHI\AppData\Local\Temp\setup_3.0.5617.exe
C:\Users\KATHI\AppData\Local\Temp\setup_3.2.20.exe
C:\Users\KATHI\AppData\Local\Temp\SkypeSetup.exe
C:\Users\KATHI\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\KATHI\AppData\Local\Temp\UninstallEADM.dll
C:\Users\KATHI\AppData\Local\Temp\_is5CFD.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-14 18:27

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by KATHI at 2014-03-21 22:02:43
Running from C:\Users\KATHI\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Der Herr der Ringe Online v03.03.05.8039 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.03.05.8039 - Turbine, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.8.16603 - Blizzard Entertainment)
Die Sims Mittelalter Piraten und Edelleute (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.66.2 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Die*Sims*Mittelalter (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.109 - Electronic Arts)
Edna Bricht Aus - Sammler Edition (HKLM-x32\...\EdnaSE) (Version: 1.1 - Daedalic Entertainment)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Harveys Neue Augen (HKLM-x32\...\Harvey) (Version: 1.0 - Daedalic Entertainment)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (HKLM-x32\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 7 Update 2 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417002FF}) (Version: 7.0.20 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Standard für Schüler, Studierende und Lehrkräfte (HKLM-x32\...\{913D0407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{AF88496B-4BBA-4922-97E9-2582D3A28358}) (Version: 7.1.48.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.2.100.0 - Nokia)
Nokia Suite (x32 Version: 3.2.100.0 - Nokia) Hidden
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.)
PC Connectivity Solution (HKLM-x32\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 1.82.15 - Razer Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.56 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.17.22 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Recovery Tool (HKLM\...\Recovery Tool) (Version: 4.3.0.7 - DiTech GmbH)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Restore Points  =========================

07-03-2014 15:04:43 Windows Update
13-03-2014 19:35:13 Windows Update
13-03-2014 20:47:18 Windows Update
20-03-2014 17:30:12 Windows Update
20-03-2014 20:51:42 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0F91DDF2-AA2B-4EEC-A640-9F577BF0C0AC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {1104E5C5-59E1-4C6C-9DDD-314A1F7815E1} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {21C95780-962B-4928-8F3C-8789F7CC5F96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {37E1A39E-161D-4116-B952-E0EF95ADA791} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {3DCE1618-883F-4841-B565-3AB7FC6DE3F1} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5E230F40-59D1-4E5D-A3A4-0890BA56690C} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {95A6F263-D6DA-4672-969E-7EF0ED807ED8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A2677CCE-DB0D-4449-B9D7-CBBE83951ED3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {A311D4A3-BB50-4041-8AC5-514221B504F0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {F26094A1-6ABE-476E-B332-F6E7F2E91544} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-02-08] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-11-18 16:02 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-09-15 12:06 - 2011-09-15 12:06 - 00088576 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-12-17 18:38 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00651264 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 08172928 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 02288512 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 00919936 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 00346496 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2011-11-01 15:40 - 2011-11-01 15:40 - 00032640 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2011-11-01 15:40 - 2011-11-01 15:40 - 00034688 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2011-11-01 15:40 - 2011-11-01 15:40 - 00202624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 00196480 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 02252672 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 01294208 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 02557312 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2011-11-01 15:42 - 2011-11-01 15:42 - 00095104 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 00165248 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 00384896 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 10843520 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2011-11-01 15:42 - 2011-11-01 15:42 - 00272768 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2011-11-01 15:42 - 2011-11-01 15:42 - 00392064 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2011-11-01 15:42 - 2011-11-01 15:42 - 00058240 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2011-11-01 15:40 - 2011-11-01 15:40 - 00388480 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll
2011-11-01 15:39 - 2011-11-01 15:39 - 01041792 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll
2011-11-01 15:40 - 2011-11-01 15:40 - 00438144 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 00422272 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 00517504 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2011-11-01 15:41 - 2011-11-01 15:41 - 00682880 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2011-11-01 15:39 - 2011-11-01 15:39 - 00740736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2011-11-01 14:57 - 2011-11-01 14:57 - 00112640 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
2014-01-08 20:38 - 2013-12-12 23:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 20:38 - 2013-11-05 02:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-07-01 07:20 - 2014-02-11 03:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-07-26 13:46 - 2014-02-25 22:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-15 13:32 - 2014-01-11 00:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 14:49 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 14:49 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 14:49 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-03-23 11:15 - 2012-03-23 11:15 - 00988160 _____ () C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\libssh2.dll
2012-03-02 09:23 - 2012-03-02 09:23 - 00577621 _____ () C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\sqlite3.dll
2012-10-18 08:13 - 2012-10-18 08:13 - 04141056 _____ () C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\QQPYEngine.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00103936 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00389120 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00151552 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2012-04-17 15:05 - 2012-04-17 15:05 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2014-02-15 20:46 - 2014-02-15 20:46 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 18:47 - 2014-03-12 18:47 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2014 09:33:47 PM) (Source: Application Hang) (User: )
Description: Programm Skype.exe, Version 6.14.59.104 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f10

Startzeit: 01cf453a23784f7e

Endzeit: 2

Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID:

Error: (03/21/2014 08:29:53 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 1.0.0.10.in-addr.arpa. PTR KATHI-PC.local.

Error: (03/21/2014 08:29:53 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.1:5353   25 1.0.0.10.in-addr.arpa. PTR Katharinas-iPhone.local.

Error: (03/21/2014 08:18:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 08:17:19 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/20/2014 06:25:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 06:25:19 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/17/2014 07:34:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 07:34:25 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/17/2014 02:52:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/21/2014 08:16:43 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
6086719drv

Error: (03/20/2014 06:24:16 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
6086719drv

Error: (03/17/2014 07:33:01 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
6086719drv

Error: (03/17/2014 02:50:29 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
6086719drv

Error: (03/17/2014 02:50:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147014847

Error: (03/16/2014 10:51:52 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/16/2014 04:55:26 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.1
registriert werden. Der Computer mit IP-Adresse 10.0.0.3 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/16/2014 04:55:00 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
6086719drv

Error: (03/14/2014 10:51:12 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
6086719drv

Error: (03/14/2014 10:50:58 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎14.‎03.‎2014 um 22:49:24 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (03/21/2014 09:33:47 PM) (Source: Application Hang)(User: )
Description: Skype.exe6.14.59.104f1001cf453a23784f7e2C:\Program Files (x86)\Skype\Phone\Skype.exe

Error: (03/21/2014 08:29:53 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 1.0.0.10.in-addr.arpa. PTR KATHI-PC.local.

Error: (03/21/2014 08:29:53 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.1:5353   25 1.0.0.10.in-addr.arpa. PTR Katharinas-iPhone.local.

Error: (03/21/2014 08:18:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 08:17:19 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/20/2014 06:25:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2014 06:25:19 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/17/2014 07:34:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 07:34:25 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/17/2014 02:52:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-03-15 00:31:09.656
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 00:31:09.654
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 00:31:09.652
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 00:31:09.637
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 00:31:09.636
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-15 00:31:09.634
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-14 18:28:54.330
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-14 18:28:54.330
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-14 18:28:54.330
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-14 18:28:54.283
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 8169.41 MB
Available physical RAM: 5728.54 MB
Total Pagefile: 16337.01 MB
Available Pagefile: 13138.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:919.5 GB) (Free:747.41 GB) NTFS
Drive d: (Sims3EP11) (CDROM) (Total:6.15 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: FE2B9EAC)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 23.03.2014, 10:58   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



Zitat:
C:\Windows\System32\DRIVERS\6086719drv.sys
Diese Datei bitte bei www.virustotal.com scannen lassen, Link zum Ergebnis hier posten.


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.03.2014, 12:32   #5
Dorogai
 
Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



Ich kann den File 6086719drv.sys nicht finden!

Wenn ich über den Windows Explorer reingehe dann finde ich ihn -- aber nicht wenn ich ihn über www.virustotal.com suche.

Ich hab den File auf den Desktop kopiert. Damit konnte ich ihn verarbeiten.

https://www.virustotal.com/de/file/b86050bd08baeb51735249e691bef21fc36880d3560f9327d6b6f952213a3526/analysis/

Code:
ATTFilter
12:02:07.0741 0x1930  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
12:02:12.0648 0x1930  ============================================================
12:02:12.0648 0x1930  Current date / time: 2014/03/23 12:02:12.0648
12:02:12.0648 0x1930  SystemInfo:
12:02:12.0648 0x1930  
12:02:12.0648 0x1930  OS Version: 6.1.7601 ServicePack: 1.0
12:02:12.0648 0x1930  Product type: Workstation
12:02:12.0648 0x1930  ComputerName: KATHI-PC
12:02:12.0648 0x1930  UserName: KATHI
12:02:12.0648 0x1930  Windows directory: C:\Windows
12:02:12.0648 0x1930  System windows directory: C:\Windows
12:02:12.0648 0x1930  Running under WOW64
12:02:12.0648 0x1930  Processor architecture: Intel x64
12:02:12.0648 0x1930  Number of processors: 4
12:02:12.0648 0x1930  Page size: 0x1000
12:02:12.0648 0x1930  Boot type: Normal boot
12:02:12.0648 0x1930  ============================================================
12:02:12.0753 0x1930  KLMD registered as C:\Windows\system32\drivers\16658206.sys
12:02:12.0922 0x1930  System UUID: {84932F15-6673-CEF9-E2A5-218210E75640}
12:02:13.0370 0x1930  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:02:13.0382 0x1930  ============================================================
12:02:13.0382 0x1930  \Device\Harddisk0\DR0:
12:02:13.0383 0x1930  MBR partitions:
12:02:13.0383 0x1930  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x96000
12:02:13.0383 0x1930  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1806800, BlocksNum 0x72EFF800
12:02:13.0383 0x1930  ============================================================
12:02:13.0401 0x1930  C: <-> \Device\Harddisk0\DR0\Partition2
12:02:13.0401 0x1930  ============================================================
12:02:13.0401 0x1930  Initialize success
12:02:13.0401 0x1930  ============================================================
12:02:16.0356 0x1764  ============================================================
12:02:16.0356 0x1764  Scan started
12:02:16.0356 0x1764  Mode: Manual; 
12:02:16.0356 0x1764  ============================================================
12:02:16.0356 0x1764  KSN ping started
12:02:40.0785 0x1764  KSN ping finished: true
12:02:41.0023 0x1764  ================ Scan system memory ========================
12:02:41.0023 0x1764  System memory - ok
12:02:41.0023 0x1764  ================ Scan services =============================
12:02:41.0137 0x1764  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:02:41.0144 0x1764  1394ohci - ok
12:02:41.0237 0x1764  [ EC91F7A645312C041FB109EC0C404CFC, AD63C62860447906971AB3DD460C5EB3FDD907BA896405BB13CC3A7F9888B55B ] 6086719drv      C:\Windows\system32\DRIVERS\6086719drv.sys
12:02:41.0250 0x1764  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\6086719drv.sys. Real md5: EC91F7A645312C041FB109EC0C404CFC, sha256: AD63C62860447906971AB3DD460C5EB3FDD907BA896405BB13CC3A7F9888B55B, fake md5: AF34937075FC9B5FBF3D9F7E9C4BBCEB, fake sha256: B86050BD08BAEB51735249E691BEF21FC36880D3560F9327D6B6F952213A3526
12:02:41.0251 0x1764  6086719drv - detected ForgedFile.Multi.Generic ( 1 )
12:02:44.0109 0x1764  6086719drv ( ForgedFile.Multi.Generic ) - warning
12:02:46.0574 0x1764  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:02:46.0583 0x1764  ACPI - ok
12:02:46.0596 0x1764  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:02:46.0596 0x1764  AcpiPmi - ok
12:02:46.0648 0x1764  [ 11A52CF7B265631DEEB24C6149309EFF, CBA25D358185FD4BE261C6C1B518AD60F5D27D5FB418098AB262B10F5A11C178 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:02:46.0649 0x1764  AdobeARMservice - ok
12:02:46.0736 0x1764  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:02:46.0745 0x1764  AdobeFlashPlayerUpdateSvc - ok
12:02:46.0782 0x1764  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:02:46.0792 0x1764  adp94xx - ok
12:02:46.0825 0x1764  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:02:46.0832 0x1764  adpahci - ok
12:02:46.0839 0x1764  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:02:46.0842 0x1764  adpu320 - ok
12:02:46.0870 0x1764  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:02:46.0872 0x1764  AeLookupSvc - ok
12:02:46.0914 0x1764  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
12:02:46.0923 0x1764  AFD - ok
12:02:46.0940 0x1764  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:02:46.0942 0x1764  agp440 - ok
12:02:46.0952 0x1764  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:02:46.0955 0x1764  ALG - ok
12:02:46.0979 0x1764  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:02:46.0980 0x1764  aliide - ok
12:02:47.0008 0x1764  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:02:47.0009 0x1764  amdide - ok
12:02:47.0022 0x1764  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:02:47.0024 0x1764  AmdK8 - ok
12:02:47.0034 0x1764  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:02:47.0035 0x1764  AmdPPM - ok
12:02:47.0055 0x1764  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:02:47.0058 0x1764  amdsata - ok
12:02:47.0075 0x1764  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:02:47.0079 0x1764  amdsbs - ok
12:02:47.0093 0x1764  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:02:47.0094 0x1764  amdxata - ok
12:02:47.0106 0x1764  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
12:02:47.0107 0x1764  AppID - ok
12:02:47.0116 0x1764  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:02:47.0117 0x1764  AppIDSvc - ok
12:02:47.0144 0x1764  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
12:02:47.0145 0x1764  Appinfo - ok
12:02:47.0220 0x1764  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:02:47.0222 0x1764  Apple Mobile Device - ok
12:02:47.0237 0x1764  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
12:02:47.0239 0x1764  arc - ok
12:02:47.0254 0x1764  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:02:47.0256 0x1764  arcsas - ok
12:02:47.0331 0x1764  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:02:47.0334 0x1764  aspnet_state - ok
12:02:47.0354 0x1764  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:02:47.0356 0x1764  AsyncMac - ok
12:02:47.0390 0x1764  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:02:47.0392 0x1764  atapi - ok
12:02:47.0441 0x1764  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:02:47.0464 0x1764  AudioEndpointBuilder - ok
12:02:47.0489 0x1764  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:02:47.0503 0x1764  AudioSrv - ok
12:02:47.0567 0x1764  [ 7E91655B4947EC1B18B3BC1645839145, 4425326D019A7A6380B71D6710AD94D58A11E1BC5BA42159DD4A17437A296C48 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
12:02:47.0578 0x1764  AVP - ok
12:02:47.0608 0x1764  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:02:47.0612 0x1764  AxInstSV - ok
12:02:47.0654 0x1764  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:02:47.0664 0x1764  b06bdrv - ok
12:02:47.0707 0x1764  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:02:47.0712 0x1764  b57nd60a - ok
12:02:47.0758 0x1764  [ 93EE7D9C35AE7E9FFDA148D7805F1421, 9D88D5CC08F887B35A893FEC80D8CC4A9E4EAAF533E27D0F1B9CC36C171C92DA ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:02:47.0763 0x1764  BBSvc - ok
12:02:47.0787 0x1764  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:02:47.0790 0x1764  BDESVC - ok
12:02:47.0801 0x1764  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:02:47.0802 0x1764  Beep - ok
12:02:47.0977 0x1764  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:02:47.0989 0x1764  BFE - ok
12:02:48.0029 0x1764  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
12:02:48.0050 0x1764  BITS - ok
12:02:48.0061 0x1764  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
12:02:48.0062 0x1764  blbdrive - ok
12:02:48.0117 0x1764  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:02:48.0126 0x1764  Bonjour Service - ok
12:02:48.0146 0x1764  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:02:48.0148 0x1764  bowser - ok
12:02:48.0171 0x1764  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:02:48.0172 0x1764  BrFiltLo - ok
12:02:48.0183 0x1764  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:02:48.0184 0x1764  BrFiltUp - ok
12:02:48.0212 0x1764  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:02:48.0215 0x1764  Browser - ok
12:02:48.0234 0x1764  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:02:48.0240 0x1764  Brserid - ok
12:02:48.0260 0x1764  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:02:48.0262 0x1764  BrSerWdm - ok
12:02:48.0273 0x1764  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:02:48.0274 0x1764  BrUsbMdm - ok
12:02:48.0279 0x1764  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:02:48.0280 0x1764  BrUsbSer - ok
12:02:48.0287 0x1764  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:02:48.0289 0x1764  BTHMODEM - ok
12:02:48.0309 0x1764  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:02:48.0311 0x1764  bthserv - ok
12:02:48.0432 0x1764  [ BE531939BB6D153DB63DBBFBD398A713, CB63FD4051198A89EDB3CF45199F99F5816A672FA9374E166ED7A5D17ED47468 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
12:02:48.0455 0x1764  c2cautoupdatesvc - ok
12:02:48.0519 0x1764  [ 33E9F08F675EF94633C8EF8A7C4EADF3, E1556CF27F7FB3B03EE63F3464F5EE92E7B09E67C5D8AA4A9346FEEBD716A152 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
12:02:48.0549 0x1764  c2cpnrsvc - ok
12:02:48.0577 0x1764  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:02:48.0579 0x1764  cdfs - ok
12:02:48.0594 0x1764  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
12:02:48.0597 0x1764  cdrom - ok
12:02:48.0610 0x1764  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:02:48.0612 0x1764  CertPropSvc - ok
12:02:48.0619 0x1764  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:02:48.0621 0x1764  circlass - ok
12:02:48.0637 0x1764  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
12:02:48.0643 0x1764  CLFS - ok
12:02:48.0695 0x1764  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:02:48.0697 0x1764  clr_optimization_v2.0.50727_32 - ok
12:02:48.0724 0x1764  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:02:48.0727 0x1764  clr_optimization_v2.0.50727_64 - ok
12:02:48.0796 0x1764  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:02:48.0798 0x1764  clr_optimization_v4.0.30319_32 - ok
12:02:48.0807 0x1764  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:02:48.0811 0x1764  clr_optimization_v4.0.30319_64 - ok
12:02:48.0831 0x1764  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:02:48.0831 0x1764  CmBatt - ok
12:02:48.0857 0x1764  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:02:48.0858 0x1764  cmdide - ok
12:02:48.0891 0x1764  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
12:02:48.0899 0x1764  CNG - ok
12:02:48.0916 0x1764  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:02:48.0917 0x1764  Compbatt - ok
12:02:48.0942 0x1764  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:02:48.0943 0x1764  CompositeBus - ok
12:02:48.0946 0x1764  COMSysApp - ok
12:02:48.0962 0x1764  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:02:48.0963 0x1764  crcdisk - ok
12:02:48.0988 0x1764  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:02:48.0992 0x1764  CryptSvc - ok
12:02:49.0029 0x1764  [ 04199CA5C4A6F6E935906A74EAFCA8E7, F02E807E04DA16117E9E4D183186DF9425E9E1AD7CBC34AEED63A38F7D1E75E6 ] CSCrySec        C:\Windows\system32\DRIVERS\CSCrySec.sys
12:02:49.0031 0x1764  CSCrySec - ok
12:02:49.0096 0x1764  [ 0B7E221689F370C87F640C6D2EED7D3F, 2EBA565DAC2DC7182C43174BAAA373610C7083B57279CAD5EA5765E25EA27BCF ] CSObjectsSrv    C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
12:02:49.0117 0x1764  CSObjectsSrv - ok
12:02:49.0142 0x1764  [ 7D7F90460F1309B5205BF8CDFAD63E42, 885B9EA530E7B6D51DC24A5009F37A2D4CCACAFCA0A7CB693F4320E110AFFA4F ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
12:02:49.0144 0x1764  CSVirtualDiskDrv - ok
12:02:49.0179 0x1764  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:02:49.0189 0x1764  DcomLaunch - ok
12:02:49.0224 0x1764  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:02:49.0231 0x1764  defragsvc - ok
12:02:49.0254 0x1764  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:02:49.0257 0x1764  DfsC - ok
12:02:49.0284 0x1764  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:02:49.0290 0x1764  Dhcp - ok
12:02:49.0304 0x1764  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:02:49.0306 0x1764  discache - ok
12:02:49.0328 0x1764  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
12:02:49.0330 0x1764  Disk - ok
12:02:49.0342 0x1764  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:02:49.0346 0x1764  Dnscache - ok
12:02:49.0364 0x1764  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:02:49.0370 0x1764  dot3svc - ok
12:02:49.0399 0x1764  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:02:49.0403 0x1764  DPS - ok
12:02:49.0434 0x1764  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:02:49.0435 0x1764  drmkaud - ok
12:02:49.0481 0x1764  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:02:49.0497 0x1764  DXGKrnl - ok
12:02:49.0529 0x1764  [ 6BAFD9819D9FEC2EDBAEBC8493C711A4, 689A30C9F881D8C49F90A6C75DA816055B43B84776E815C1DE80B3933ADBB174 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
12:02:49.0535 0x1764  e1cexpress - ok
12:02:49.0547 0x1764  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:02:49.0550 0x1764  EapHost - ok
12:02:49.0644 0x1764  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:02:49.0729 0x1764  ebdrv - ok
12:02:49.0765 0x1764  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
12:02:49.0767 0x1764  EFS - ok
12:02:49.0804 0x1764  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:02:49.0818 0x1764  ehRecvr - ok
12:02:49.0833 0x1764  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:02:49.0837 0x1764  ehSched - ok
12:02:49.0867 0x1764  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:02:49.0876 0x1764  elxstor - ok
12:02:49.0885 0x1764  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:02:49.0886 0x1764  ErrDev - ok
12:02:49.0903 0x1764  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:02:49.0911 0x1764  EventSystem - ok
12:02:49.0925 0x1764  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:02:49.0928 0x1764  exfat - ok
12:02:49.0945 0x1764  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:02:49.0949 0x1764  fastfat - ok
12:02:50.0004 0x1764  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:02:50.0017 0x1764  Fax - ok
12:02:50.0043 0x1764  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
12:02:50.0044 0x1764  fdc - ok
12:02:50.0061 0x1764  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:02:50.0062 0x1764  fdPHost - ok
12:02:50.0073 0x1764  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:02:50.0075 0x1764  FDResPub - ok
12:02:50.0083 0x1764  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:02:50.0085 0x1764  FileInfo - ok
12:02:50.0095 0x1764  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:02:50.0096 0x1764  Filetrace - ok
12:02:50.0103 0x1764  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:02:50.0104 0x1764  flpydisk - ok
12:02:50.0123 0x1764  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:02:50.0128 0x1764  FltMgr - ok
12:02:50.0183 0x1764  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
12:02:50.0214 0x1764  FontCache - ok
12:02:50.0252 0x1764  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:02:50.0254 0x1764  FontCache3.0.0.0 - ok
12:02:50.0267 0x1764  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:02:50.0269 0x1764  FsDepends - ok
12:02:50.0287 0x1764  [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC, 7022722FA38E81F6F4D0EF9F0FBEDD27C09A238B5246A3C36AEAAC11FF76FE07 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
12:02:50.0289 0x1764  fssfltr - ok
12:02:50.0349 0x1764  [ 40CDFAD174B3D5E80F95DDA003C0B97F, 2DA149CE42B87681ECDCC8905D0957443F430A9C7002FF78F22A95F9112A7C4C ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:02:50.0391 0x1764  fsssvc - ok
12:02:50.0418 0x1764  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:02:50.0419 0x1764  Fs_Rec - ok
12:02:50.0457 0x1764  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:02:50.0461 0x1764  fvevol - ok
12:02:50.0481 0x1764  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:02:50.0483 0x1764  gagp30kx - ok
12:02:50.0522 0x1764  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:02:50.0523 0x1764  GEARAspiWDM - ok
12:02:50.0553 0x1764  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:02:50.0567 0x1764  gpsvc - ok
12:02:50.0589 0x1764  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
12:02:50.0590 0x1764  hamachi - ok
12:02:50.0701 0x1764  [ 2A94B104F6B64AE207D687F2AFFE8056, A42F8198A070C417554C34C2166137868506B5F7780DB7C13C0658013940F5D6 ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
12:02:50.0759 0x1764  Hamachi2Svc - ok
12:02:50.0812 0x1764  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:02:50.0813 0x1764  hcw85cir - ok
12:02:50.0836 0x1764  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:02:50.0843 0x1764  HdAudAddService - ok
12:02:50.0880 0x1764  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:02:50.0883 0x1764  HDAudBus - ok
12:02:50.0897 0x1764  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:02:50.0898 0x1764  HidBatt - ok
12:02:50.0907 0x1764  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:02:50.0909 0x1764  HidBth - ok
12:02:50.0937 0x1764  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:02:50.0939 0x1764  HidIr - ok
12:02:50.0949 0x1764  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
12:02:50.0951 0x1764  hidserv - ok
12:02:50.0983 0x1764  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:02:50.0984 0x1764  HidUsb - ok
12:02:50.0997 0x1764  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:02:51.0000 0x1764  hkmsvc - ok
12:02:51.0018 0x1764  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:02:51.0023 0x1764  HomeGroupListener - ok
12:02:51.0039 0x1764  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:02:51.0043 0x1764  HomeGroupProvider - ok
12:02:51.0058 0x1764  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:02:51.0060 0x1764  HpSAMD - ok
12:02:51.0085 0x1764  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:02:51.0087 0x1764  HTCAND64 - ok
12:02:51.0121 0x1764  [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
12:02:51.0124 0x1764  htcnprot - ok
12:02:51.0155 0x1764  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:02:51.0169 0x1764  HTTP - ok
12:02:51.0176 0x1764  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:02:51.0177 0x1764  hwpolicy - ok
12:02:51.0191 0x1764  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:02:51.0194 0x1764  i8042prt - ok
12:02:51.0208 0x1764  [ 87A72502C8AC5E89B5A46FF6E874F5C5, A72C8C96BA29B5894A3085CA2ADB6343FEFA79534B334416F8D4751CF8A30008 ] IAMTVE          C:\Windows\system32\drivers\IAMTVE.sys
12:02:51.0209 0x1764  IAMTVE - ok
12:02:51.0219 0x1764  [ 5516F8E518A2F6A8755498F3E73957CF, 55CCE4501B44F756D31BA0E353597F0C9E12FDFF7205B05114A8CF1D7D506365 ] IAMTXPE         C:\Windows\system32\drivers\IAMTXPE.sys
12:02:51.0221 0x1764  IAMTXPE - ok
12:02:51.0244 0x1764  [ F7CE9BE72EDAC499B713ECA6DAE5D26F, AF158C8ADF0815C406435AB051C8D8DD0ECBDBA8644CB75D7611980D70662193 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
12:02:51.0252 0x1764  iaStor - ok
12:02:51.0273 0x1764  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:02:51.0281 0x1764  iaStorV - ok
12:02:51.0329 0x1764  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:02:51.0352 0x1764  idsvc - ok
12:02:51.0373 0x1764  IEEtwCollectorService - ok
12:02:51.0386 0x1764  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:02:51.0387 0x1764  iirsp - ok
12:02:51.0433 0x1764  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:02:51.0456 0x1764  IKEEXT - ok
12:02:51.0534 0x1764  [ C03463214D23B46B991F582821C8DF69, 506AC5AAA65D865A61C14E94CC77054BDFA1CB756939636AE508FDC5685CB14D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:02:51.0576 0x1764  IntcAzAudAddService - ok
12:02:51.0595 0x1764  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:02:51.0596 0x1764  intelide - ok
12:02:51.0614 0x1764  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
12:02:51.0616 0x1764  intelppm - ok
12:02:51.0628 0x1764  [ E45575812630B049CE0F679D87561A4D, 2645B87960DAA51295530ECF5518E5872B17520293068E7DEA064FEAE3884E87 ] ioatdma1        C:\Windows\System32\Drivers\qd162x64.sys
12:02:51.0629 0x1764  ioatdma1 - ok
12:02:51.0637 0x1764  [ 2C23820DD9E81199E60F553EB50BC449, AF3847AD90A79E9D22DC67F4ED52B1D3FAF7C6420D60F2044C1FB49FD338BB70 ] ioatdma2        C:\Windows\System32\Drivers\qd262x64.sys
12:02:51.0638 0x1764  ioatdma2 - ok
12:02:51.0662 0x1764  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:02:51.0665 0x1764  IPBusEnum - ok
12:02:51.0676 0x1764  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:02:51.0678 0x1764  IpFilterDriver - ok
12:02:51.0721 0x1764  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:02:51.0732 0x1764  iphlpsvc - ok
12:02:51.0751 0x1764  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:02:51.0753 0x1764  IPMIDRV - ok
12:02:51.0758 0x1764  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:02:51.0760 0x1764  IPNAT - ok
12:02:51.0815 0x1764  [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:02:51.0826 0x1764  iPod Service - ok
12:02:51.0833 0x1764  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:02:51.0834 0x1764  IRENUM - ok
12:02:51.0849 0x1764  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:02:51.0850 0x1764  isapnp - ok
12:02:51.0871 0x1764  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:02:51.0876 0x1764  iScsiPrt - ok
12:02:51.0890 0x1764  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:02:51.0891 0x1764  kbdclass - ok
12:02:51.0909 0x1764  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:02:51.0911 0x1764  kbdhid - ok
12:02:51.0932 0x1764  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
12:02:51.0934 0x1764  KeyIso - ok
12:02:52.0152 0x1764  [ 1C6256096A341051509D36AD724830BE, 025F7E1E979DC8C4794FC7D3581D6BCF6E0F6DC327C6FCB925B6A8EDBE999A68 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
12:02:52.0279 0x1764  kl1 - ok
12:02:52.0323 0x1764  [ 788E5F92721849A17BD64883C49EB825, CEBCE3D9A84D31F597F8592F0E62C2E6ED8A492087F121B151E64903A86CAC52 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
12:02:52.0334 0x1764  KLIF - ok
12:02:52.0365 0x1764  [ 9BD99E1AB3F664120AB95C35F9EC1EB0, B78738689B5006A3CC7AF17FC4A28B604411512A6CD74CC3CC5602602E5CBA00 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
12:02:52.0366 0x1764  KLIM6 - ok
12:02:52.0380 0x1764  [ AEB50941C6D67128B14F88DB9917C4E0, 2ACE46665DE298CC197660A442A3172B1FB460A40BD18AECEA786ACB011FDA43 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
12:02:52.0381 0x1764  klkbdflt - ok
12:02:52.0394 0x1764  [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
12:02:52.0395 0x1764  klmouflt - ok
12:02:52.0405 0x1764  [ 45ECF097BC6330C2054D7D43B7AD822B, 41684ED54E75FE6BEEA322E7CE888DFDD53EE1F45016E01CE10B84ABB02CBDA8 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
12:02:52.0406 0x1764  kltdi - ok
12:02:52.0420 0x1764  [ 1FCB657B581CC4DF17FD6571F93602DE, D5D95773D19AA47BA619D149FD6068198E2AA05C219C3936E327B3DFFDE6B10C ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
12:02:52.0424 0x1764  kneps - ok
12:02:52.0448 0x1764  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:02:52.0450 0x1764  KSecDD - ok
12:02:52.0464 0x1764  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:02:52.0467 0x1764  KSecPkg - ok
12:02:52.0481 0x1764  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:02:52.0482 0x1764  ksthunk - ok
12:02:52.0511 0x1764  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:02:52.0520 0x1764  KtmRm - ok
12:02:52.0544 0x1764  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:02:52.0549 0x1764  LanmanServer - ok
12:02:52.0571 0x1764  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:02:52.0574 0x1764  LanmanWorkstation - ok
12:02:52.0598 0x1764  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:02:52.0600 0x1764  lltdio - ok
12:02:52.0624 0x1764  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:02:52.0631 0x1764  lltdsvc - ok
12:02:52.0634 0x1764  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:02:52.0636 0x1764  lmhosts - ok
12:02:52.0681 0x1764  [ E299C7D4AE6AF391F38EAE78D788E678, 830D9466FED497B793BD7AFC31053A903E41E4EE02765365E4D72BADA5C45338 ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
12:02:52.0688 0x1764  LMIGuardianSvc - ok
12:02:52.0710 0x1764  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:02:52.0713 0x1764  LSI_FC - ok
12:02:52.0738 0x1764  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:02:52.0741 0x1764  LSI_SAS - ok
12:02:52.0754 0x1764  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:02:52.0756 0x1764  LSI_SAS2 - ok
12:02:52.0767 0x1764  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:02:52.0770 0x1764  LSI_SCSI - ok
12:02:52.0784 0x1764  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:02:52.0787 0x1764  luafv - ok
12:02:52.0854 0x1764  [ CE6E5146039D248FEB991FBC9E2B6A7B, 4F995D56AF651EB75E3FFC2E5B1551AB9447E81C4376101594D5A763A5ECC4E9 ] lvpopf64        C:\Windows\system32\DRIVERS\lvpopf64.sys
12:02:52.0877 0x1764  lvpopf64 - ok
12:02:52.0920 0x1764  [ 6D5EA90F86F9B28CD44AF6BA9BE03BF9, 6A92EF21EB7543389649900BAB241A846DFE9CADF785D7352052C003AA717E5F ] LVUSBS64        C:\Windows\system32\drivers\LVUSBS64.sys
12:02:52.0922 0x1764  LVUSBS64 - ok
12:02:53.0027 0x1764  [ EB12688842EDE30C843A123FA6855858, 24DD1E4F32CA08EF2263100A3C65BF8D904BB0FFC55025519C477E7BAA31E064 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
12:02:53.0088 0x1764  LVUVC64 - ok
12:02:53.0109 0x1764  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:02:53.0112 0x1764  Mcx2Svc - ok
12:02:53.0131 0x1764  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:02:53.0132 0x1764  megasas - ok
12:02:53.0150 0x1764  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:02:53.0156 0x1764  MegaSR - ok
12:02:53.0175 0x1764  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
12:02:53.0177 0x1764  MEIx64 - ok
12:02:53.0194 0x1764  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:02:53.0196 0x1764  MMCSS - ok
12:02:53.0209 0x1764  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:02:53.0211 0x1764  Modem - ok
12:02:53.0235 0x1764  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:02:53.0236 0x1764  monitor - ok
12:02:53.0257 0x1764  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:02:53.0258 0x1764  mouclass - ok
12:02:53.0271 0x1764  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:02:53.0272 0x1764  mouhid - ok
12:02:53.0290 0x1764  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:02:53.0292 0x1764  mountmgr - ok
12:02:53.0343 0x1764  [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:02:53.0347 0x1764  MozillaMaintenance - ok
12:02:53.0357 0x1764  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:02:53.0361 0x1764  mpio - ok
12:02:53.0375 0x1764  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:02:53.0377 0x1764  mpsdrv - ok
12:02:53.0410 0x1764  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:02:53.0432 0x1764  MpsSvc - ok
12:02:53.0466 0x1764  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:02:53.0469 0x1764  MRxDAV - ok
12:02:53.0491 0x1764  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:02:53.0494 0x1764  mrxsmb - ok
12:02:53.0518 0x1764  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:02:53.0523 0x1764  mrxsmb10 - ok
12:02:53.0533 0x1764  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:02:53.0535 0x1764  mrxsmb20 - ok
12:02:53.0561 0x1764  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:02:53.0562 0x1764  msahci - ok
12:02:53.0593 0x1764  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:02:53.0597 0x1764  msdsm - ok
12:02:53.0606 0x1764  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:02:53.0610 0x1764  MSDTC - ok
12:02:53.0627 0x1764  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:02:53.0628 0x1764  Msfs - ok
12:02:53.0637 0x1764  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:02:53.0639 0x1764  mshidkmdf - ok
12:02:53.0651 0x1764  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:02:53.0652 0x1764  msisadrv - ok
12:02:53.0677 0x1764  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:02:53.0681 0x1764  MSiSCSI - ok
12:02:53.0684 0x1764  msiserver - ok
12:02:53.0706 0x1764  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:02:53.0708 0x1764  MSKSSRV - ok
12:02:53.0727 0x1764  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:02:53.0728 0x1764  MSPCLOCK - ok
12:02:53.0736 0x1764  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:02:53.0738 0x1764  MSPQM - ok
12:02:53.0761 0x1764  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:02:53.0767 0x1764  MsRPC - ok
12:02:53.0783 0x1764  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:02:53.0784 0x1764  mssmbios - ok
12:02:53.0787 0x1764  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:02:53.0789 0x1764  MSTEE - ok
12:02:53.0799 0x1764  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:02:53.0800 0x1764  MTConfig - ok
12:02:53.0809 0x1764  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:02:53.0811 0x1764  Mup - ok
12:02:53.0839 0x1764  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:02:53.0848 0x1764  napagent - ok
12:02:53.0872 0x1764  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:02:53.0879 0x1764  NativeWifiP - ok
12:02:53.0924 0x1764  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:02:53.0940 0x1764  NDIS - ok
12:02:53.0954 0x1764  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:02:53.0956 0x1764  NdisCap - ok
12:02:53.0975 0x1764  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:02:53.0976 0x1764  NdisTapi - ok
12:02:53.0985 0x1764  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:02:53.0987 0x1764  Ndisuio - ok
12:02:53.0999 0x1764  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:02:54.0002 0x1764  NdisWan - ok
12:02:54.0011 0x1764  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:02:54.0013 0x1764  NDProxy - ok
12:02:54.0025 0x1764  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:02:54.0026 0x1764  NetBIOS - ok
12:02:54.0041 0x1764  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:02:54.0046 0x1764  NetBT - ok
12:02:54.0057 0x1764  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
12:02:54.0059 0x1764  Netlogon - ok
12:02:54.0086 0x1764  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:02:54.0093 0x1764  Netman - ok
12:02:54.0130 0x1764  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:02:54.0134 0x1764  NetMsmqActivator - ok
12:02:54.0147 0x1764  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:02:54.0149 0x1764  NetPipeActivator - ok
12:02:54.0169 0x1764  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:02:54.0178 0x1764  netprofm - ok
12:02:54.0188 0x1764  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:02:54.0191 0x1764  NetTcpActivator - ok
12:02:54.0195 0x1764  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:02:54.0198 0x1764  NetTcpPortSharing - ok
12:02:54.0211 0x1764  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:02:54.0213 0x1764  nfrd960 - ok
12:02:54.0243 0x1764  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:02:54.0249 0x1764  NlaSvc - ok
12:02:54.0283 0x1764  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2, 7A3FA5B779CBBED46CA81328951B71352E4FC60153A91965877834EC7C6F0074 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
12:02:54.0284 0x1764  nmwcd - ok
12:02:54.0294 0x1764  [ 41C1AC1F3613435EB32D67BCB80A5FA5, 93A313BC4A7FA2FC3372CFBF2D76F417007B4A82455092724D3B0B6FA5A88F23 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
12:02:54.0296 0x1764  nmwcdc - ok
12:02:54.0311 0x1764  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:02:54.0312 0x1764  Npfs - ok
12:02:54.0318 0x1764  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:02:54.0320 0x1764  nsi - ok
12:02:54.0326 0x1764  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:02:54.0327 0x1764  nsiproxy - ok
12:02:54.0387 0x1764  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:02:54.0428 0x1764  Ntfs - ok
12:02:54.0437 0x1764  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:02:54.0437 0x1764  Null - ok
12:02:54.0462 0x1764  [ 285ACEC1B13A15BA520AAE06BACB9CFF, A6F576763818D4EAB2CDA3857F2963F61FDA67D7B581C52E1EB1DDB32FD642C3 ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
12:02:54.0465 0x1764  nusb3hub - ok
12:02:54.0485 0x1764  [ F6D625FF7B56BB6EA063F0D3A5BBC996, 830196E96C120367BDA8C0EC9D7B85A642D41E8108189B1A72193299A6C005B1 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
12:02:54.0489 0x1764  nusb3xhc - ok
12:02:54.0523 0x1764  [ 554964B900AE2954B8B589B6287034AC, C6C9EA3ADAFEBBF2AF944E4A0656BD795AD37706008CC0CA3F2150BD709476E7 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
12:02:54.0526 0x1764  NVHDA - ok
12:02:54.0847 0x1764  [ E71E299FF15390E585BACF2C18F55078, 7A51D989DA55349B1761839DEAFD593B6E6F88C433B132E7B027467E050FBA67 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:02:55.0055 0x1764  nvlddmkm - ok
12:02:55.0150 0x1764  [ 1C7C6D7481CABD4EF38A81F5B68F02E8, C4FBE81B8A3F280EEAC282D76626E849197EDEEC8C755B7B12E3594776390DE7 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
12:02:55.0175 0x1764  NvNetworkService - ok
12:02:55.0193 0x1764  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:02:55.0197 0x1764  nvraid - ok
12:02:55.0209 0x1764  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:02:55.0213 0x1764  nvstor - ok
12:02:55.0635 0x1764  [ 7A03646D5330A790A9D47D9F9C38758D, D22F100BBB94C45468ADD301CC96C15365FEAEC9FE820AA4E7AB1A7AF486E3B0 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
12:02:55.0997 0x1764  NvStreamSvc - ok
12:02:56.0047 0x1764  [ E66F316679BF5D6AD512F81C28797FF1, 9145B17A28149A72168D7051DCC26E6BE4DB2E43CE7B1737AA6EA82D4A88CA0B ] NvStUSB         C:\Windows\system32\drivers\nvstusb.sys
12:02:56.0054 0x1764  NvStUSB - ok
12:02:56.0100 0x1764  [ 415695F5A54E91E869EEBFEA261361A6, 1829C15E07D902686171C8A66EB03040A037CAC1E00E24BF598030D9DA795CEC ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:02:56.0126 0x1764  nvsvc - ok
12:02:56.0136 0x1764  [ 09216A70CC364D0974F606F6F2109210, 60877154D4DF5287D1989CDAA9863CD6DACA528D06233238498854A10C868C20 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
12:02:56.0137 0x1764  nvvad_WaveExtensible - ok
12:02:56.0163 0x1764  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:02:56.0166 0x1764  nv_agp - ok
12:02:56.0180 0x1764  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:02:56.0182 0x1764  ohci1394 - ok
12:02:56.0211 0x1764  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:02:56.0218 0x1764  p2pimsvc - ok
12:02:56.0246 0x1764  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:02:56.0255 0x1764  p2psvc - ok
12:02:56.0265 0x1764  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
12:02:56.0268 0x1764  Parport - ok
12:02:56.0300 0x1764  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:02:56.0302 0x1764  partmgr - ok
12:02:56.0355 0x1764  [ 39B9DCD7040654C2E57D7396736C718E, 70A637A955A2611E5ADA31FDD4B1D7EEECFBC22504A770DA71B502E160AEDAFD ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
12:02:56.0358 0x1764  PassThru Service - ok
12:02:56.0369 0x1764  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:02:56.0373 0x1764  PcaSvc - ok
12:02:56.0406 0x1764  [ BC0018C2D29F655188A0ED3FA94FDB24, BCF7F2CA5E30F569AEB69049BA3C196982C72EA7264CFBA59D7123041BA96E5A ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
12:02:56.0408 0x1764  pccsmcfd - ok
12:02:56.0435 0x1764  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:02:56.0439 0x1764  pci - ok
12:02:56.0474 0x1764  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:02:56.0475 0x1764  pciide - ok
12:02:56.0491 0x1764  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:02:56.0497 0x1764  pcmcia - ok
12:02:56.0510 0x1764  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:02:56.0512 0x1764  pcw - ok
12:02:56.0537 0x1764  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:02:56.0549 0x1764  PEAUTH - ok
12:02:56.0602 0x1764  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:02:56.0604 0x1764  PerfHost - ok
12:02:56.0656 0x1764  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:02:56.0699 0x1764  pla - ok
12:02:56.0752 0x1764  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:02:56.0760 0x1764  PlugPlay - ok
12:02:56.0771 0x1764  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:02:56.0773 0x1764  PNRPAutoReg - ok
12:02:56.0795 0x1764  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:02:56.0801 0x1764  PNRPsvc - ok
12:02:56.0828 0x1764  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:02:56.0838 0x1764  PolicyAgent - ok
12:02:56.0861 0x1764  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:02:56.0865 0x1764  Power - ok
12:02:56.0890 0x1764  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:02:56.0893 0x1764  PptpMiniport - ok
12:02:56.0915 0x1764  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
12:02:56.0917 0x1764  Processor - ok
12:02:56.0945 0x1764  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:02:56.0949 0x1764  ProfSvc - ok
12:02:56.0957 0x1764  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:02:56.0958 0x1764  ProtectedStorage - ok
12:02:56.0985 0x1764  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:02:56.0988 0x1764  Psched - ok
12:02:57.0054 0x1764  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:02:57.0140 0x1764  ql2300 - ok
12:02:57.0155 0x1764  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:02:57.0158 0x1764  ql40xx - ok
12:02:57.0180 0x1764  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:02:57.0186 0x1764  QWAVE - ok
12:02:57.0198 0x1764  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:02:57.0200 0x1764  QWAVEdrv - ok
12:02:57.0210 0x1764  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:02:57.0211 0x1764  RasAcd - ok
12:02:57.0231 0x1764  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:02:57.0232 0x1764  RasAgileVpn - ok
12:02:57.0245 0x1764  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:02:57.0249 0x1764  RasAuto - ok
12:02:57.0260 0x1764  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:02:57.0263 0x1764  Rasl2tp - ok
12:02:57.0281 0x1764  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:02:57.0290 0x1764  RasMan - ok
12:02:57.0299 0x1764  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:02:57.0302 0x1764  RasPppoe - ok
12:02:57.0310 0x1764  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:02:57.0312 0x1764  RasSstp - ok
12:02:57.0331 0x1764  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:02:57.0336 0x1764  rdbss - ok
12:02:57.0345 0x1764  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:02:57.0347 0x1764  rdpbus - ok
12:02:57.0370 0x1764  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:02:57.0371 0x1764  RDPCDD - ok
12:02:57.0377 0x1764  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:02:57.0378 0x1764  RDPENCDD - ok
12:02:57.0391 0x1764  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:02:57.0392 0x1764  RDPREFMP - ok
12:02:57.0427 0x1764  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:02:57.0428 0x1764  RdpVideoMiniport - ok
12:02:57.0450 0x1764  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:02:57.0458 0x1764  RDPWD - ok
12:02:57.0478 0x1764  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:02:57.0485 0x1764  rdyboost - ok
12:02:57.0502 0x1764  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:02:57.0505 0x1764  RemoteAccess - ok
12:02:57.0515 0x1764  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:02:57.0520 0x1764  RemoteRegistry - ok
12:02:57.0534 0x1764  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:02:57.0537 0x1764  RpcEptMapper - ok
12:02:57.0553 0x1764  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:02:57.0555 0x1764  RpcLocator - ok
12:02:57.0580 0x1764  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
12:02:57.0590 0x1764  RpcSs - ok
12:02:57.0599 0x1764  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:02:57.0601 0x1764  rspndr - ok
12:02:57.0632 0x1764  [ 2EFBEAAC418D8C28C0800C76814856ED, A633BF1C4E2ABBAF375B1840E3ABD8C3BFEBD73C49878A3F9CEE96FF1B7372F7 ] RzDxgk          C:\Windows\system32\drivers\RzDxgk.sys
12:02:57.0634 0x1764  RzDxgk - ok
12:02:57.0668 0x1764  [ E33510C28301569AD99D4E02A14C28A7, B725007A43D3BAD0B6FAEEA5035CE4625E63D006C8A7C1BDA8A809FF1CE1E62A ] rzendpt         C:\Windows\system32\DRIVERS\rzendpt.sys
12:02:57.0669 0x1764  rzendpt - ok
12:02:57.0688 0x1764  [ C79B033548410568785CA35A2312FAA4, DBEBB664D47EFA24B0BF9A26830FD2D32B514ECDA61D59C5C4F05019D5978F3C ] RzFilter        C:\Windows\system32\drivers\RzFilter.sys
12:02:57.0691 0x1764  RzFilter - ok
12:02:57.0739 0x1764  [ 95E6A3113FAFB30A38B02F3489844849, EC854EF3B46BA97F563270496ED4011AB8280C0A41E73D5459E21A245684D3E1 ] RzOvlMon        C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
12:02:57.0740 0x1764  RzOvlMon - ok
12:02:57.0769 0x1764  [ 2ABDAE282DBC2D2FB11144184517F850, A68C3B0CCB0441C22BD27F69D22ADF2183613B8B3F9317B89279418A02E78384 ] rzudd           C:\Windows\system32\DRIVERS\rzudd.sys
12:02:57.0772 0x1764  rzudd - ok
12:02:57.0782 0x1764  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
12:02:57.0783 0x1764  SamSs - ok
12:02:57.0800 0x1764  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:02:57.0803 0x1764  sbp2port - ok
12:02:57.0817 0x1764  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:02:57.0822 0x1764  SCardSvr - ok
12:02:57.0833 0x1764  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:02:57.0834 0x1764  scfilter - ok
12:02:57.0868 0x1764  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:02:57.0897 0x1764  Schedule - ok
12:02:57.0943 0x1764  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:02:57.0945 0x1764  SCPolicySvc - ok
12:02:57.0955 0x1764  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:02:57.0960 0x1764  SDRSVC - ok
12:02:57.0992 0x1764  [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:02:57.0997 0x1764  SeaPort - ok
12:02:58.0004 0x1764  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:02:58.0005 0x1764  secdrv - ok
12:02:58.0016 0x1764  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:02:58.0018 0x1764  seclogon - ok
12:02:58.0028 0x1764  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
12:02:58.0030 0x1764  SENS - ok
12:02:58.0036 0x1764  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:02:58.0039 0x1764  SensrSvc - ok
12:02:58.0054 0x1764  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:02:58.0056 0x1764  Serenum - ok
12:02:58.0072 0x1764  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
12:02:58.0075 0x1764  Serial - ok
12:02:58.0105 0x1764  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:02:58.0107 0x1764  sermouse - ok
12:02:58.0163 0x1764  [ 668043F192AB9659761A349A4703600D, 44443E477A38913C6973817C06C25A776574F2C0F9F52609F070BAFA836EBE2E ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
12:02:58.0178 0x1764  ServiceLayer - ok
12:02:58.0202 0x1764  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:02:58.0206 0x1764  SessionEnv - ok
12:02:58.0228 0x1764  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:02:58.0229 0x1764  sffdisk - ok
12:02:58.0240 0x1764  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:02:58.0241 0x1764  sffp_mmc - ok
12:02:58.0266 0x1764  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:02:58.0267 0x1764  sffp_sd - ok
12:02:58.0277 0x1764  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:02:58.0278 0x1764  sfloppy - ok
12:02:58.0309 0x1764  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:02:58.0317 0x1764  SharedAccess - ok
12:02:58.0343 0x1764  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:02:58.0350 0x1764  ShellHWDetection - ok
12:02:58.0362 0x1764  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:02:58.0364 0x1764  SiSRaid2 - ok
12:02:58.0382 0x1764  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:02:58.0384 0x1764  SiSRaid4 - ok
12:02:58.0549 0x1764  [ 388AE59FE75F1B959DFA0900923C61BB, 0D47F8B4B4FBE5BF041DBE75B0A14D905E9310FFA6F0160746455B38A349EA54 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:02:58.0622 0x1764  Skype C2C Service - ok
12:02:58.0692 0x1764  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:02:58.0698 0x1764  SkypeUpdate - ok
12:02:58.0728 0x1764  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:02:58.0731 0x1764  Smb - ok
12:02:58.0759 0x1764  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:02:58.0761 0x1764  SNMPTRAP - ok
12:02:58.0769 0x1764  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:02:58.0771 0x1764  spldr - ok
12:02:58.0807 0x1764  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:02:58.0821 0x1764  Spooler - ok
12:02:58.0929 0x1764  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:02:59.0040 0x1764  sppsvc - ok
12:02:59.0055 0x1764  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:02:59.0058 0x1764  sppuinotify - ok
12:02:59.0085 0x1764  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:02:59.0092 0x1764  srv - ok
12:02:59.0114 0x1764  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:02:59.0121 0x1764  srv2 - ok
12:02:59.0133 0x1764  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:02:59.0136 0x1764  srvnet - ok
12:02:59.0148 0x1764  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:02:59.0153 0x1764  SSDPSRV - ok
12:02:59.0163 0x1764  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:02:59.0166 0x1764  SstpSvc - ok
12:02:59.0217 0x1764  [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:02:59.0237 0x1764  Steam Client Service - ok
12:02:59.0292 0x1764  [ A9D26626BEADF5A0641BF6B5095EF309, EABC711466FECA20058D7E24CA2593059E1F113B38A2E7574822E48BFBBF4146 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:02:59.0301 0x1764  Stereo Service - ok
12:02:59.0312 0x1764  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:02:59.0314 0x1764  stexstor - ok
12:02:59.0343 0x1764  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:02:59.0357 0x1764  stisvc - ok
12:02:59.0376 0x1764  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:02:59.0377 0x1764  swenum - ok
12:02:59.0398 0x1764  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:02:59.0412 0x1764  swprv - ok
12:02:59.0469 0x1764  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
12:02:59.0513 0x1764  SysMain - ok
12:02:59.0579 0x1764  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:02:59.0585 0x1764  TabletInputService - ok
12:02:59.0604 0x1764  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:02:59.0618 0x1764  TapiSrv - ok
12:02:59.0625 0x1764  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:02:59.0628 0x1764  TBS - ok
12:02:59.0702 0x1764  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:02:59.0767 0x1764  Tcpip - ok
12:02:59.0828 0x1764  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:02:59.0860 0x1764  TCPIP6 - ok
12:02:59.0894 0x1764  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:02:59.0895 0x1764  tcpipreg - ok
12:02:59.0910 0x1764  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:02:59.0911 0x1764  TDPIPE - ok
12:02:59.0932 0x1764  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:02:59.0934 0x1764  TDTCP - ok
12:02:59.0955 0x1764  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:02:59.0958 0x1764  tdx - ok
12:02:59.0972 0x1764  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:02:59.0974 0x1764  TermDD - ok
12:03:00.0001 0x1764  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
12:03:00.0015 0x1764  TermService - ok
12:03:00.0036 0x1764  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:03:00.0039 0x1764  Themes - ok
12:03:00.0060 0x1764  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:03:00.0062 0x1764  THREADORDER - ok
12:03:00.0072 0x1764  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:03:00.0075 0x1764  TrkWks - ok
12:03:00.0110 0x1764  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:03:00.0115 0x1764  TrustedInstaller - ok
12:03:00.0135 0x1764  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:03:00.0136 0x1764  tssecsrv - ok
12:03:00.0173 0x1764  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:03:00.0175 0x1764  TsUsbFlt - ok
12:03:00.0198 0x1764  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:03:00.0199 0x1764  TsUsbGD - ok
12:03:00.0223 0x1764  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:03:00.0226 0x1764  tunnel - ok
12:03:00.0248 0x1764  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:03:00.0250 0x1764  uagp35 - ok
12:03:00.0266 0x1764  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:03:00.0273 0x1764  udfs - ok
12:03:00.0283 0x1764  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:03:00.0286 0x1764  UI0Detect - ok
12:03:00.0307 0x1764  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:03:00.0309 0x1764  uliagpkx - ok
12:03:00.0317 0x1764  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
12:03:00.0319 0x1764  umbus - ok
12:03:00.0344 0x1764  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:03:00.0345 0x1764  UmPass - ok
12:03:00.0368 0x1764  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:03:00.0375 0x1764  upnphost - ok
12:03:00.0400 0x1764  [ 4E93C8496359E97830C75AC36393654D, D0482257B019512D77484D92E4DEFEFE4FED53CB440ACB7AA879D6FD0574FA9A ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
12:03:00.0402 0x1764  upperdev - ok
12:03:00.0432 0x1764  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:03:00.0434 0x1764  USBAAPL64 - ok
12:03:00.0464 0x1764  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:03:00.0467 0x1764  usbaudio - ok
12:03:00.0492 0x1764  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:03:00.0494 0x1764  usbccgp - ok
12:03:00.0518 0x1764  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:03:00.0523 0x1764  usbcir - ok
12:03:00.0550 0x1764  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:03:00.0552 0x1764  usbehci - ok
12:03:00.0590 0x1764  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:03:00.0597 0x1764  usbhub - ok
12:03:00.0623 0x1764  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:03:00.0625 0x1764  usbohci - ok
12:03:00.0649 0x1764  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
12:03:00.0651 0x1764  usbprint - ok
12:03:00.0672 0x1764  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\drivers\usbser.sys
12:03:00.0674 0x1764  usbser - ok
12:03:00.0683 0x1764  [ 8844CB19A37B65E27049D4A7786726A9, 4D772174A320F02E2F87BDF8C6EBBFDE04C9763D3C21FE9557DE938521508A59 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
12:03:00.0684 0x1764  UsbserFilt - ok
12:03:00.0701 0x1764  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:03:00.0703 0x1764  USBSTOR - ok
12:03:00.0725 0x1764  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:03:00.0726 0x1764  usbuhci - ok
12:03:00.0770 0x1764  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
12:03:00.0772 0x1764  usb_rndisx - ok
12:03:00.0794 0x1764  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:03:00.0796 0x1764  UxSms - ok
12:03:00.0807 0x1764  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
12:03:00.0808 0x1764  VaultSvc - ok
12:03:00.0826 0x1764  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:03:00.0827 0x1764  vdrvroot - ok
12:03:00.0849 0x1764  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:03:00.0861 0x1764  vds - ok
12:03:00.0890 0x1764  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:03:00.0892 0x1764  vga - ok
12:03:00.0900 0x1764  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:03:00.0901 0x1764  VgaSave - ok
12:03:00.0922 0x1764  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:03:00.0927 0x1764  vhdmp - ok
12:03:00.0945 0x1764  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:03:00.0946 0x1764  viaide - ok
12:03:00.0968 0x1764  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:03:00.0970 0x1764  volmgr - ok
12:03:00.0992 0x1764  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:03:00.0999 0x1764  volmgrx - ok
12:03:01.0021 0x1764  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:03:01.0026 0x1764  volsnap - ok
12:03:01.0042 0x1764  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:03:01.0046 0x1764  vsmraid - ok
12:03:01.0097 0x1764  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:03:01.0173 0x1764  VSS - ok
12:03:01.0187 0x1764  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:03:01.0188 0x1764  vwifibus - ok
12:03:01.0214 0x1764  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:03:01.0223 0x1764  W32Time - ok
12:03:01.0233 0x1764  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:03:01.0234 0x1764  WacomPen - ok
12:03:01.0253 0x1764  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:03:01.0255 0x1764  WANARP - ok
12:03:01.0259 0x1764  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:03:01.0261 0x1764  Wanarpv6 - ok
12:03:01.0312 0x1764  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:03:01.0347 0x1764  WatAdminSvc - ok
12:03:01.0391 0x1764  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:03:01.0434 0x1764  wbengine - ok
12:03:01.0450 0x1764  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:03:01.0456 0x1764  WbioSrvc - ok
12:03:01.0475 0x1764  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:03:01.0484 0x1764  wcncsvc - ok
12:03:01.0490 0x1764  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:03:01.0493 0x1764  WcsPlugInService - ok
12:03:01.0507 0x1764  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
12:03:01.0508 0x1764  Wd - ok
12:03:01.0547 0x1764  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:03:01.0561 0x1764  Wdf01000 - ok
12:03:01.0576 0x1764  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:03:01.0579 0x1764  WdiServiceHost - ok
12:03:01.0583 0x1764  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:03:01.0586 0x1764  WdiSystemHost - ok
12:03:01.0614 0x1764  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
12:03:01.0621 0x1764  WebClient - ok
12:03:01.0635 0x1764  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:03:01.0642 0x1764  Wecsvc - ok
12:03:01.0653 0x1764  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:03:01.0656 0x1764  wercplsupport - ok
12:03:01.0667 0x1764  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:03:01.0670 0x1764  WerSvc - ok
12:03:01.0696 0x1764  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:03:01.0697 0x1764  WfpLwf - ok
12:03:01.0703 0x1764  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:03:01.0705 0x1764  WIMMount - ok
12:03:01.0719 0x1764  WinDefend - ok
12:03:01.0727 0x1764  WinHttpAutoProxySvc - ok
12:03:01.0772 0x1764  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:03:01.0777 0x1764  Winmgmt - ok
12:03:01.0837 0x1764  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:03:01.0924 0x1764  WinRM - ok
12:03:01.0960 0x1764  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:03:01.0962 0x1764  WinUsb - ok
12:03:01.0989 0x1764  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:03:02.0014 0x1764  Wlansvc - ok
12:03:02.0063 0x1764  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:03:02.0066 0x1764  wlcrasvc - ok
12:03:02.0163 0x1764  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:03:02.0220 0x1764  wlidsvc - ok
12:03:02.0233 0x1764  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:03:02.0234 0x1764  WmiAcpi - ok
12:03:02.0261 0x1764  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:03:02.0266 0x1764  wmiApSrv - ok
12:03:02.0282 0x1764  WMPNetworkSvc - ok
12:03:02.0303 0x1764  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:03:02.0305 0x1764  WPCSvc - ok
12:03:02.0316 0x1764  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:03:02.0319 0x1764  WPDBusEnum - ok
12:03:02.0337 0x1764  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:03:02.0338 0x1764  ws2ifsl - ok
12:03:02.0352 0x1764  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
12:03:02.0355 0x1764  wscsvc - ok
12:03:02.0358 0x1764  WSearch - ok
12:03:02.0439 0x1764  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:03:02.0506 0x1764  wuauserv - ok
12:03:02.0536 0x1764  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:03:02.0539 0x1764  WudfPf - ok
12:03:02.0553 0x1764  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:03:02.0557 0x1764  WUDFRd - ok
12:03:02.0574 0x1764  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:03:02.0578 0x1764  wudfsvc - ok
12:03:02.0600 0x1764  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:03:02.0607 0x1764  WwanSvc - ok
12:03:02.0621 0x1764  ================ Scan global ===============================
12:03:02.0636 0x1764  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:03:02.0667 0x1764  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:03:02.0679 0x1764  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:03:02.0698 0x1764  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:03:02.0720 0x1764  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:03:02.0727 0x1764  [ Global ] - ok
12:03:02.0728 0x1764  ================ Scan MBR ==================================
12:03:02.0744 0x1764  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:03:02.0898 0x1764  \Device\Harddisk0\DR0 - ok
12:03:02.0899 0x1764  ================ Scan VBR ==================================
12:03:02.0900 0x1764  [ 2C135C2899287878BB82FFAAC1277C1D ] \Device\Harddisk0\DR0\Partition1
12:03:02.0945 0x1764  \Device\Harddisk0\DR0\Partition1 - ok
12:03:02.0947 0x1764  [ B1FDBA442A2B1678F645C02975392363 ] \Device\Harddisk0\DR0\Partition2
12:03:02.0985 0x1764  \Device\Harddisk0\DR0\Partition2 - ok
12:03:02.0986 0x1764  Waiting for KSN requests completion. In queue: 129
12:03:03.0986 0x1764  Waiting for KSN requests completion. In queue: 129
12:03:04.0986 0x1764  Waiting for KSN requests completion. In queue: 129
12:03:06.0014 0x1764  AV detected via SS2: Kaspersky PURE 3.0, C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\wmiav.exe ( 13.0.2.558 ), 0x41000 ( enabled : updated )
12:03:06.0028 0x1764  FW detected via SS2: Kaspersky PURE 3.0, C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\wmifw.exe ( 13.0.2.558 ), 0x41010 ( enabled )
12:03:09.0264 0x1764  ============================================================
12:03:09.0264 0x1764  Scan finished
12:03:09.0264 0x1764  ============================================================
12:03:09.0273 0x075c  Detected object count: 1
12:03:09.0273 0x075c  Actual detected object count: 1
12:03:43.0577 0x075c  6086719drv ( ForgedFile.Multi.Generic ) - skipped by user
12:03:43.0577 0x075c  6086719drv ( ForgedFile.Multi.Generic ) - User select action: Skip
         
Bei dem Check mit Mbar hat es keinen Treffer gegeben. Der PC hat auch nicht neu gestartet.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
KATHI :: KATHI-PC [administrator]

23.03.2014 12:08:43
mbar-log-2014-03-23 (12-08-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 255066
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
.... und herzlichen Dank für Deine Bemühungen!

LG Erik


Geändert von Dorogai (23.03.2014 um 11:51 Uhr)

Alt 24.03.2014, 10:27   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Win7: Computer wird remote gesteuert

Alt 24.03.2014, 21:03   #7
Dorogai
 
Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



Code:
ATTFilter
ComboFix 14-03-24.01 - KATHI 24.03.2014  20:04:22.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.8169.5924 [GMT 1:00]
ausgeführt von:: c:\users\KATHI\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-24 bis 2014-03-24  ))))))))))))))))))))))))))))))
.
.
2014-03-24 19:08 . 2014-03-24 19:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-24 04:02 . 2014-03-24 04:02	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC9CADD8-771F-4516-9E86-F2C81D1C18A7}\offreg.dll
2014-03-23 11:08 . 2014-03-23 11:08	--------	d-----w-	c:\programdata\Malwarebytes
2014-03-23 11:08 . 2014-03-23 11:21	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-23 11:08 . 2014-03-23 11:08	119000	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-23 11:07 . 2014-03-23 11:07	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-03-21 21:02 . 2014-03-21 21:03	--------	d-----w-	C:\FRST
2014-03-21 19:22 . 2014-03-07 04:43	10521840	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC9CADD8-771F-4516-9E86-F2C81D1C18A7}\mpengine.dll
2014-03-13 19:37 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-13 19:37 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-13 19:37 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-03-13 19:37 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-03-02 10:09 . 2014-03-02 10:09	--------	d-----w-	c:\users\KATHI\AppData\Local\Skype
2014-03-02 10:09 . 2014-03-02 10:09	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-03-01 15:17 . 2014-03-01 15:17	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 15:17 . 2014-03-01 15:17	--------	d-----w-	c:\program files\iTunes
2014-03-01 15:17 . 2014-03-01 15:17	--------	d-----w-	c:\program files (x86)\iTunes
2014-03-01 15:17 . 2014-03-01 15:17	--------	d-----w-	c:\program files\iPod
2014-03-01 15:12 . 2014-03-01 15:12	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-01 15:12 . 2014-03-01 15:12	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-01 15:12 . 2014-03-01 15:12	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-01 15:12 . 2014-03-01 15:12	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-01 15:12 . 2014-03-01 15:12	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-01 15:12 . 2014-03-01 15:12	--------	d-----w-	c:\program files (x86)\QuickTime
2014-03-01 15:02 . 2014-03-01 15:02	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-20 20:51 . 2011-09-26 19:28	90015360	----a-w-	c:\windows\system32\MRT.exe
2014-03-12 17:47 . 2012-06-04 13:02	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 17:47 . 2011-10-07 15:30	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-17 15:24 . 2014-01-17 15:24	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2014-01-17 15:24 . 2014-01-17 15:24	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2014-01-14 01:53 . 2014-01-14 01:53	88576	----a-w-	c:\windows\SysWow64\rzdevinfo.dll
2014-01-14 01:53 . 2014-01-14 01:53	296448	----a-w-	c:\windows\SysWow64\rzaudiodll.dll
2013-12-24 23:09 . 2014-02-14 13:50	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-14 13:50	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-02-08 13:55	1520776	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 17:20	459784	----a-w-	c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-27 3077528]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-02-25 1821888]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"Razer Comms"="c:\program files (x86)\Razer\Core\RazerCore.exe" [2013-12-11 1094848]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20924576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-03-07 444760]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-11 356128]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-26 3814736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 6086719drv;6086719drv;c:\windows\system32\DRIVERS\6086719drv.sys;c:\windows\SYSNATIVE\DRIVERS\6086719drv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IAMTVE;Treiber für Intel(R) Active-Management-Technologie - KCS;c:\windows\system32\drivers\IAMTVE.sys;c:\windows\SYSNATIVE\drivers\IAMTVE.sys [x]
R3 IAMTXPE;Treiber für Intel(R) Active-Management-Technologie - KCS;c:\windows\system32\drivers\IAMTXPE.sys;c:\windows\SYSNATIVE\drivers\IAMTXPE.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 17:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 17:22	492040	----a-w-	c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\KATHI\AppData\Roaming\Mozilla\Firefox\Profiles\w2ii0pkk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=de_US&apn_uid=C4919090-DBBE-451D-BAF2-6C28642459DF&apn_ptnrs=U3&apn_sauid=A00794BA-F0A3-4993-BC90-E5CED8CE6CF3&apn_dtid=YYYYYYYYAT&&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-03-24  20:11:20
ComboFix-quarantined-files.txt  2014-03-24 19:11
.
Vor Suchlauf: 8 Verzeichnis(se), 799.419.592.704 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 803.519.524.864 Bytes frei
.
- - End Of File - - FCE8C872FC1CCB991E43CE63EFAFE9E8
         

Alt 25.03.2014, 12:39   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.03.2014, 22:19   #9
Dorogai
 
Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 25.03.2014
Scan Time: 21:30:53
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.25.07
Rootkit Database: v2014.03.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: KATHI

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 263729
Time Elapsed: 6 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Somoto.A, C:\Users\KATHI\Downloads\FLVPlayerSetup-cU5LwNPg.exe, Quarantined, [96e57e89700be551e2347cc9a16022de], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
# AdwCleaner v3.022 - Bericht erstellt am 25/03/2014 um 21:59:24
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : KATHI - KATHI-PC
# Gestartet von : C:\Users\KATHI\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\KATHI\AppData\Local\apn
Ordner Gelöscht : C:\Users\KATHI\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\KATHI\AppData\Roaming\Mozilla\Firefox\Profiles\w2ii0pkk.default\Extensions\firefoxdav@icloud.com
Ordner Gelöscht : C:\Users\KATHI\AppData\Roaming\Mozilla\Firefox\Profiles\w2ii0pkk.default\Extensions\toolbar@ask.com
Datei Gelöscht : C:\Users\KATHI\AppData\Roaming\Mozilla\Firefox\Profiles\w2ii0pkk.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\KATHI\AppData\Roaming\Mozilla\Firefox\Profiles\w2ii0pkk.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Zeile gelöscht : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Zeile gelöscht : user_pref("extensions.asktb.cbid", "U3");
Zeile gelöscht : user_pref("extensions.asktb.config-updated", false);
Zeile gelöscht : user_pref("extensions.asktb.crumb", "2012.07.22+06.21.37-toolbar003iad-AT-Vmllbm5hLEF1c3RyaWE%3D");
Zeile gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}&gct=bar");
Zeile gelöscht : user_pref("extensions.asktb.displaybehavior", "");
Zeile gelöscht : user_pref("extensions.asktb.displaytext", "");
Zeile gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYAT");
Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "AUXX0025");
Zeile gelöscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=C4919090-DBBE-451D-BAF2-6C28642459DF&apn_ptnrs=&apn_sauid=A00794BA-F[...]
Zeile gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Zeile gelöscht : user_pref("extensions.asktb.l", "dis");
Zeile gelöscht : user_pref("extensions.asktb.last-config-req", "1342963299080");
Zeile gelöscht : user_pref("extensions.asktb.last-v", "3.15.2.100013");
Zeile gelöscht : user_pref("extensions.asktb.locale", "de_US");
Zeile gelöscht : user_pref("extensions.asktb.location", "Vienna,Austria");
Zeile gelöscht : user_pref("extensions.asktb.lstation", "");
Zeile gelöscht : user_pref("extensions.asktb.news-native-on", true);
Zeile gelöscht : user_pref("extensions.asktb.o", "100000027");
Zeile gelöscht : user_pref("extensions.asktb.oldVersion", "5.15.2.23037");
Zeile gelöscht : user_pref("extensions.asktb.pstate", "");
Zeile gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Zeile gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Zeile gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Zeile gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Zeile gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Zeile gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Zeile gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Zeile gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Zeile gelöscht : user_pref("extensions.asktb.socialmini-speed", "10000");
Zeile gelöscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Zeile gelöscht : user_pref("extensions.asktb.to", "");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=de_US&apn_uid=C4919090-DBBE-451D-BAF2-6C28642459DF&apn_ptnrs=U3&apn_sauid=A00794BA-F0A3-4993-BC90[...]

*************************

AdwCleaner[R0].txt - [8706 octets] - [25/03/2014 21:58:22]
AdwCleaner[S0].txt - [8513 octets] - [25/03/2014 21:59:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8573 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by KATHI on 25.03.2014 at 22:07:27,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D791FBDB-8E33-4C0C-A01C-1AC3AFC2085F}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\KATHI\AppData\Roaming\mozilla\firefox\profiles\w2ii0pkk.default\minidumps [392 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.03.2014 at 22:13:13,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by KATHI (administrator) on KATHI-PC on 25-03-2014 22:16:57
Running from C:\Users\KATHI\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\RazerCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Thisisu) C:\Users\KATHI\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-27] ()
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1053056 2011-11-01] (Nokia)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [Razer Comms] - C:\Program Files (x86)\Razer\Core\RazerCore.exe [1094848 2013-12-11] (Razer, Inc.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBED244D4817CCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\KATHI\AppData\Roaming\Mozilla\Firefox\Profiles\w2ii0pkk.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [fe_7.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011-12-26]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-26]

==================== Services (Whitelisted) =================

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-11] (Razer, Inc.)

==================== Drivers (Whitelisted) ====================

S1 6086719drv; C:\Windows\System32\DRIVERS\6086719drv.sys [556632 2013-12-25] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\drivers\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-12-11] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-12-11] (Razer, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-25 22:13 - 2014-03-25 22:13 - 00001196 _____ () C:\Users\KATHI\Desktop\JRT.txt
2014-03-25 22:07 - 2014-03-25 22:07 - 00000000 ____D () C:\Windows\ERUNT
2014-03-25 21:58 - 2014-03-25 21:59 - 00000000 ____D () C:\AdwCleaner
2014-03-25 21:35 - 2014-03-25 21:35 - 00001151 _____ () C:\Malwarebytes.txt
2014-03-25 21:23 - 2014-03-25 21:23 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-25 21:23 - 2014-03-25 21:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-25 21:23 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-25 21:23 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-25 21:22 - 2014-03-25 21:22 - 01038974 _____ (Thisisu) C:\Users\KATHI\Desktop\JRT.exe
2014-03-25 21:21 - 2014-03-25 21:21 - 01950720 _____ () C:\Users\KATHI\Desktop\adwcleaner.exe
2014-03-25 21:19 - 2014-03-25 21:20 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\KATHI\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-24 20:11 - 2014-03-24 20:11 - 00020899 _____ () C:\ComboFix.txt
2014-03-24 20:02 - 2014-03-24 20:11 - 00000000 ____D () C:\Qoobox
2014-03-24 20:02 - 2014-03-24 20:10 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 20:02 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-24 20:02 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-24 20:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-24 20:02 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-24 20:02 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-24 20:02 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-24 20:02 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-24 20:02 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-24 19:59 - 2014-03-24 20:00 - 05192353 ____R (Swearware) C:\Users\KATHI\Desktop\ComboFix.exe
2014-03-23 12:08 - 2014-03-25 22:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-23 12:08 - 2014-03-25 21:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 12:08 - 2014-03-23 12:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-23 12:07 - 2014-03-23 12:21 - 00000000 ____D () C:\Users\KATHI\Desktop\mbar
2014-03-23 12:07 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-23 12:00 - 2014-03-23 12:01 - 04110135 _____ () C:\Users\KATHI\Downloads\tdsskiller.zip
2014-03-23 11:57 - 2013-12-25 21:34 - 00556632 _____ () C:\Users\KATHI\Desktop\6086719drv.sys
2014-03-23 11:43 - 2014-03-23 11:43 - 12589848 _____ (Malwarebytes Corp.) C:\Users\KATHI\Desktop\mbar-1.07.0.1009.exe
2014-03-23 11:42 - 2014-03-23 11:42 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\KATHI\Desktop\tdsskiller.exe
2014-03-22 15:15 - 2014-03-22 15:15 - 00493256 _____ () C:\Windows\Minidump\032214-48407-01.dmp
2014-03-21 22:23 - 2014-03-21 22:23 - 00023479 _____ () C:\Users\KATHI\Desktop\Gmer.txt
2014-03-21 22:05 - 2014-03-21 22:05 - 00380416 _____ () C:\Users\KATHI\Desktop\Gmer-19357.exe
2014-03-21 22:02 - 2014-03-25 22:16 - 00022033 _____ () C:\Users\KATHI\Desktop\FRST.txt
2014-03-21 22:02 - 2014-03-25 22:16 - 00000000 ____D () C:\FRST
2014-03-21 22:02 - 2014-03-21 22:03 - 00035626 _____ () C:\Users\KATHI\Desktop\Addition.txt
2014-03-21 22:00 - 2014-03-21 22:00 - 02157056 _____ (Farbar) C:\Users\KATHI\Desktop\FRST64.exe
2014-03-21 21:57 - 2014-03-21 21:58 - 00000472 _____ () C:\Users\KATHI\Desktop\defogger_disable.log
2014-03-21 21:57 - 2014-03-21 21:57 - 00000000 _____ () C:\Users\KATHI\defogger_reenable
2014-03-21 21:47 - 2014-03-21 21:47 - 00050477 _____ () C:\Users\KATHI\Desktop\Defogger.exe
2014-03-13 20:38 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 20:38 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 20:38 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 20:38 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 20:38 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 20:38 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 20:38 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 20:38 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 20:38 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 20:38 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 20:38 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 20:38 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 20:38 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 20:38 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 20:38 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 20:38 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 20:38 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 20:38 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 20:38 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 20:38 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 20:38 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 20:38 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 20:38 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 20:38 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 20:38 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 20:38 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 20:38 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 20:38 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 20:38 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 20:38 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 20:38 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 20:38 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 20:38 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 20:38 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 20:38 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 20:38 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 20:38 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 20:38 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 20:38 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 20:38 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 20:38 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 20:38 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 20:38 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 20:38 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 20:37 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 20:37 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 20:37 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 20:37 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-09 19:14 - 2014-03-09 19:14 - 02060742 _____ () C:\Users\KATHI\Downloads\Dandelion_3(1).zip
2014-03-09 18:49 - 2014-03-09 18:49 - 02060742 _____ () C:\Users\KATHI\Downloads\Dandelion_3.zip
2014-03-02 11:09 - 2014-03-02 11:09 - 00000000 ____D () C:\Users\KATHI\AppData\Local\Skype
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-01 16:12 - 2014-03-01 16:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-01 16:02 - 2014-03-01 16:02 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======

2014-03-25 22:17 - 2014-03-21 22:02 - 00022033 _____ () C:\Users\KATHI\Desktop\FRST.txt
2014-03-25 22:16 - 2014-03-21 22:02 - 00000000 ____D () C:\FRST
2014-03-25 22:16 - 2011-09-27 13:53 - 00000000 ____D () C:\Users\KATHI\AppData\Local\PMB Files
2014-03-25 22:13 - 2014-03-25 22:13 - 00001196 _____ () C:\Users\KATHI\Desktop\JRT.txt
2014-03-25 22:09 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-25 22:09 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-25 22:07 - 2014-03-25 22:07 - 00000000 ____D () C:\Windows\ERUNT
2014-03-25 22:05 - 2012-12-30 13:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-25 22:04 - 2014-03-23 12:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 22:04 - 2011-12-26 14:08 - 00000000 ____D () C:\Users\KATHI\AppData\Local\Htc
2014-03-25 22:04 - 2011-10-26 18:42 - 00000000 ____D () C:\Users\KATHI\AppData\Roaming\Skype
2014-03-25 22:03 - 2013-07-31 11:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-25 22:03 - 2012-07-22 14:41 - 00000000 ____D () C:\Users\KATHI\AppData\Local\LogMeIn Hamachi
2014-03-25 22:02 - 2011-10-26 18:26 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-03-25 22:02 - 2011-09-15 07:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-25 22:02 - 2010-11-21 04:47 - 00210564 _____ () C:\Windows\PFRO.log
2014-03-25 22:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-25 22:02 - 2009-07-14 05:51 - 00143133 _____ () C:\Windows\setupact.log
2014-03-25 22:01 - 2011-09-26 20:19 - 01421322 _____ () C:\Windows\WindowsUpdate.log
2014-03-25 21:59 - 2014-03-25 21:58 - 00000000 ____D () C:\AdwCleaner
2014-03-25 21:47 - 2012-06-04 14:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-25 21:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2014-03-25 21:35 - 2014-03-25 21:35 - 00001151 _____ () C:\Malwarebytes.txt
2014-03-25 21:23 - 2014-03-25 21:23 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-25 21:23 - 2014-03-25 21:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-25 21:23 - 2014-03-23 12:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 21:22 - 2014-03-25 21:22 - 01038974 _____ (Thisisu) C:\Users\KATHI\Desktop\JRT.exe
2014-03-25 21:21 - 2014-03-25 21:21 - 01950720 _____ () C:\Users\KATHI\Desktop\adwcleaner.exe
2014-03-25 21:20 - 2014-03-25 21:19 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\KATHI\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-24 21:07 - 2012-04-08 12:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-24 20:11 - 2014-03-24 20:11 - 00020899 _____ () C:\ComboFix.txt
2014-03-24 20:11 - 2014-03-24 20:02 - 00000000 ____D () C:\Qoobox
2014-03-24 20:11 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-24 20:10 - 2014-03-24 20:02 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 20:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-24 20:00 - 2014-03-24 19:59 - 05192353 ____R (Swearware) C:\Users\KATHI\Desktop\ComboFix.exe
2014-03-23 12:21 - 2014-03-23 12:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-23 12:21 - 2014-03-23 12:07 - 00000000 ____D () C:\Users\KATHI\Desktop\mbar
2014-03-23 12:01 - 2014-03-23 12:00 - 04110135 _____ () C:\Users\KATHI\Downloads\tdsskiller.zip
2014-03-23 11:43 - 2014-03-23 11:43 - 12589848 _____ (Malwarebytes Corp.) C:\Users\KATHI\Desktop\mbar-1.07.0.1009.exe
2014-03-23 11:42 - 2014-03-23 11:42 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\KATHI\Desktop\tdsskiller.exe
2014-03-23 11:31 - 2011-10-26 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-22 15:15 - 2014-03-22 15:15 - 00493256 _____ () C:\Windows\Minidump\032214-48407-01.dmp
2014-03-22 15:15 - 2013-07-11 10:43 - 909012861 _____ () C:\Windows\MEMORY.DMP
2014-03-22 15:15 - 2013-07-11 10:43 - 00000000 ____D () C:\Windows\Minidump
2014-03-21 22:23 - 2014-03-21 22:23 - 00023479 _____ () C:\Users\KATHI\Desktop\Gmer.txt
2014-03-21 22:05 - 2014-03-21 22:05 - 00380416 _____ () C:\Users\KATHI\Desktop\Gmer-19357.exe
2014-03-21 22:03 - 2014-03-21 22:02 - 00035626 _____ () C:\Users\KATHI\Desktop\Addition.txt
2014-03-21 22:00 - 2014-03-21 22:00 - 02157056 _____ (Farbar) C:\Users\KATHI\Desktop\FRST64.exe
2014-03-21 21:58 - 2014-03-21 21:57 - 00000472 _____ () C:\Users\KATHI\Desktop\defogger_disable.log
2014-03-21 21:57 - 2014-03-21 21:57 - 00000000 _____ () C:\Users\KATHI\defogger_reenable
2014-03-21 21:57 - 2011-09-26 20:21 - 00000000 ____D () C:\Users\KATHI
2014-03-21 21:47 - 2014-03-21 21:47 - 00050477 _____ () C:\Users\KATHI\Desktop\Defogger.exe
2014-03-21 21:38 - 2011-12-03 22:57 - 00000000 ____D () C:\Users\KATHI\AppData\Roaming\.minecraft
2014-03-21 20:17 - 2013-08-31 18:50 - 00000000 ____D () C:\Users\KATHI\AppData\Roaming\TS3Client
2014-03-20 21:55 - 2013-08-25 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 21:51 - 2011-09-26 20:28 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 01:20 - 2011-12-26 12:53 - 00163540 _____ () C:\Windows\DPINST.LOG
2014-03-15 01:19 - 2013-12-24 18:09 - 00001952 _____ () C:\Users\KATHI\Desktop\Razer Synapse 2.0.lnk
2014-03-14 23:01 - 2014-01-17 18:40 - 00000000 ____D () C:\Users\KATHI\AppData\Local\CrashDumps
2014-03-14 18:05 - 2009-07-14 05:45 - 00341400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 18:04 - 2013-03-13 21:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 18:04 - 2013-03-13 21:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 18:47 - 2012-06-04 14:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 18:47 - 2012-06-04 14:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 18:47 - 2011-10-07 16:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 19:14 - 2014-03-09 19:14 - 02060742 _____ () C:\Users\KATHI\Downloads\Dandelion_3(1).zip
2014-03-09 18:49 - 2014-03-09 18:49 - 02060742 _____ () C:\Users\KATHI\Downloads\Dandelion_3.zip
2014-03-05 09:26 - 2014-03-25 21:23 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-25 21:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-05 09:26 - 2014-03-23 12:07 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 18:23 - 2011-09-27 18:00 - 00000000 ____D () C:\Users\KATHI\AppData\Local\Turbine
2014-03-03 20:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-02 11:09 - 2014-03-02 11:09 - 00000000 ____D () C:\Users\KATHI\AppData\Local\Skype
2014-03-02 11:09 - 2011-10-26 18:41 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-02 11:09 - 2011-10-26 18:41 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-01 16:17 - 2012-12-25 14:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-01 16:12 - 2014-03-01 16:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-01 16:12 - 2012-12-25 14:42 - 00001852 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-01 16:02 - 2014-03-01 16:02 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-01 07:05 - 2014-03-13 20:38 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 20:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 20:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 20:38 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 20:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 20:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 20:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 20:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 20:38 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 20:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 20:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 20:38 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 20:38 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 20:38 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 20:38 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 20:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 20:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 20:38 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 20:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 20:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 20:38 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 20:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 20:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 20:38 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 20:38 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 20:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 20:38 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 20:38 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 20:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 20:38 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 20:38 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 20:38 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 20:38 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 20:38 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 20:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 20:38 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 20:38 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 20:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 20:38 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\KATHI\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\KATHI\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 23:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Schöne Grüße,

Erik

Alt 26.03.2014, 12:16   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.03.2014, 08:14   #11
Dorogai
 
Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a7d3b521aa76014eafac9d78e8389760
# engine=17633
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-26 07:14:55
# local_time=2014-03-26 08:14:55 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 70225 147491145 0 0
# scanned=3883
# found=0
# cleaned=0
# scan_time=355
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a7d3b521aa76014eafac9d78e8389760
# engine=17633
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-26 08:38:02
# local_time=2014-03-26 09:38:02 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 75212 147496132 0 0
# scanned=182963
# found=0
# cleaned=0
# scan_time=4944
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky PURE 3.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 22  
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 10.1.0 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky PURE 3.0 avp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by KATHI (administrator) on KATHI-PC on 27-03-2014 08:12:02
Running from C:\Users\KATHI\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\RazerCore.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-09-27] ()
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1053056 2011-11-01] (Nokia)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [Razer Comms] - C:\Program Files (x86)\Razer\Core\RazerCore.exe [1094848 2013-12-11] (Razer, Inc.)
HKU\S-1-5-21-1236742091-3929155369-3592009709-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBED244D4817CCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\KATHI\AppData\Roaming\Mozilla\Firefox\Profiles\w2ii0pkk.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [fe_7.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011-12-26]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2013-12-26]
FF HKLM-x32\...\Thunderbird\Extensions: [te_7.0@nokia.com] - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011-12-26]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-11] (Razer, Inc.)

==================== Drivers (Whitelisted) ====================

S1 6086719drv; C:\Windows\System32\DRIVERS\6086719drv.sys [556632 2013-12-25] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\drivers\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-12-11] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-12-11] (Razer, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-27 07:25 - 2014-03-27 07:25 - 00987442 _____ () C:\Users\KATHI\Desktop\SecurityCheck.exe
2014-03-26 19:08 - 2014-03-26 19:08 - 02347384 _____ (ESET) C:\Users\KATHI\Desktop\esetsmartinstaller_enu.exe
2014-03-25 22:59 - 2014-03-25 22:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\07E97850.sys
2014-03-25 22:13 - 2014-03-25 22:13 - 00001196 _____ () C:\Users\KATHI\Desktop\JRT.txt
2014-03-25 22:07 - 2014-03-25 22:07 - 00000000 ____D () C:\Windows\ERUNT
2014-03-25 21:58 - 2014-03-25 21:59 - 00000000 ____D () C:\AdwCleaner
2014-03-25 21:35 - 2014-03-25 21:35 - 00001151 _____ () C:\Malwarebytes.txt
2014-03-25 21:23 - 2014-03-25 21:23 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-25 21:23 - 2014-03-25 21:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-25 21:23 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-25 21:23 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-25 21:22 - 2014-03-25 21:22 - 01038974 _____ (Thisisu) C:\Users\KATHI\Desktop\JRT.exe
2014-03-25 21:21 - 2014-03-25 21:21 - 01950720 _____ () C:\Users\KATHI\Desktop\adwcleaner.exe
2014-03-25 21:19 - 2014-03-25 21:20 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\KATHI\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-24 20:11 - 2014-03-24 20:11 - 00020899 _____ () C:\ComboFix.txt
2014-03-24 20:02 - 2014-03-24 20:11 - 00000000 ____D () C:\Qoobox
2014-03-24 20:02 - 2014-03-24 20:10 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 20:02 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-24 20:02 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-24 20:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-24 20:02 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-24 20:02 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-24 20:02 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-24 20:02 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-24 20:02 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-24 19:59 - 2014-03-24 20:00 - 05192353 ____R (Swearware) C:\Users\KATHI\Desktop\ComboFix.exe
2014-03-23 12:08 - 2014-03-27 07:31 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-23 12:08 - 2014-03-25 21:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-23 12:08 - 2014-03-23 12:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-23 12:07 - 2014-03-23 12:21 - 00000000 ____D () C:\Users\KATHI\Desktop\mbar
2014-03-23 12:07 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-23 12:00 - 2014-03-23 12:01 - 04110135 _____ () C:\Users\KATHI\Downloads\tdsskiller.zip
2014-03-23 11:57 - 2013-12-25 21:34 - 00556632 _____ () C:\Users\KATHI\Desktop\6086719drv.sys
2014-03-23 11:43 - 2014-03-23 11:43 - 12589848 _____ (Malwarebytes Corp.) C:\Users\KATHI\Desktop\mbar-1.07.0.1009.exe
2014-03-23 11:42 - 2014-03-23 11:42 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\KATHI\Desktop\tdsskiller.exe
2014-03-22 15:15 - 2014-03-22 15:15 - 00493256 _____ () C:\Windows\Minidump\032214-48407-01.dmp
2014-03-21 22:23 - 2014-03-21 22:23 - 00023479 _____ () C:\Users\KATHI\Desktop\Gmer.txt
2014-03-21 22:05 - 2014-03-21 22:05 - 00380416 _____ () C:\Users\KATHI\Desktop\Gmer-19357.exe
2014-03-21 22:02 - 2014-03-27 08:12 - 00021807 _____ () C:\Users\KATHI\Desktop\FRST.txt
2014-03-21 22:02 - 2014-03-27 08:12 - 00000000 ____D () C:\FRST
2014-03-21 22:02 - 2014-03-21 22:03 - 00035626 _____ () C:\Users\KATHI\Desktop\Addition.txt
2014-03-21 22:00 - 2014-03-21 22:00 - 02157056 _____ (Farbar) C:\Users\KATHI\Desktop\FRST64.exe
2014-03-21 21:57 - 2014-03-21 21:58 - 00000472 _____ () C:\Users\KATHI\Desktop\defogger_disable.log
2014-03-21 21:57 - 2014-03-21 21:57 - 00000000 _____ () C:\Users\KATHI\defogger_reenable
2014-03-21 21:47 - 2014-03-21 21:47 - 00050477 _____ () C:\Users\KATHI\Desktop\Defogger.exe
2014-03-13 20:38 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 20:38 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 20:38 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 20:38 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 20:38 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 20:38 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 20:38 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 20:38 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 20:38 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 20:38 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 20:38 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 20:38 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 20:38 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 20:38 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 20:38 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 20:38 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 20:38 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 20:38 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 20:38 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 20:38 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 20:38 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 20:38 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 20:38 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 20:38 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 20:38 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 20:38 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 20:38 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 20:38 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 20:38 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 20:38 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 20:38 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 20:38 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 20:38 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 20:38 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 20:38 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 20:38 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 20:38 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 20:38 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 20:38 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 20:38 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 20:38 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 20:38 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 20:38 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 20:38 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 20:37 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 20:37 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 20:37 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 20:37 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-09 19:14 - 2014-03-09 19:14 - 02060742 _____ () C:\Users\KATHI\Downloads\Dandelion_3(1).zip
2014-03-09 18:49 - 2014-03-09 18:49 - 02060742 _____ () C:\Users\KATHI\Downloads\Dandelion_3.zip
2014-03-02 11:09 - 2014-03-02 11:09 - 00000000 ____D () C:\Users\KATHI\AppData\Local\Skype
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-01 16:12 - 2014-03-01 16:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-01 16:02 - 2014-03-01 16:02 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======

2014-03-27 08:12 - 2014-03-21 22:02 - 00021807 _____ () C:\Users\KATHI\Desktop\FRST.txt
2014-03-27 08:12 - 2014-03-21 22:02 - 00000000 ____D () C:\FRST
2014-03-27 08:09 - 2012-12-30 13:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-27 08:06 - 2011-10-26 18:42 - 00000000 ____D () C:\Users\KATHI\AppData\Roaming\Skype
2014-03-27 08:01 - 2011-09-27 13:53 - 00000000 ____D () C:\Users\KATHI\AppData\Local\PMB Files
2014-03-27 07:47 - 2012-06-04 14:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 07:35 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 07:35 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 07:31 - 2014-03-23 12:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 07:31 - 2013-07-31 11:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-27 07:31 - 2012-07-22 14:41 - 00000000 ____D () C:\Users\KATHI\AppData\Local\LogMeIn Hamachi
2014-03-27 07:31 - 2011-12-26 14:08 - 00000000 ____D () C:\Users\KATHI\AppData\Local\Htc
2014-03-27 07:31 - 2011-09-26 20:19 - 01464780 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 07:27 - 2011-10-26 18:26 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-03-27 07:27 - 2011-09-15 07:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-27 07:27 - 2010-11-21 04:47 - 00211390 _____ () C:\Windows\PFRO.log
2014-03-27 07:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 07:27 - 2009-07-14 05:51 - 00143357 _____ () C:\Windows\setupact.log
2014-03-27 07:25 - 2014-03-27 07:25 - 00987442 _____ () C:\Users\KATHI\Desktop\SecurityCheck.exe
2014-03-26 19:08 - 2014-03-26 19:08 - 02347384 _____ (ESET) C:\Users\KATHI\Desktop\esetsmartinstaller_enu.exe
2014-03-25 22:59 - 2014-03-25 22:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\07E97850.sys
2014-03-25 22:13 - 2014-03-25 22:13 - 00001196 _____ () C:\Users\KATHI\Desktop\JRT.txt
2014-03-25 22:07 - 2014-03-25 22:07 - 00000000 ____D () C:\Windows\ERUNT
2014-03-25 21:59 - 2014-03-25 21:58 - 00000000 ____D () C:\AdwCleaner
2014-03-25 21:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system
2014-03-25 21:35 - 2014-03-25 21:35 - 00001151 _____ () C:\Malwarebytes.txt
2014-03-25 21:23 - 2014-03-25 21:23 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-25 21:23 - 2014-03-25 21:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-25 21:23 - 2014-03-23 12:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 21:22 - 2014-03-25 21:22 - 01038974 _____ (Thisisu) C:\Users\KATHI\Desktop\JRT.exe
2014-03-25 21:21 - 2014-03-25 21:21 - 01950720 _____ () C:\Users\KATHI\Desktop\adwcleaner.exe
2014-03-25 21:20 - 2014-03-25 21:19 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\KATHI\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-24 21:07 - 2012-04-08 12:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-24 20:11 - 2014-03-24 20:11 - 00020899 _____ () C:\ComboFix.txt
2014-03-24 20:11 - 2014-03-24 20:02 - 00000000 ____D () C:\Qoobox
2014-03-24 20:11 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-24 20:10 - 2014-03-24 20:02 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 20:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-24 20:00 - 2014-03-24 19:59 - 05192353 ____R (Swearware) C:\Users\KATHI\Desktop\ComboFix.exe
2014-03-23 12:21 - 2014-03-23 12:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-23 12:21 - 2014-03-23 12:07 - 00000000 ____D () C:\Users\KATHI\Desktop\mbar
2014-03-23 12:01 - 2014-03-23 12:00 - 04110135 _____ () C:\Users\KATHI\Downloads\tdsskiller.zip
2014-03-23 11:43 - 2014-03-23 11:43 - 12589848 _____ (Malwarebytes Corp.) C:\Users\KATHI\Desktop\mbar-1.07.0.1009.exe
2014-03-23 11:42 - 2014-03-23 11:42 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\KATHI\Desktop\tdsskiller.exe
2014-03-23 11:31 - 2011-10-26 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-22 15:15 - 2014-03-22 15:15 - 00493256 _____ () C:\Windows\Minidump\032214-48407-01.dmp
2014-03-22 15:15 - 2013-07-11 10:43 - 909012861 _____ () C:\Windows\MEMORY.DMP
2014-03-22 15:15 - 2013-07-11 10:43 - 00000000 ____D () C:\Windows\Minidump
2014-03-21 22:23 - 2014-03-21 22:23 - 00023479 _____ () C:\Users\KATHI\Desktop\Gmer.txt
2014-03-21 22:05 - 2014-03-21 22:05 - 00380416 _____ () C:\Users\KATHI\Desktop\Gmer-19357.exe
2014-03-21 22:03 - 2014-03-21 22:02 - 00035626 _____ () C:\Users\KATHI\Desktop\Addition.txt
2014-03-21 22:00 - 2014-03-21 22:00 - 02157056 _____ (Farbar) C:\Users\KATHI\Desktop\FRST64.exe
2014-03-21 21:58 - 2014-03-21 21:57 - 00000472 _____ () C:\Users\KATHI\Desktop\defogger_disable.log
2014-03-21 21:57 - 2014-03-21 21:57 - 00000000 _____ () C:\Users\KATHI\defogger_reenable
2014-03-21 21:57 - 2011-09-26 20:21 - 00000000 ____D () C:\Users\KATHI
2014-03-21 21:47 - 2014-03-21 21:47 - 00050477 _____ () C:\Users\KATHI\Desktop\Defogger.exe
2014-03-21 21:38 - 2011-12-03 22:57 - 00000000 ____D () C:\Users\KATHI\AppData\Roaming\.minecraft
2014-03-21 20:17 - 2013-08-31 18:50 - 00000000 ____D () C:\Users\KATHI\AppData\Roaming\TS3Client
2014-03-20 21:55 - 2013-08-25 22:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 21:51 - 2011-09-26 20:28 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 01:20 - 2011-12-26 12:53 - 00163540 _____ () C:\Windows\DPINST.LOG
2014-03-15 01:19 - 2013-12-24 18:09 - 00001952 _____ () C:\Users\KATHI\Desktop\Razer Synapse 2.0.lnk
2014-03-14 23:01 - 2014-01-17 18:40 - 00000000 ____D () C:\Users\KATHI\AppData\Local\CrashDumps
2014-03-14 18:05 - 2009-07-14 05:45 - 00341400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 18:04 - 2013-03-13 21:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 18:04 - 2013-03-13 21:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 18:47 - 2012-06-04 14:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 18:47 - 2012-06-04 14:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 18:47 - 2011-10-07 16:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 19:14 - 2014-03-09 19:14 - 02060742 _____ () C:\Users\KATHI\Downloads\Dandelion_3(1).zip
2014-03-09 18:49 - 2014-03-09 18:49 - 02060742 _____ () C:\Users\KATHI\Downloads\Dandelion_3.zip
2014-03-05 09:26 - 2014-03-25 21:23 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-25 21:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-05 09:26 - 2014-03-23 12:07 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 18:23 - 2011-09-27 18:00 - 00000000 ____D () C:\Users\KATHI\AppData\Local\Turbine
2014-03-03 20:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-02 11:09 - 2014-03-02 11:09 - 00000000 ____D () C:\Users\KATHI\AppData\Local\Skype
2014-03-02 11:09 - 2011-10-26 18:41 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-02 11:09 - 2011-10-26 18:41 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 16:17 - 2014-03-01 16:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-01 16:17 - 2012-12-25 14:06 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-01 16:12 - 2014-03-01 16:12 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-01 16:12 - 2012-12-25 14:42 - 00001852 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-03-01 16:02 - 2014-03-01 16:02 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-01 07:05 - 2014-03-13 20:38 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 20:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 20:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 20:38 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 20:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 20:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 20:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 20:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 20:38 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 20:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 20:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 20:38 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 20:38 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 20:38 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 20:38 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 20:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 20:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 20:38 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 20:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 20:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 20:38 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 20:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 20:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 20:38 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 20:38 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 20:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 20:38 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 20:38 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 20:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 20:38 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 20:38 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 20:38 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 20:38 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 20:38 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 20:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 20:38 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 20:38 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 20:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 20:38 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\KATHI\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\KATHI\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 23:35

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Hi! Bisher gab es keine neuen Zugriffe! War es das?

Muß ich noch etwas deinstallieren?

LG Erik

Alt 28.03.2014, 08:15   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



Adobe updaten.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.03.2014, 23:42   #13
Dorogai
 
Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



Hi! Jetzt dürfte alles erledigt sein und ich denke du kannst den Threat schließen!

Nochmals herzlichen Dank für Deine Hilfe! Gruß von Wien nach München!

LG Erik

Alt 30.03.2014, 13:51   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Computer wird remote gesteuert - Standard

Win7: Computer wird remote gesteuert



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7: Computer wird remote gesteuert
aktiv, beschimpfungen, chats, computer, ferngesteuerter, fund, gen, gerettet, kaspersky, komplette, liebe, lieben, liefert, maus, namen, remote, remote control, scan, skype, spiele, tastatur, troja, voller, win, win7, woche, wochen



Ähnliche Themen: Win7: Computer wird remote gesteuert


  1. Virus? PC wird von anderer Person gesteuert
    Log-Analyse und Auswertung - 14.09.2015 (36)
  2. Remote-Schadsoftware kontrolliert gesamtes Heimnetzwerk: Manipulation des Windows-Remote-Systems
    Log-Analyse und Auswertung - 10.09.2015 (5)
  3. Remote Zugriff auf meinen Computer?
    Plagegeister aller Art und deren Bekämpfung - 26.05.2015 (15)
  4. Win7 wird immer langsamer und Norton wird ab und an doppelt autogestartet
    Log-Analyse und Auswertung - 17.10.2014 (9)
  5. Win 7 Mediaplayer wird von extern gesteuert/ Befehle werden nicht angenommen
    Log-Analyse und Auswertung - 25.04.2014 (3)
  6. Windows wird einfach beendet, Computer wird immer langsamer.....
    Log-Analyse und Auswertung - 21.04.2014 (5)
  7. Win7 : Computer Freeze / Bluescreen
    Log-Analyse und Auswertung - 10.08.2013 (3)
  8. Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu
    Log-Analyse und Auswertung - 07.08.2013 (25)
  9. Mein PC wurde am 07.11.2012 fremd gesteuert
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (26)
  10. Lüfter im Notebook defekt oder falsch gesteuert!?
    Netzwerk und Hardware - 24.07.2012 (14)
  11. Laufwerk wird nicht erkannt ( WIN7)
    Netzwerk und Hardware - 24.06.2012 (11)
  12. Aus Sicherheitsgründen wird Windows Blockiert (Win7 Ultimate)
    Log-Analyse und Auswertung - 17.12.2011 (1)
  13. Infektionsverdacht (Rootkit, Botnet, Remote Access) / Win7 SP1 / 64bit
    Log-Analyse und Auswertung - 26.07.2011 (21)
  14. Jemand anders hat meinen PC gesteuert!
    Log-Analyse und Auswertung - 21.07.2011 (4)
  15. MBR wird laufend überschrieben (Win7-64)
    Plagegeister aller Art und deren Bekämpfung - 02.02.2011 (11)
  16. Computer ohne Bildschirm per Remote übers Netz überwachen
    Alles rund um Windows - 01.11.2006 (6)
  17. Habe die IP vom (Trojaner)Remote Computer und nun?
    Antiviren-, Firewall- und andere Schutzprogramme - 27.01.2005 (3)

Zum Thema Win7: Computer wird remote gesteuert - Meine lieben PC-Gurus vom Trojaner-Board! Juli 2012 habt ihr den PC von meinem Sohn gerettet und jetzt bitte ich im Namen meiner Tochter um Hilfe! Seit etwa zwei Wochen berichtet - Win7: Computer wird remote gesteuert...
Archiv
Du betrachtest: Win7: Computer wird remote gesteuert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.