| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ihavenet-VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.12.2012, 16:04
| #1 |
| |  ihavenet-Virus Hallo, ich habe seit einiger Zeit den "ihavenet-Virus" auf dem PC und will den jezt langsam mal loswerden. Habe mir hier einige Beiträge angeguckt und habe die dort angegebenen Schritte versucht ordnungsgemäß zu erledigen. Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen erledigt. Schritt 2: Adware entfernen mit JRT erledigt. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.1 (12.20.2012:1)
OS: Windows 7 Home Premium x64
Ran by Stieg on 21.12.2012 at 15:47:58,46
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Stieg\AppData\Roaming\dvdvideosoftiehelpers"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.12.2012 at 15:52:51,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kontrollscan mit OTL erledigt. Code:
ATTFilter OTL logfile created on: 21.12.2012 16:00:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stieg\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 67,19% Memory free 7,79 Gb Paging File | 6,03 Gb Available in Paging File | 77,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,53 Gb Total Space | 19,65 Gb Free Space | 33,00% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 429,00 Gb Free Space | 92,11% Space Free | Partition Type: NTFS Computer Name: PC | User Name: Stieg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.21 15:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stieg\Desktop\OTL.exe PRC - [2012.12.17 23:29:50 | 029,428,448 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stieg\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.11 22:11:45 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 22:11:19 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.11 22:11:19 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.05 18:35:21 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.09.29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- G:\Programme\Malewarebytes\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- G:\Programme\Malewarebytes\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- G:\Programme\Malewarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.07 16:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.02.05 12:22:44 | 001,763,328 | ---- | M] (Software Security System) -- C:\Programme\Lucidlogix Technologies\VIRTU MVP\Ekag20nt.exe PRC - [2012.01.26 18:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2012.12.05 18:35:21 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.15 18:46:25 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll MOD - [2012.11.15 18:46:25 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll MOD - [2012.11.15 17:46:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.15 17:46:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.15 17:46:03 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.15 17:45:54 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012.11.15 17:45:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.15 17:45:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.15 17:45:48 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.15 17:45:45 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.12.11 23:20:49 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.11 22:11:45 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 22:11:19 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.05 18:35:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.09.29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- G:\Programme\Malewarebytes\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- G:\Programme\Malewarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.09 15:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.07 16:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.21 15:46:18 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2012.12.11 22:11:56 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 22:11:56 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.09.29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.09 15:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.02.09 15:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012.02.09 15:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2012.02.05 12:36:12 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM) DRV:64bit: - [2012.01.26 18:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.26 18:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.26 18:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.12.05 20:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.09.21 16:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.10 15:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.08.13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-735380003-689412922-4239967661-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-735380003-689412922-4239967661-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-735380003-689412922-4239967661-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 42 57 F8 B3 DB CD 01 [binary data] IE - HKU\S-1-5-21-735380003-689412922-4239967661-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-735380003-689412922-4239967661-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-735380003-689412922-4239967661-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-735380003-689412922-4239967661-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.2.0 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: G:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: G:\Programme\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Users\Stieg\VLC Media Player\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 18:35:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 18:35:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.29 17:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stieg\AppData\Roaming\mozilla\Extensions [2012.12.18 16:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stieg\AppData\Roaming\mozilla\Firefox\Profiles\frd9w31o.default\extensions [2012.11.23 11:04:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Stieg\AppData\Roaming\mozilla\Firefox\Profiles\frd9w31o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.09.29 18:19:42 | 000,093,748 | ---- | M] () (No name found) -- C:\Users\Stieg\AppData\Roaming\mozilla\firefox\profiles\frd9w31o.default\extensions\addictive_typing_lessons@tomkennedy.net.xpi [2012.10.22 19:02:04 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\Stieg\AppData\Roaming\mozilla\firefox\profiles\frd9w31o.default\extensions\stealthyextension@gmail.com.xpi [2012.09.29 18:23:47 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Stieg\AppData\Roaming\mozilla\firefox\profiles\frd9w31o.default\extensions\youtubeunblocker@unblocker.yt.xpi [2012.10.18 17:28:30 | 000,158,191 | ---- | M] () (No name found) -- C:\Users\Stieg\AppData\Roaming\mozilla\firefox\profiles\frd9w31o.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}.xpi [2012.12.18 16:50:04 | 000,532,971 | ---- | M] () (No name found) -- C:\Users\Stieg\AppData\Roaming\mozilla\firefox\profiles\frd9w31o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.12.06 12:48:13 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Stieg\AppData\Roaming\mozilla\firefox\profiles\frd9w31o.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012.12.11 22:24:53 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Stieg\AppData\Roaming\mozilla\firefox\profiles\frd9w31o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.25 00:37:22 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Stieg\AppData\Roaming\mozilla\firefox\profiles\frd9w31o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.29 18:23:47 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Stieg\AppData\Roaming\mozilla\firefox\profiles\frd9w31o.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.12.05 18:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.05 18:35:21 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Programme\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Programme\Java\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [VIRTU_MVP_AUTORUN] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [GrooveMonitor] G:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Stieg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stieg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stieg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - G:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stieg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - G:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A834EBC-BB60-463F-889E-01DA73515E54}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\appinit_dll.dll) - C:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{22c35993-03f9-11e2-8a82-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{22c35993-03f9-11e2-8a82-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.21 15:59:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stieg\Desktop\OTL.exe [2012.12.21 15:47:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2012.12.21 15:47:48 | 000,000,000 | ---D | C] -- C:\JRT [2012.12.21 15:44:53 | 000,495,874 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Stieg\Desktop\JRT.exe [2012.12.21 00:24:06 | 000,000,000 | R--D | C] -- C:\Users\Stieg\Dropbox [2012.12.21 00:23:11 | 000,000,000 | ---D | C] -- C:\Users\Stieg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.12.21 00:22:58 | 000,000,000 | ---D | C] -- C:\Users\Stieg\AppData\Roaming\Dropbox [2012.12.21 00:21:54 | 020,132,536 | ---- | C] (Dropbox, Inc.) -- C:\Users\Stieg\Desktop\Dropbox 1.6.6.exe [2012.12.18 17:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.18 17:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.18 17:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.18 17:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.18 17:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2012.12.16 19:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.12.16 19:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.16 19:12:32 | 000,000,000 | ---D | C] -- C:\Users\Stieg\AppData\Local\Diagnostics [2012.12.16 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\Stieg\Documents\Remote Assistance Logs [2012.12.16 18:43:22 | 000,000,000 | ---D | C] -- C:\Users\Stieg\Desktop\Neuer Ordner [2012.12.16 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\Stieg\AppData\Local\ElevatedDiagnostics [2012.12.05 18:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.02 16:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2 [2012.11.23 11:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.11.23 11:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.11.23 11:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.21 15:59:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stieg\Desktop\OTL.exe [2012.12.21 15:53:29 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 15:53:29 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 15:52:52 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.21 15:52:52 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.21 15:52:52 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.21 15:52:52 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.21 15:52:52 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.21 15:48:55 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\fvfowu.job [2012.12.21 15:46:18 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2012.12.21 15:46:17 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2012.12.21 15:46:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.21 15:46:12 | 3137,126,400 | -HS- | M] () -- C:\hiberfil.sys [2012.12.21 15:45:01 | 000,495,874 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Stieg\Desktop\JRT.exe [2012.12.21 15:44:48 | 000,547,175 | ---- | M] () -- C:\Users\Stieg\Desktop\adwcleaner.exe [2012.12.21 15:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.21 03:15:38 | 000,418,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.21 00:24:06 | 000,001,001 | ---- | M] () -- C:\Users\Stieg\Desktop\Dropbox.lnk [2012.12.21 00:23:18 | 000,001,011 | ---- | M] () -- C:\Users\Stieg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.21 00:22:47 | 020,132,536 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stieg\Desktop\Dropbox 1.6.6.exe [2012.12.18 17:08:38 | 000,001,557 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.16 19:39:55 | 000,000,206 | ---- | M] () -- C:\Users\Stieg\Documents\cc_20121216_193953.reg [2012.12.16 19:39:00 | 000,006,920 | ---- | M] () -- C:\Users\Stieg\Documents\cc_20121216_193856.reg [2012.12.16 19:36:24 | 000,039,492 | ---- | M] () -- C:\Users\Stieg\Documents\cc_20121216_193618.reg [2012.12.16 19:35:48 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.15 14:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2012.12.11 22:11:56 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.11 22:11:56 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.10 19:54:09 | 000,122,880 | RHS- | M] () -- C:\Windows\SysWow64\takeownd.dll [2012.12.02 16:37:24 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\Metin2.lnk [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.21 15:44:46 | 000,547,175 | ---- | C] () -- C:\Users\Stieg\Desktop\adwcleaner.exe [2012.12.21 00:24:06 | 000,001,001 | ---- | C] () -- C:\Users\Stieg\Desktop\Dropbox.lnk [2012.12.21 00:23:18 | 000,001,011 | ---- | C] () -- C:\Users\Stieg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.18 17:08:38 | 000,001,557 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.16 19:39:54 | 000,000,206 | ---- | C] () -- C:\Users\Stieg\Documents\cc_20121216_193953.reg [2012.12.16 19:38:57 | 000,006,920 | ---- | C] () -- C:\Users\Stieg\Documents\cc_20121216_193856.reg [2012.12.16 19:36:21 | 000,039,492 | ---- | C] () -- C:\Users\Stieg\Documents\cc_20121216_193618.reg [2012.12.16 19:35:48 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.10 19:54:09 | 000,122,880 | RHS- | C] () -- C:\Windows\SysWow64\takeownd.dll [2012.12.10 19:54:09 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\fvfowu.job [2012.12.02 16:37:24 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\Metin2.lnk [2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.09.21 15:51:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.21 15:37:50 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.09.21 15:37:50 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.09.21 15:37:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.07.28 02:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 02:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.21 15:46:26 | 000,000,000 | ---D | M] -- C:\Users\Stieg\AppData\Roaming\Dropbox [2012.11.08 20:20:51 | 000,000,000 | ---D | M] -- C:\Users\Stieg\AppData\Roaming\DVDVideoSoft [2012.12.02 10:52:39 | 000,000,000 | ---D | M] -- C:\Users\Stieg\AppData\Roaming\Origin [2012.12.10 21:37:32 | 000,000,000 | ---D | M] -- C:\Users\Stieg\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Ich hoffe, dass Ihr mir anhand dessen schon helfen könnt bzw. mir die weiteren Schritte erklärt. Vielen Dank im Voraus. Gruß Stieg |
|
21.12.2012, 16:34
| #2 |
| /// Malware-holic   | ihavenet-Virus hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.12.10 19:54:09 | 000,122,880 | RHS- | M] () -- C:\Windows\SysWow64\takeownd.dll
[2012.12.21 15:48:55 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\fvfowu.job
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 downloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten. Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________ |
|
23.12.2012, 03:22
| #3 |
| | ihavenet-Virus Oh, das wusste ich nicht, werde ich bei dem nächsten Problem (was hoffentlich dann noch lange auf sich warten lässt) beachten.
__________________Code:
ATTFilter All processes killed
========== OTL ==========
File C:\Windows\SysWow64\takeownd.dll not found.
File C:\Windows\tasks\fvfowu.job not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Stieg
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Stieg
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 327814 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1857708 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12232012_031530
Files\Folders moved on Reboot...
File\Folder C:\Users\Stieg\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Upload der Datei hat einwandfrei funktioniert. Code:
ATTFilter Datei: MovedFiles.zip_1 empfangen
Vorgang erfolgreich abgeschlossen.
Eine private Mail werde ich dir gleich noch schreiben. Gruß |
|
27.12.2012, 15:32
| #4 |
| /// Malware-holic | ihavenet-Virus Hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.01.2013, 23:36
| #5 |
| | ihavenet-Virus Hey, hab ich erledigt, hier ist der log. Code:
ATTFilter 23:32:41.0143 3916 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:32:41.0703 3916 ============================================================
23:32:41.0703 3916 Current date / time: 2013/01/02 23:32:41.0703
23:32:41.0703 3916 SystemInfo:
23:32:41.0703 3916
23:32:41.0703 3916 OS Version: 6.1.7601 ServicePack: 1.0
23:32:41.0703 3916 Product type: Workstation
23:32:41.0704 3916 ComputerName: PC
23:32:41.0704 3916 UserName: Stieg
23:32:41.0704 3916 Windows directory: C:\Windows
23:32:41.0704 3916 System windows directory: C:\Windows
23:32:41.0704 3916 Running under WOW64
23:32:41.0704 3916 Processor architecture: Intel x64
23:32:41.0704 3916 Number of processors: 4
23:32:41.0704 3916 Page size: 0x1000
23:32:41.0704 3916 Boot type: Normal boot
23:32:41.0704 3916 ============================================================
23:32:41.0947 3916 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:32:41.0948 3916 Drive \Device\Harddisk1\DR1 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:32:41.0950 3916 ============================================================
23:32:41.0950 3916 \Device\Harddisk0\DR0:
23:32:41.0950 3916 MBR partitions:
23:32:41.0950 3916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
23:32:41.0950 3916 \Device\Harddisk1\DR1:
23:32:41.0951 3916 MBR partitions:
23:32:41.0951 3916 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:32:41.0951 3916 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
23:32:41.0951 3916 ============================================================
23:32:41.0951 3916 C: <-> \Device\Harddisk1\DR1\Partition2
23:32:41.0968 3916 G: <-> \Device\Harddisk0\DR0\Partition1
23:32:41.0968 3916 ============================================================
23:32:41.0968 3916 Initialize success
23:32:41.0968 3916 ============================================================
23:32:57.0291 6048 ============================================================
23:32:57.0291 6048 Scan started
23:32:57.0291 6048 Mode: Manual; SigCheck; TDLFS;
23:32:57.0291 6048 ============================================================
23:32:57.0385 6048 ================ Scan system memory ========================
23:32:57.0385 6048 System memory - ok
23:32:57.0386 6048 ================ Scan services =============================
23:32:57.0412 6048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:32:57.0464 6048 1394ohci - ok
23:32:57.0470 6048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:32:57.0485 6048 ACPI - ok
23:32:57.0488 6048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:32:57.0509 6048 AcpiPmi - ok
23:32:57.0514 6048 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:32:57.0529 6048 AdobeARMservice - ok
23:32:57.0547 6048 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:32:57.0557 6048 AdobeFlashPlayerUpdateSvc - ok
23:32:57.0565 6048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:32:57.0586 6048 adp94xx - ok
23:32:57.0591 6048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:32:57.0606 6048 adpahci - ok
23:32:57.0609 6048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:32:57.0622 6048 adpu320 - ok
23:32:57.0626 6048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:32:57.0667 6048 AeLookupSvc - ok
23:32:57.0674 6048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:32:57.0688 6048 AFD - ok
23:32:57.0691 6048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:32:57.0701 6048 agp440 - ok
23:32:57.0704 6048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:32:57.0717 6048 ALG - ok
23:32:57.0720 6048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:32:57.0729 6048 aliide - ok
23:32:57.0734 6048 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:32:57.0758 6048 AMD External Events Utility - ok
23:32:57.0762 6048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:32:57.0771 6048 amdide - ok
23:32:57.0774 6048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:32:57.0785 6048 AmdK8 - ok
23:32:57.0859 6048 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:32:58.0003 6048 amdkmdag - ok
23:32:58.0012 6048 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:32:58.0031 6048 amdkmdap - ok
23:32:58.0035 6048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:32:58.0048 6048 AmdPPM - ok
23:32:58.0052 6048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:32:58.0063 6048 amdsata - ok
23:32:58.0067 6048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:32:58.0081 6048 amdsbs - ok
23:32:58.0085 6048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:32:58.0097 6048 amdxata - ok
23:32:58.0103 6048 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:32:58.0114 6048 AntiVirSchedulerService - ok
23:32:58.0117 6048 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:32:58.0129 6048 AntiVirService - ok
23:32:58.0132 6048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:32:58.0174 6048 AppID - ok
23:32:58.0177 6048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:32:58.0208 6048 AppIDSvc - ok
23:32:58.0211 6048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:32:58.0239 6048 Appinfo - ok
23:32:58.0244 6048 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:32:58.0257 6048 Apple Mobile Device - ok
23:32:58.0261 6048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
23:32:58.0272 6048 arc - ok
23:32:58.0275 6048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:32:58.0288 6048 arcsas - ok
23:32:58.0291 6048 [ 4DFF4312661F54EE87DC9A13CAEE60E0 ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys
23:32:58.0306 6048 asahci64 - ok
23:32:58.0309 6048 [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
23:32:58.0319 6048 AsrAppCharger - ok
23:32:58.0322 6048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:32:58.0352 6048 AsyncMac - ok
23:32:58.0355 6048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:32:58.0368 6048 atapi - ok
23:32:58.0372 6048 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:32:58.0382 6048 AtiHDAudioService - ok
23:32:58.0391 6048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:32:58.0435 6048 AudioEndpointBuilder - ok
23:32:58.0442 6048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:32:58.0474 6048 AudioSrv - ok
23:32:58.0478 6048 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:32:58.0488 6048 avgntflt - ok
23:32:58.0492 6048 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:32:58.0506 6048 avipbb - ok
23:32:58.0508 6048 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:32:58.0518 6048 avkmgr - ok
23:32:58.0522 6048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:32:58.0541 6048 AxInstSV - ok
23:32:58.0548 6048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:32:58.0566 6048 b06bdrv - ok
23:32:58.0572 6048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:32:58.0589 6048 b57nd60a - ok
23:32:58.0594 6048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:32:58.0606 6048 BDESVC - ok
23:32:58.0609 6048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:32:58.0640 6048 Beep - ok
23:32:58.0649 6048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:32:58.0690 6048 BFE - ok
23:32:58.0699 6048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:32:58.0743 6048 BITS - ok
23:32:58.0746 6048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:32:58.0760 6048 blbdrive - ok
23:32:58.0766 6048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:32:58.0783 6048 Bonjour Service - ok
23:32:58.0787 6048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:32:58.0799 6048 bowser - ok
23:32:58.0803 6048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:32:58.0818 6048 BrFiltLo - ok
23:32:58.0821 6048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:32:58.0833 6048 BrFiltUp - ok
23:32:58.0837 6048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:32:58.0851 6048 Browser - ok
23:32:58.0857 6048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:32:58.0872 6048 Brserid - ok
23:32:58.0875 6048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:32:58.0890 6048 BrSerWdm - ok
23:32:58.0893 6048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:32:58.0908 6048 BrUsbMdm - ok
23:32:58.0911 6048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:32:58.0921 6048 BrUsbSer - ok
23:32:58.0924 6048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:32:58.0939 6048 BTHMODEM - ok
23:32:58.0944 6048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:32:58.0974 6048 bthserv - ok
23:32:58.0978 6048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:32:59.0010 6048 cdfs - ok
23:32:59.0014 6048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:32:59.0029 6048 cdrom - ok
23:32:59.0033 6048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:32:59.0063 6048 CertPropSvc - ok
23:32:59.0067 6048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
23:32:59.0082 6048 circlass - ok
23:32:59.0088 6048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:32:59.0101 6048 CLFS - ok
23:32:59.0107 6048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:32:59.0120 6048 clr_optimization_v2.0.50727_32 - ok
23:32:59.0126 6048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:32:59.0138 6048 clr_optimization_v2.0.50727_64 - ok
23:32:59.0144 6048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:32:59.0158 6048 clr_optimization_v4.0.30319_32 - ok
23:32:59.0164 6048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:32:59.0172 6048 clr_optimization_v4.0.30319_64 - ok
23:32:59.0174 6048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:32:59.0184 6048 CmBatt - ok
23:32:59.0187 6048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:32:59.0196 6048 cmdide - ok
23:32:59.0202 6048 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
23:32:59.0224 6048 CNG - ok
23:32:59.0227 6048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:32:59.0237 6048 Compbatt - ok
23:32:59.0239 6048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:32:59.0253 6048 CompositeBus - ok
23:32:59.0255 6048 COMSysApp - ok
23:32:59.0261 6048 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
23:32:59.0276 6048 cphs - ok
23:32:59.0279 6048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:32:59.0288 6048 crcdisk - ok
23:32:59.0293 6048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:32:59.0308 6048 CryptSvc - ok
23:32:59.0315 6048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:32:59.0366 6048 DcomLaunch - ok
23:32:59.0371 6048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:32:59.0399 6048 defragsvc - ok
23:32:59.0402 6048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:32:59.0444 6048 DfsC - ok
23:32:59.0450 6048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:32:59.0469 6048 Dhcp - ok
23:32:59.0473 6048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:32:59.0503 6048 discache - ok
23:32:59.0506 6048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
23:32:59.0520 6048 Disk - ok
23:32:59.0524 6048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:32:59.0542 6048 Dnscache - ok
23:32:59.0546 6048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:32:59.0582 6048 dot3svc - ok
23:32:59.0586 6048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:32:59.0616 6048 DPS - ok
23:32:59.0619 6048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:32:59.0631 6048 drmkaud - ok
23:32:59.0642 6048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:32:59.0668 6048 DXGKrnl - ok
23:32:59.0671 6048 EagleX64 - ok
23:32:59.0675 6048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:32:59.0709 6048 EapHost - ok
23:32:59.0734 6048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:32:59.0782 6048 ebdrv - ok
23:32:59.0787 6048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:32:59.0799 6048 EFS - ok
23:32:59.0809 6048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:32:59.0830 6048 ehRecvr - ok
23:32:59.0833 6048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:32:59.0846 6048 ehSched - ok
23:32:59.0853 6048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:32:59.0871 6048 elxstor - ok
23:32:59.0873 6048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:32:59.0884 6048 ErrDev - ok
23:32:59.0892 6048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:32:59.0920 6048 EventSystem - ok
23:32:59.0924 6048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:32:59.0953 6048 exfat - ok
23:32:59.0957 6048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:32:59.0988 6048 fastfat - ok
23:32:59.0996 6048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:33:00.0011 6048 Fax - ok
23:33:00.0014 6048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
23:33:00.0024 6048 fdc - ok
23:33:00.0027 6048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:33:00.0052 6048 fdPHost - ok
23:33:00.0055 6048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:33:00.0079 6048 FDResPub - ok
23:33:00.0082 6048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:33:00.0093 6048 FileInfo - ok
23:33:00.0096 6048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:33:00.0123 6048 Filetrace - ok
23:33:00.0125 6048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:33:00.0135 6048 flpydisk - ok
23:33:00.0142 6048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:33:00.0157 6048 FltMgr - ok
23:33:00.0169 6048 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:33:00.0188 6048 FontCache - ok
23:33:00.0192 6048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:33:00.0201 6048 FontCache3.0.0.0 - ok
23:33:00.0204 6048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:33:00.0214 6048 FsDepends - ok
23:33:00.0217 6048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:33:00.0226 6048 Fs_Rec - ok
23:33:00.0231 6048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:33:00.0243 6048 fvevol - ok
23:33:00.0246 6048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:33:00.0256 6048 gagp30kx - ok
23:33:00.0259 6048 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:33:00.0267 6048 GEARAspiWDM - ok
23:33:00.0276 6048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:33:00.0315 6048 gpsvc - ok
23:33:00.0321 6048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:33:00.0333 6048 hcw85cir - ok
23:33:00.0342 6048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:33:00.0360 6048 HdAudAddService - ok
23:33:00.0366 6048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:33:00.0377 6048 HDAudBus - ok
23:33:00.0379 6048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:33:00.0390 6048 HidBatt - ok
23:33:00.0393 6048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:33:00.0408 6048 HidBth - ok
23:33:00.0411 6048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:33:00.0424 6048 HidIr - ok
23:33:00.0426 6048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:33:00.0454 6048 hidserv - ok
23:33:00.0457 6048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:33:00.0468 6048 HidUsb - ok
23:33:00.0471 6048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:33:00.0499 6048 hkmsvc - ok
23:33:00.0504 6048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:33:00.0520 6048 HomeGroupListener - ok
23:33:00.0524 6048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:33:00.0539 6048 HomeGroupProvider - ok
23:33:00.0542 6048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:33:00.0553 6048 HpSAMD - ok
23:33:00.0562 6048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:33:00.0595 6048 HTTP - ok
23:33:00.0597 6048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:33:00.0604 6048 hwpolicy - ok
23:33:00.0607 6048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:33:00.0621 6048 i8042prt - ok
23:33:00.0630 6048 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:33:00.0641 6048 iaStor - ok
23:33:00.0646 6048 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:33:00.0652 6048 IAStorDataMgrSvc - ok
23:33:00.0658 6048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:33:00.0673 6048 iaStorV - ok
23:33:00.0677 6048 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:33:00.0687 6048 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:33:00.0687 6048 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:33:00.0697 6048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:33:00.0729 6048 idsvc - ok
23:33:00.0769 6048 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:33:00.0842 6048 igfx - ok
23:33:00.0845 6048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:33:00.0856 6048 iirsp - ok
23:33:00.0858 6048 [ 67999A9D34A0B2479381E7A61AFC37AB ] ikbevent C:\Windows\system32\DRIVERS\ikbevent.sys
23:33:00.0867 6048 ikbevent - ok
23:33:00.0876 6048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:33:00.0916 6048 IKEEXT - ok
23:33:00.0919 6048 [ DDAE90DD5BDAC53C8C5CD5B82FC1F1B4 ] imsevent C:\Windows\system32\DRIVERS\imsevent.sys
23:33:00.0927 6048 imsevent - ok
23:33:00.0951 6048 [ F2744FD54BE1580BE05916D1C755C92A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:33:01.0006 6048 IntcAzAudAddService - ok
23:33:01.0011 6048 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
23:33:01.0021 6048 IntcDAud ( UnsignedFile.Multi.Generic ) - warning
23:33:01.0022 6048 IntcDAud - detected UnsignedFile.Multi.Generic (1)
23:33:01.0031 6048 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
23:33:01.0051 6048 Intel(R) Capability Licensing Service Interface - ok
23:33:01.0055 6048 [ 709C8623721A1F1EF388EA75A07EC33B ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
23:33:01.0064 6048 Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - warning
23:33:01.0064 6048 Intel(R) ME Service - detected UnsignedFile.Multi.Generic (1)
23:33:01.0066 6048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:33:01.0076 6048 intelide - ok
23:33:01.0079 6048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:33:01.0087 6048 intelppm - ok
23:33:01.0090 6048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:33:01.0120 6048 IPBusEnum - ok
23:33:01.0122 6048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:33:01.0149 6048 IpFilterDriver - ok
23:33:01.0156 6048 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:33:01.0170 6048 iphlpsvc - ok
23:33:01.0174 6048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:33:01.0186 6048 IPMIDRV - ok
23:33:01.0189 6048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:33:01.0218 6048 IPNAT - ok
23:33:01.0226 6048 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:33:01.0240 6048 iPod Service - ok
23:33:01.0242 6048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:33:01.0256 6048 IRENUM - ok
23:33:01.0258 6048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:33:01.0267 6048 isapnp - ok
23:33:01.0272 6048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:33:01.0287 6048 iScsiPrt - ok
23:33:01.0290 6048 [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT C:\Windows\system32\DRIVERS\ISCTD64.sys
23:33:01.0299 6048 ISCT - ok
23:33:01.0303 6048 [ 6F60B7AD044924B8C1E32D692C593612 ] ISCTAgent C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
23:33:01.0314 6048 ISCTAgent - ok
23:33:01.0317 6048 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
23:33:01.0325 6048 iusb3hcs - ok
23:33:01.0331 6048 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
23:33:01.0347 6048 iusb3hub - ok
23:33:01.0356 6048 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
23:33:01.0380 6048 iusb3xhc - ok
23:33:01.0383 6048 [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
23:33:01.0395 6048 jhi_service - ok
23:33:01.0398 6048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:33:01.0408 6048 kbdclass - ok
23:33:01.0411 6048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:33:01.0422 6048 kbdhid - ok
23:33:01.0424 6048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:33:01.0432 6048 KeyIso - ok
23:33:01.0436 6048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:33:01.0449 6048 KSecDD - ok
23:33:01.0456 6048 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:33:01.0469 6048 KSecPkg - ok
23:33:01.0472 6048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:33:01.0499 6048 ksthunk - ok
23:33:01.0505 6048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:33:01.0539 6048 KtmRm - ok
23:33:01.0543 6048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:33:01.0575 6048 LanmanServer - ok
23:33:01.0578 6048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:33:01.0608 6048 LanmanWorkstation - ok
23:33:01.0612 6048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:33:01.0639 6048 lltdio - ok
23:33:01.0644 6048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:33:01.0674 6048 lltdsvc - ok
23:33:01.0677 6048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:33:01.0704 6048 lmhosts - ok
23:33:01.0709 6048 [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:33:01.0718 6048 LMS - ok
23:33:01.0723 6048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:33:01.0734 6048 LSI_FC - ok
23:33:01.0737 6048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:33:01.0748 6048 LSI_SAS - ok
23:33:01.0752 6048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:33:01.0762 6048 LSI_SAS2 - ok
23:33:01.0765 6048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:33:01.0777 6048 LSI_SCSI - ok
23:33:01.0780 6048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:33:01.0808 6048 luafv - ok
23:33:01.0811 6048 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:33:01.0820 6048 MBAMProtector - ok
23:33:01.0854 6048 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler G:\Programme\Malewarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:33:01.0873 6048 MBAMScheduler - ok
23:33:01.0895 6048 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService G:\Programme\Malewarebytes\Malwarebytes' Anti-Malware\mbamservice.exe
23:33:01.0924 6048 MBAMService - ok
23:33:01.0926 6048 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
23:33:01.0935 6048 MBfilt - ok
23:33:01.0938 6048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:33:01.0952 6048 Mcx2Svc - ok
23:33:01.0955 6048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
23:33:01.0965 6048 megasas - ok
23:33:01.0971 6048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:33:01.0985 6048 MegaSR - ok
23:33:01.0988 6048 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:33:01.0998 6048 MEIx64 - ok
23:33:02.0033 6048 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service G:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
23:33:02.0053 6048 Microsoft Office Groove Audit Service - ok
23:33:02.0058 6048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:33:02.0088 6048 MMCSS - ok
23:33:02.0091 6048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:33:02.0118 6048 Modem - ok
23:33:02.0120 6048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:33:02.0130 6048 monitor - ok
23:33:02.0133 6048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:33:02.0143 6048 mouclass - ok
23:33:02.0146 6048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:33:02.0157 6048 mouhid - ok
23:33:02.0161 6048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:33:02.0169 6048 mountmgr - ok
23:33:02.0172 6048 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:33:02.0184 6048 MozillaMaintenance - ok
23:33:02.0188 6048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:33:02.0200 6048 mpio - ok
23:33:02.0203 6048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:33:02.0230 6048 mpsdrv - ok
23:33:02.0240 6048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:33:02.0280 6048 MpsSvc - ok
23:33:02.0284 6048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:33:02.0300 6048 MRxDAV - ok
23:33:02.0306 6048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:33:02.0319 6048 mrxsmb - ok
23:33:02.0324 6048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:33:02.0338 6048 mrxsmb10 - ok
23:33:02.0342 6048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:33:02.0353 6048 mrxsmb20 - ok
23:33:02.0356 6048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:33:02.0365 6048 msahci - ok
23:33:02.0369 6048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:33:02.0381 6048 msdsm - ok
23:33:02.0386 6048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:33:02.0399 6048 MSDTC - ok
23:33:02.0405 6048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:33:02.0431 6048 Msfs - ok
23:33:02.0434 6048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:33:02.0459 6048 mshidkmdf - ok
23:33:02.0461 6048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:33:02.0470 6048 msisadrv - ok
23:33:02.0474 6048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:33:02.0503 6048 MSiSCSI - ok
23:33:02.0505 6048 msiserver - ok
23:33:02.0508 6048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:33:02.0533 6048 MSKSSRV - ok
23:33:02.0536 6048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:33:02.0562 6048 MSPCLOCK - ok
23:33:02.0564 6048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:33:02.0590 6048 MSPQM - ok
23:33:02.0596 6048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:33:02.0611 6048 MsRPC - ok
23:33:02.0615 6048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:33:02.0622 6048 mssmbios - ok
23:33:02.0624 6048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:33:02.0650 6048 MSTEE - ok
23:33:02.0652 6048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:33:02.0663 6048 MTConfig - ok
23:33:02.0665 6048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:33:02.0676 6048 Mup - ok
23:33:02.0682 6048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:33:02.0711 6048 napagent - ok
23:33:02.0717 6048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:33:02.0737 6048 NativeWifiP - ok
23:33:02.0748 6048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:33:02.0767 6048 NDIS - ok
23:33:02.0770 6048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:33:02.0796 6048 NdisCap - ok
23:33:02.0799 6048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:33:02.0825 6048 NdisTapi - ok
23:33:02.0828 6048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:33:02.0855 6048 Ndisuio - ok
23:33:02.0859 6048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:33:02.0888 6048 NdisWan - ok
23:33:02.0890 6048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:33:02.0917 6048 NDProxy - ok
23:33:02.0920 6048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:33:02.0947 6048 NetBIOS - ok
23:33:02.0951 6048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:33:02.0977 6048 NetBT - ok
23:33:02.0980 6048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:33:02.0988 6048 Netlogon - ok
23:33:02.0993 6048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:33:03.0022 6048 Netman - ok
23:33:03.0028 6048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:33:03.0065 6048 netprofm - ok
23:33:03.0068 6048 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:33:03.0080 6048 NetTcpPortSharing - ok
23:33:03.0082 6048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:33:03.0093 6048 nfrd960 - ok
23:33:03.0098 6048 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:33:03.0114 6048 NlaSvc - ok
23:33:03.0117 6048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:33:03.0144 6048 Npfs - ok
23:33:03.0147 6048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:33:03.0174 6048 nsi - ok
23:33:03.0177 6048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:33:03.0202 6048 nsiproxy - ok
23:33:03.0218 6048 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:33:03.0255 6048 Ntfs - ok
23:33:03.0257 6048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:33:03.0283 6048 Null - ok
23:33:03.0287 6048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:33:03.0299 6048 nvraid - ok
23:33:03.0303 6048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:33:03.0316 6048 nvstor - ok
23:33:03.0320 6048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:33:03.0331 6048 nv_agp - ok
23:33:03.0339 6048 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:33:03.0358 6048 odserv - ok
23:33:03.0361 6048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:33:03.0374 6048 ohci1394 - ok
23:33:03.0377 6048 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:33:03.0389 6048 ose - ok
23:33:03.0396 6048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:33:03.0407 6048 p2pimsvc - ok
23:33:03.0413 6048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:33:03.0430 6048 p2psvc - ok
23:33:03.0434 6048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
23:33:03.0446 6048 Parport - ok
23:33:03.0448 6048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:33:03.0460 6048 partmgr - ok
23:33:03.0464 6048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:33:03.0483 6048 PcaSvc - ok
23:33:03.0487 6048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:33:03.0496 6048 pci - ok
23:33:03.0498 6048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:33:03.0507 6048 pciide - ok
23:33:03.0511 6048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:33:03.0525 6048 pcmcia - ok
23:33:03.0528 6048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:33:03.0538 6048 pcw - ok
23:33:03.0545 6048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:33:03.0584 6048 PEAUTH - ok
23:33:03.0602 6048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:33:03.0613 6048 PerfHost - ok
23:33:03.0631 6048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:33:03.0676 6048 pla - ok
23:33:03.0682 6048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:33:03.0701 6048 PlugPlay - ok
23:33:03.0704 6048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:33:03.0715 6048 PNRPAutoReg - ok
23:33:03.0720 6048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:33:03.0730 6048 PNRPsvc - ok
23:33:03.0737 6048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:33:03.0765 6048 PolicyAgent - ok
23:33:03.0771 6048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:33:03.0797 6048 Power - ok
23:33:03.0800 6048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:33:03.0828 6048 PptpMiniport - ok
23:33:03.0831 6048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
23:33:03.0843 6048 Processor - ok
23:33:03.0847 6048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:33:03.0863 6048 ProfSvc - ok
23:33:03.0865 6048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:33:03.0873 6048 ProtectedStorage - ok
23:33:03.0876 6048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:33:03.0901 6048 Psched - ok
23:33:03.0916 6048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:33:03.0947 6048 ql2300 - ok
23:33:03.0951 6048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:33:03.0963 6048 ql40xx - ok
23:33:03.0967 6048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:33:03.0986 6048 QWAVE - ok
23:33:03.0989 6048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:33:04.0003 6048 QWAVEdrv - ok
23:33:04.0005 6048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:33:04.0031 6048 RasAcd - ok
23:33:04.0035 6048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:33:04.0062 6048 RasAgileVpn - ok
23:33:04.0065 6048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:33:04.0094 6048 RasAuto - ok
23:33:04.0098 6048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:33:04.0126 6048 Rasl2tp - ok
23:33:04.0131 6048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:33:04.0163 6048 RasMan - ok
23:33:04.0166 6048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:33:04.0195 6048 RasPppoe - ok
23:33:04.0198 6048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:33:04.0226 6048 RasSstp - ok
23:33:04.0231 6048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:33:04.0262 6048 rdbss - ok
23:33:04.0265 6048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
23:33:04.0277 6048 rdpbus - ok
23:33:04.0280 6048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:33:04.0304 6048 RDPCDD - ok
23:33:04.0308 6048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:33:04.0333 6048 RDPENCDD - ok
23:33:04.0336 6048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:33:04.0360 6048 RDPREFMP - ok
23:33:04.0366 6048 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:33:04.0375 6048 RdpVideoMiniport - ok
23:33:04.0380 6048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:33:04.0393 6048 RDPWD - ok
23:33:04.0398 6048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:33:04.0412 6048 rdyboost - ok
23:33:04.0415 6048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:33:04.0444 6048 RemoteAccess - ok
23:33:04.0447 6048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:33:04.0478 6048 RemoteRegistry - ok
23:33:04.0481 6048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:33:04.0510 6048 RpcEptMapper - ok
23:33:04.0512 6048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:33:04.0523 6048 RpcLocator - ok
23:33:04.0530 6048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:33:04.0558 6048 RpcSs - ok
23:33:04.0565 6048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:33:04.0593 6048 rspndr - ok
23:33:04.0601 6048 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:33:04.0617 6048 RTL8167 - ok
23:33:04.0620 6048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:33:04.0628 6048 SamSs - ok
23:33:04.0631 6048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:33:04.0642 6048 sbp2port - ok
23:33:04.0647 6048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:33:04.0676 6048 SCardSvr - ok
23:33:04.0679 6048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:33:04.0705 6048 scfilter - ok
23:33:04.0718 6048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:33:04.0763 6048 Schedule - ok
23:33:04.0766 6048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:33:04.0789 6048 SCPolicySvc - ok
23:33:04.0794 6048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:33:04.0803 6048 SDRSVC - ok
23:33:04.0806 6048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:33:04.0832 6048 secdrv - ok
23:33:04.0835 6048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:33:04.0862 6048 seclogon - ok
23:33:04.0865 6048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:33:04.0894 6048 SENS - ok
23:33:04.0897 6048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:33:04.0908 6048 SensrSvc - ok
23:33:04.0911 6048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:33:04.0921 6048 Serenum - ok
23:33:04.0924 6048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:33:04.0936 6048 Serial - ok
23:33:04.0939 6048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:33:04.0949 6048 sermouse - ok
23:33:04.0956 6048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:33:04.0985 6048 SessionEnv - ok
23:33:04.0987 6048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:33:04.0998 6048 sffdisk - ok
23:33:05.0001 6048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:33:05.0013 6048 sffp_mmc - ok
23:33:05.0015 6048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:33:05.0027 6048 sffp_sd - ok
23:33:05.0030 6048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:33:05.0040 6048 sfloppy - ok
23:33:05.0045 6048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:33:05.0077 6048 SharedAccess - ok
23:33:05.0083 6048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:33:05.0115 6048 ShellHWDetection - ok
23:33:05.0118 6048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:33:05.0128 6048 SiSRaid2 - ok
23:33:05.0131 6048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:33:05.0142 6048 SiSRaid4 - ok
23:33:05.0145 6048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:33:05.0174 6048 Smb - ok
23:33:05.0178 6048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:33:05.0190 6048 SNMPTRAP - ok
23:33:05.0192 6048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:33:05.0202 6048 spldr - ok
23:33:05.0209 6048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:33:05.0229 6048 Spooler - ok
23:33:05.0258 6048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:33:05.0317 6048 sppsvc - ok
23:33:05.0321 6048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:33:05.0349 6048 sppuinotify - ok
23:33:05.0358 6048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:33:05.0376 6048 srv - ok
23:33:05.0381 6048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:33:05.0399 6048 srv2 - ok
23:33:05.0403 6048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:33:05.0415 6048 srvnet - ok
23:33:05.0420 6048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:33:05.0447 6048 SSDPSRV - ok
23:33:05.0450 6048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:33:05.0479 6048 SstpSvc - ok
23:33:05.0482 6048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:33:05.0492 6048 stexstor - ok
23:33:05.0499 6048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:33:05.0523 6048 stisvc - ok
23:33:05.0525 6048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:33:05.0534 6048 swenum - ok
23:33:05.0541 6048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:33:05.0571 6048 swprv - ok
23:33:05.0588 6048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:33:05.0617 6048 SysMain - ok
23:33:05.0620 6048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:33:05.0637 6048 TabletInputService - ok
23:33:05.0642 6048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:33:05.0674 6048 TapiSrv - ok
23:33:05.0677 6048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:33:05.0703 6048 TBS - ok
23:33:05.0719 6048 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:33:05.0764 6048 Tcpip - ok
23:33:05.0780 6048 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:33:05.0807 6048 TCPIP6 - ok
23:33:05.0812 6048 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:33:05.0823 6048 tcpipreg - ok
23:33:05.0826 6048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:33:05.0836 6048 TDPIPE - ok
23:33:05.0838 6048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:33:05.0848 6048 TDTCP - ok
23:33:05.0852 6048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:33:05.0878 6048 tdx - ok
23:33:05.0881 6048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:33:05.0892 6048 TermDD - ok
23:33:05.0900 6048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:33:05.0939 6048 TermService - ok
23:33:05.0944 6048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:33:05.0959 6048 Themes - ok
23:33:05.0962 6048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:33:05.0987 6048 THREADORDER - ok
23:33:05.0990 6048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:33:06.0021 6048 TrkWks - ok
23:33:06.0025 6048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:33:06.0049 6048 TrustedInstaller - ok
23:33:06.0053 6048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:33:06.0080 6048 tssecsrv - ok
23:33:06.0083 6048 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:33:06.0094 6048 TsUsbFlt - ok
23:33:06.0096 6048 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:33:06.0106 6048 TsUsbGD - ok
23:33:06.0110 6048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:33:06.0138 6048 tunnel - ok
23:33:06.0140 6048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:33:06.0151 6048 uagp35 - ok
23:33:06.0157 6048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:33:06.0188 6048 udfs - ok
23:33:06.0193 6048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:33:06.0207 6048 UI0Detect - ok
23:33:06.0209 6048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:33:06.0220 6048 uliagpkx - ok
23:33:06.0223 6048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:33:06.0235 6048 umbus - ok
23:33:06.0237 6048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
23:33:06.0247 6048 UmPass - ok
23:33:06.0252 6048 [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:33:06.0262 6048 UNS - ok
23:33:06.0268 6048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:33:06.0300 6048 upnphost - ok
23:33:06.0303 6048 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:33:06.0311 6048 USBAAPL64 - ok
23:33:06.0314 6048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:33:06.0326 6048 usbccgp - ok
23:33:06.0330 6048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:33:06.0345 6048 usbcir - ok
23:33:06.0347 6048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:33:06.0358 6048 usbehci - ok
23:33:06.0364 6048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:33:06.0379 6048 usbhub - ok
23:33:06.0382 6048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:33:06.0392 6048 usbohci - ok
23:33:06.0395 6048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:33:06.0407 6048 usbprint - ok
23:33:06.0410 6048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:33:06.0422 6048 USBSTOR - ok
23:33:06.0425 6048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:33:06.0435 6048 usbuhci - ok
23:33:06.0438 6048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:33:06.0466 6048 UxSms - ok
23:33:06.0469 6048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:33:06.0476 6048 VaultSvc - ok
23:33:06.0479 6048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:33:06.0489 6048 vdrvroot - ok
23:33:06.0496 6048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:33:06.0530 6048 vds - ok
23:33:06.0533 6048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:33:06.0545 6048 vga - ok
23:33:06.0548 6048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:33:06.0575 6048 VgaSave - ok
23:33:06.0579 6048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:33:06.0593 6048 vhdmp - ok
23:33:06.0596 6048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:33:06.0605 6048 viaide - ok
23:33:06.0608 6048 [ DACA22260C4F0CA6E90E3A8C35D47E82 ] VirtuWDDM C:\Windows\system32\DRIVERS\VirtuWDDM.sys
23:33:06.0617 6048 VirtuWDDM - ok
23:33:06.0620 6048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:33:06.0631 6048 volmgr - ok
23:33:06.0636 6048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:33:06.0647 6048 volmgrx - ok
23:33:06.0652 6048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:33:06.0668 6048 volsnap - ok
23:33:06.0671 6048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:33:06.0683 6048 vsmraid - ok
23:33:06.0698 6048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:33:06.0737 6048 VSS - ok
23:33:06.0739 6048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:33:06.0752 6048 vwifibus - ok
23:33:06.0758 6048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:33:06.0792 6048 W32Time - ok
23:33:06.0795 6048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:33:06.0806 6048 WacomPen - ok
23:33:06.0809 6048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:33:06.0837 6048 WANARP - ok
23:33:06.0839 6048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:33:06.0863 6048 Wanarpv6 - ok
23:33:06.0877 6048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:33:06.0906 6048 wbengine - ok
23:33:06.0910 6048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:33:06.0928 6048 WbioSrvc - ok
23:33:06.0933 6048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:33:06.0953 6048 wcncsvc - ok
23:33:06.0956 6048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:33:06.0968 6048 WcsPlugInService - ok
23:33:06.0970 6048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
23:33:06.0980 6048 Wd - ok
23:33:06.0989 6048 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:33:07.0015 6048 Wdf01000 - ok
23:33:07.0019 6048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:33:07.0035 6048 WdiServiceHost - ok
23:33:07.0037 6048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:33:07.0050 6048 WdiSystemHost - ok
23:33:07.0055 6048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:33:07.0075 6048 WebClient - ok
23:33:07.0079 6048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:33:07.0110 6048 Wecsvc - ok
23:33:07.0113 6048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:33:07.0139 6048 wercplsupport - ok
23:33:07.0142 6048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:33:07.0172 6048 WerSvc - ok
23:33:07.0175 6048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:33:07.0201 6048 WfpLwf - ok
23:33:07.0203 6048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:33:07.0212 6048 WIMMount - ok
23:33:07.0214 6048 WinDefend - ok
23:33:07.0218 6048 WinHttpAutoProxySvc - ok
23:33:07.0227 6048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:33:07.0259 6048 Winmgmt - ok
23:33:07.0278 6048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:33:07.0329 6048 WinRM - ok
23:33:07.0335 6048 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:33:07.0346 6048 WinUsb - ok
23:33:07.0361 6048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:33:07.0389 6048 Wlansvc - ok
23:33:07.0392 6048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:33:07.0402 6048 WmiAcpi - ok
23:33:07.0407 6048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:33:07.0421 6048 wmiApSrv - ok
23:33:07.0423 6048 WMPNetworkSvc - ok
23:33:07.0426 6048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:33:07.0436 6048 WPCSvc - ok
23:33:07.0440 6048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:33:07.0453 6048 WPDBusEnum - ok
23:33:07.0455 6048 [ 7CA09731EB7FC99B910C7F239E57720F ] WPRO_41_2001 C:\Windows\system32\drivers\WPRO_41_2001.sys
23:33:07.0462 6048 WPRO_41_2001 - ok
23:33:07.0464 6048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:33:07.0490 6048 ws2ifsl - ok
23:33:07.0493 6048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:33:07.0511 6048 wscsvc - ok
23:33:07.0513 6048 WSearch - ok
23:33:07.0535 6048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:33:07.0573 6048 wuauserv - ok
23:33:07.0577 6048 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:33:07.0585 6048 WudfPf - ok
23:33:07.0589 6048 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:33:07.0599 6048 WUDFRd - ok
23:33:07.0602 6048 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:33:07.0611 6048 wudfsvc - ok
23:33:07.0615 6048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:33:07.0635 6048 WwanSvc - ok
23:33:07.0640 6048 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
23:33:07.0649 6048 xusb21 - ok
23:33:07.0651 6048 ================ Scan global ===============================
23:33:07.0654 6048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:33:07.0660 6048 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:33:07.0670 6048 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
23:33:07.0674 6048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:33:07.0682 6048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:33:07.0685 6048 [Global] - ok
23:33:07.0685 6048 ================ Scan MBR ==================================
23:33:07.0686 6048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:33:07.0748 6048 \Device\Harddisk0\DR0 - ok
23:33:07.0751 6048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:33:07.0830 6048 \Device\Harddisk1\DR1 - ok
23:33:07.0830 6048 ================ Scan VBR ==================================
23:33:07.0833 6048 [ 97AC2C4A26D36A156E8304C7570FF0CB ] \Device\Harddisk0\DR0\Partition1
23:33:07.0835 6048 \Device\Harddisk0\DR0\Partition1 - ok
23:33:07.0838 6048 [ 5AAA88AB628824A41CE22EF74988438E ] \Device\Harddisk1\DR1\Partition1
23:33:07.0839 6048 \Device\Harddisk1\DR1\Partition1 - ok
23:33:07.0842 6048 [ 364498D1CA6687530F9D79BE551E4E9D ] \Device\Harddisk1\DR1\Partition2
23:33:07.0844 6048 \Device\Harddisk1\DR1\Partition2 - ok
23:33:07.0844 6048 ============================================================
23:33:07.0844 6048 Scan finished
23:33:07.0844 6048 ============================================================
23:33:07.0852 6060 Detected object count: 3
23:33:07.0852 6060 Actual detected object count: 3
23:33:14.0185 6060 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:14.0185 6060 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:33:14.0187 6060 IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:14.0187 6060 IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:33:14.0188 6060 Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:14.0188 6060 Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
03.01.2013, 18:40
| #6 | |
| /// Malware-holic | ihavenet-Virus Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> ihavenet-Virus |
|
05.01.2013, 15:05
| #7 |
| | ihavenet-VirusCode:
ATTFilter ComboFix 13-01-05.01 - Stieg 05.01.2013 14:59:47.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3989.1125 [GMT 1:00]
ausgeführt von:: c:\users\Stieg\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stieg\AppData\Local\Temp\0f3afd08d2f9.tmp
c:\users\Stieg\AppData\Local\Temp\1412f802d327.tmp
c:\users\Stieg\AppData\Local\Temp\6665e795d1c9.tmp
c:\users\Stieg\AppData\Local\Temp\7a1ff232b2f2.tmp
c:\users\Stieg\AppData\Local\Temp\9955e2d76397.tmp
c:\users\Stieg\AppData\Local\Temp\c969dec8378a.tmp
c:\users\Stieg\AppData\Local\Temp\f0e3f4563b82.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-05 bis 2013-01-05 ))))))))))))))))))))))))))))))
.
.
2013-01-05 14:02 . 2013-01-05 14:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-23 02:16 . 2013-01-03 14:43 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2012-12-23 02:12 . 2012-12-23 02:19 -------- d-----w- C:\_OTL
2012-12-21 14:47 . 2012-12-21 14:47 -------- d-----w- c:\windows\ERUNT
2012-12-21 14:47 . 2012-12-21 14:47 -------- d-----w- C:\JRT
2012-12-21 02:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 02:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 02:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 02:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 23:24 . 2013-01-03 14:43 -------- d-----r- c:\users\Stieg\Dropbox
2012-12-20 23:22 . 2013-01-03 14:43 -------- d-----w- c:\users\Stieg\AppData\Roaming\Dropbox
2012-12-18 16:08 . 2012-12-18 16:08 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 16:08 . 2012-12-18 16:08 -------- d-----w- c:\program files\iTunes
2012-12-18 16:08 . 2012-12-18 16:08 -------- d-----w- c:\program files\iPod
2012-12-16 18:35 . 2012-12-16 18:35 -------- d-----w- c:\program files\CCleaner
2012-12-16 18:12 . 2012-12-16 18:12 -------- d-----w- c:\users\Stieg\AppData\Local\Diagnostics
2012-12-16 17:33 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-12-16 17:33 . 2012-08-23 13:47 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-12-16 17:33 . 2012-08-23 13:20 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-12-16 17:33 . 2012-08-23 11:20 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-12-16 17:33 . 2012-08-23 11:14 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-12-16 17:33 . 2012-08-23 10:54 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-12-16 17:33 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-12-16 17:33 . 2012-08-23 10:39 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-12-16 17:33 . 2012-08-23 10:22 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-12-16 17:33 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-12-16 17:33 . 2012-08-23 08:19 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-12-16 17:33 . 2012-08-23 08:13 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-12-16 17:29 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-16 17:29 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-12-16 17:29 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-12-16 17:29 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-16 17:29 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-16 17:29 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-16 17:29 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-12-16 17:29 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-12-16 17:29 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-12-16 17:28 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-12-16 17:28 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-12-16 16:59 . 2012-12-16 16:59 -------- d-----w- c:\users\Stieg\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-03 14:43 . 2012-09-21 14:43 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2012-12-12 02:00 . 2012-10-20 08:57 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 22:20 . 2012-09-29 10:43 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 22:20 . 2012-09-29 10:43 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 21:11 . 2012-09-29 17:14 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 21:11 . 2012-09-29 17:14 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-16 08:38 . 2012-11-28 07:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 07:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 07:37 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 01:22 . 2012-10-10 01:22 80384 ----a-w- c:\windows\system32\igdde64.dll
2012-10-10 01:22 . 2012-10-10 01:22 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-10-10 01:22 . 2012-10-10 01:22 216064 ----a-w- c:\windows\system32\iglhcp64.dll
2012-10-10 01:22 . 2012-10-10 01:22 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-10-10 01:22 . 2012-10-10 01:22 5903392 ----a-w- c:\windows\system32\GfxUI.exe
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-10-10 01:22 . 2012-10-10 01:22 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-10-10 01:22 . 2012-10-10 01:22 3776512 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-10-10 01:22 . 2012-10-10 01:22 10673664 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-10-10 01:22 . 2012-10-10 01:22 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-10-10 01:22 . 2012-10-10 01:22 501760 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-10-10 01:22 . 2012-10-10 01:22 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-10-10 01:22 . 2012-10-10 01:22 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-10-10 01:22 . 2012-10-10 01:22 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-10-10 01:22 . 2012-10-10 01:22 12836864 ----a-w- c:\windows\system32\igd10umd64.dll
2012-10-10 01:22 . 2012-03-19 20:17 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-10-10 01:22 . 2012-10-10 01:22 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-10-10 01:22 . 2012-10-10 01:22 12604416 ----a-w- c:\windows\system32\igdumd64.dll
2012-10-10 01:22 . 2012-10-10 01:22 441888 ----a-w- c:\windows\system32\igfxpers.exe
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-10-10 01:22 . 2012-10-10 01:22 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-10-10 01:22 . 2012-10-10 01:22 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-10-10 01:22 . 2012-10-10 01:22 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-10-10 01:22 . 2012-10-10 01:22 5343584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-10-10 01:22 . 2012-10-10 01:22 448512 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-10-10 01:22 . 2012-10-10 01:22 399392 ----a-w- c:\windows\system32\hkcmd.exe
2012-10-10 01:22 . 2012-10-10 01:22 272928 ----a-w- c:\windows\system32\igvpkrng600.bin
2012-10-10 01:22 . 2012-10-10 01:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-10-10 01:22 . 2012-10-10 01:22 116224 ----a-w- c:\windows\system32\igfxCoIn_v2867.dll
2012-10-10 01:22 . 2012-03-19 20:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-10-10 01:22 . 2012-03-19 20:17 441856 ----a-w- c:\windows\system32\igfxdev.dll
2012-10-10 01:22 . 2012-10-10 01:22 604160 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-10-10 01:22 . 2012-10-10 01:22 4571136 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-10-10 01:22 . 2012-10-10 01:22 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-10-10 01:22 . 2012-10-10 01:22 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-10-10 01:22 . 2012-10-10 01:22 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-10-10 01:22 . 2012-10-10 01:22 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-10-10 01:22 . 2012-10-10 01:22 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-10-10 01:22 . 2012-10-10 01:22 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-10-10 01:22 . 2012-10-10 01:22 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-10 01:22 . 2012-10-10 01:22 185376 ----a-w- c:\windows\system32\difx64.exe
2012-10-10 01:22 . 2012-10-10 01:22 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-10-10 01:22 . 2012-10-10 01:22 12887040 ----a-w- c:\windows\system32\ig4icd64.dll
2012-10-10 01:22 . 2012-10-10 01:22 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-10-10 01:22 . 2012-10-10 01:22 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-10-10 01:22 . 2012-10-10 01:22 171040 ----a-w- c:\windows\system32\igfxtray.exe
2012-10-10 01:22 . 2012-10-10 01:22 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-10-10 01:22 . 2012-10-10 01:22 509984 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-10-10 01:22 . 2012-10-10 01:22 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-10-10 01:22 . 2012-10-10 01:22 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-10-10 01:22 . 2012-10-10 01:22 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-10-10 01:22 . 2012-10-10 01:22 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-10-10 01:22 . 2012-10-10 01:22 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-10-10 01:22 . 2012-10-10 01:22 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-10-10 01:22 . 2012-10-10 01:22 963452 ----a-w- c:\windows\system32\igcodeckrng600.bin
2012-10-10 01:22 . 2012-10-10 01:22 482304 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2012-10-10 01:22 . 2012-03-19 20:18 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-10-10 01:22 . 2012-10-10 01:22 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-10-10 01:22 . 2012-10-10 01:22 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-10-10 01:22 . 2012-10-10 01:22 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-10-10 01:22 . 2012-10-10 01:22 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-10-10 01:22 . 2012-10-10 01:22 252448 ----a-w- c:\windows\system32\igfxext.exe
2012-10-10 01:22 . 2012-10-10 01:22 11040256 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-10-10 01:22 . 2012-10-10 01:22 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-10-10 01:22 . 2012-10-10 01:22 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-10-10 01:22 . 2012-10-10 01:22 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-10-09 18:17 . 2012-11-14 16:31 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 16:31 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 16:31 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 16:31 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Stieg\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Stieg\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Stieg\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"GrooveMonitor"="g:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"iTunesHelper"="g:\programme\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Stieg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Stieg\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-07 121344]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 MBAMScheduler;MBAMScheduler;g:\programme\Malewarebytes\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;g:\programme\Malewarebytes\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2012-02-05 66336]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2013-01-03 34752]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-29 22:20]
.
2013-01-03 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2013-01-05 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Stieg\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Stieg\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Stieg\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Stieg\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Stieg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - g:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Stieg\AppData\Roaming\Mozilla\Firefox\Profiles\frd9w31o.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2012-11-08 20:18; dvscontextmenuy@dvdvideosoft.com; c:\program files (x86)\Common Files\DVDVideoSoft\Dll\FFContextMenuY
FF - ExtSQL: 2012-11-08 20:20; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Stieg\AppData\Roaming\Mozilla\Firefox\Profiles\frd9w31o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-VIRTU_MVP_AUTORUN - c:\program files (x86)\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-05 15:04:05
ComboFix-quarantined-files.txt 2013-01-05 14:04
.
Vor Suchlauf: 10 Verzeichnis(se), 19.259.502.592 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 19.136.581.632 Bytes frei
.
- - End Of File - - 2D03E132A05C5F75BE710617B5D3BA0C
|
|
05.01.2013, 15:17
| #8 |
| /// Malware-holic | ihavenet-Virus Hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 15:34
| #9 |
| | ihavenet-VirusCode:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.12.2012 6,00MB 11.5.502.135 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.12.2012 6,00MB 11.5.502.135 notwendig Adobe Reader XI - Deutsch Adobe Systems Incorporated 29.10.2012 128MB 11.0.00 notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 23.10.2012 26,3MB 8.0.891.0 notwendig Apple Application Support Apple Inc. 01.12.2012 65,0MB 2.3.2 notwendig Apple Mobile Device Support Apple Inc. 01.12.2012 25,1MB 6.0.1.3 notwendig Apple Software Update Apple Inc. 29.09.2012 2,38MB 2.1.3.127 notwendig Asmedia ASM106x SATA Host Controller Driver Asmedia Technology 21.09.2012 96,0KB 1.3.1.000 unbekannt (ggf. Xbox Controller) ASRock App Charger v1.0.5 ASRock Inc. 21.09.2012 1,32MB unbekannt Avira Free Antivirus Avira 11.12.2012 122MB 13.0.0.2890 notwendig Bonjour Apple Inc. 29.09.2012 2,00MB 3.0.0.10 unbekannt BurnInTest v7.0 Standard Passmark Software 02.10.2012 17,3MB 7.0 unnötig CCleaner Piriform 25.11.2012 3.25 notwendig Dropbox Dropbox, Inc. 01.01.2013 1.6.11 notwendig FIFA 13 Electronic Arts 29.09.2012 5,26GB 1.0.0.0 notwendig Free YouTube to MP3 Converter version 3.11.35.1031 DVDVideoSoft Ltd. 08.11.2012 61,9MB 3.11.35.1031 notwendig Harveys Neue Augen Daedalic Entertainment 14.10.2012 1.1 notwendig iCloud Apple Inc. 18.12.2012 81,8MB 2.1.0.39 notwendig Intel(R) Control Center Intel Corporation 21.09.2012 1.2.1.1007 unbekannt Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 21.09.2012 54,8MB 1.0.0.35342 unbekannt Intel(R) Management Engine Components Intel Corporation 21.09.2012 8.0.2.1410 unbekannt Intel(R) Processor Graphics Intel Corporation 16.12.2012 9.17.10.2867 unbekannt Intel(R) Rapid Storage Technology Intel Corporation 21.09.2012 11.0.0.1032 unbekannt Intel(R) Smart Connect Technology 2.0 x64 Intel 21.09.2012 6,03MB 2.0.1083.0 unbekannt Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 26.01.2012 1.0.3.214 unbekannt Intel® Trusted Connect Service Client Intel Corporation 21.09.2012 10,6MB 1.23.605.1 unbekannt iTunes Apple Inc. 18.12.2012 189MB 11.0.1.12 notwendig Java 7 Update 9 Oracle 29.09.2012 128MB 7.0.90 notwendig Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 20.10.2012 19,4MB 1.65.1.1000 notwendig Metin2 Gameforge 4D GmbH 02.12.2012 874MB notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 29.09.2012 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 29.09.2012 2,93MB 4.0.30319 unbekannt Microsoft Office Enterprise 2007 Microsoft Corporation 11.11.2012 12.0.6612.1000 unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 25.11.2012 7,95MB 14.0.5130.5003 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 23.11.2012 508KB 2.0.4024.1 unbekannt Microsoft Silverlight Microsoft Corporation 10.11.2012 50,6MB 5.1.10411.0 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 29.09.2012 788KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 11.11.2012 786KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 01.12.2012 13,7MB 10.0.30319 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 11.11.2012 12,2MB 10.0.40219 unbekannt Mozilla Firefox 17.0.1 (x86 de) Mozilla 05.12.2012 41,0MB 17.0.1 notwendig Mozilla Maintenance Service Mozilla 05.12.2012 329KB 17.0.1 unbekannt Origin Electronic Arts, Inc. 29.09.2012 9.0.10.69 notwendig Realtek Ethernet Controller Driver Realtek 21.09.2012 7.48.823.2011 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 21.09.2012 6.0.1.6482 notwendig System Requirements Lab for Intel Husdawg, LLC 29.09.2012 1,11MB 4.5.9.0 unbekannt TeamSpeak 3 Client TeamSpeak Systems GmbH 29.09.2012 3.0.6 notwendig TmNationsForever Nadeo 11.11.2012 notwendig Uninstall 1.0.0.1 08.11.2012 unbekannt VIRTU MVP 2.1.110 Lucidlogix Technologies LTD 21.09.2012 17,4MB 2.1.110 unbekannt VLC media player 2.0.4 VideoLAN 15.11.2012 2.0.4 notwendig |
|
05.01.2013, 15:44
| #10 |
| /// Malware-holic | ihavenet-Virus deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: BurnInTest Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 19:58
| #11 |
| | ihavenet-VirusCode:
ATTFilter # AdwCleaner v2.104 - Datei am 05/01/2013 um 19:57:45 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Stieg - PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stieg\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Stieg\AppData\Roaming\Mozilla\Firefox\Profiles\frd9w31o.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [912 octets] - [16/12/2012 18:09:37]
AdwCleaner[R2].txt - [776 octets] - [05/01/2013 19:57:45]
AdwCleaner[S1].txt - [973 octets] - [21/12/2012 15:45:32]
########## EOF - C:\AdwCleaner[R2].txt - [894 octets] ##########
AdwCleaner[R1] Code:
ATTFilter # AdwCleaner v2.100 - Datei am 16/12/2012 um 18:09:37 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Stieg - PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stieg\Desktop\AdwCleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Softonic
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\Stieg\AppData\Roaming\Mozilla\Firefox\Profiles\frd9w31o.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [785 octets] - [16/12/2012 18:09:37]
########## EOF - C:\AdwCleaner[R1].txt - [844 octets] ##########
|
|
06.01.2013, 18:35
| #12 |
| /// Malware-holic | ihavenet-Virus Hi teste bitte, wie der PC + Programme laufen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.01.2013, 17:53
| #13 |
| | ihavenet-Virus Hey, hat jetzt ein paar mehr Tage gedauert, aber ich war mir nie sicher, ob es ganz weg ist. Leider werden irgendwie noch öfter Spammails von meinen Freenet.de Account (trotz Änderung des Passworts). Heute hat sich dann sogar jemand aus Kiew (stand da) in meinen Facebook Account eingeloggt. Kann also leider noch nicht ganz behoben sein  |
|
29.01.2013, 15:52
| #14 |
| /// Malware-holic | ihavenet-Virus und warum berichtest du erst jetzt von spam von deinen accounts wenn es den schon früher gab? wir setzen neu auf und sichern dann ab: 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu ihavenet-Virus |
| adobe, antivir, autorun, avg, avira, bho, bonjour, converter, entfernen, firefox, flash player, format, home, langsam, logfile, mozilla, mp3, object, plug-in, realtek, registry, security, senden, software, usb, usb 3.0, windows |
Linear-Darstellung
