Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Virus

Virus


Log-Analyse und Auswertung: Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 24.02.2013, 16:48   #1
dasthat
 
Virus - Standard

Virus


Hallo leute ,

ich habe mir etwas eingefangen . mein pc startete nicht und blieb hängen , sodass ich eine systemwiederhersttellung von windows ausführte !

hier der mbam log :

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.17.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dustin :: DUSTIN-PC [Administrator]

24.02.2013 15:31:08
mbam-log-2013-02-24 (15-31-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 350187
Laufzeit: 36 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Audio Recorder for Free\freesoundeditor.exe (Trojan.FakeRP) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
anfür sich funktioniert nahezu alles wieder auser mein wlan stick der sich nicht mehr mit demrouter verbinden kann .

Zudem gibt es noch ein merkwürdiges PRogramm namens Yontoo in miner programmliste

zudem kann ich keine dateien runterladen , bzw. beim versuch sie zu speichern kommt es zur fehlermelduung

xy konnte nciht gespeichert werden , weil die Quelldatei nicht gelesen werden konnte !

Alt 24.02.2013, 19:34   #2
markusg
/// Malware-holic
 
Virus - Standard

Virus


Hi
hast du mal versucht, den Speicherort zu ändern?
__________________

__________________
Alt 24.02.2013, 19:40   #3
dasthat
 
Virus - Standard

Virus


Mmh ich denke dieses ist ein andeeres problem , eher im netzwerk , da es bei anderen pc/meinem smartphone ebenfalls bei downloads scheitert

Somit beschraenkt sich das problem auf mein OS / welches bioutte nocheinmal hinreichend überprüft werden sollte
__________________
Alt 25.02.2013, 18:13   #4
markusg
/// Malware-holic
 
Virus - Standard

Virus


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.02.2013, 22:48   #5
dasthat
 
Virus - Standard

Virus


Code:
ATTFilter
OTL logfile created on: 25.02.2013 22:30:03 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dustin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,37 Gb Available Physical Memory | 79,98% Memory free
15,92 Gb Paging File | 14,22 Gb Available in Paging File | 89,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,29 Gb Total Space | 687,48 Gb Free Space | 73,82% Space Free | Partition Type: NTFS
Drive D: | 111,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: DUSTIN-PC | User Name: Dustin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.24 16:26:59 | 007,325,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
PRC - [2013.01.21 23:10:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.21 09:40:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dustin\Downloads\OTL.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2012.07.02 16:12:42 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.07.02 16:12:40 | 000,975,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2011.03.14 15:25:48 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.16 22:40:30 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.01.14 23:24:27 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.09 23:50:13 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.01.09 23:50:04 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.01.09 23:50:00 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.01.09 23:49:58 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.09 23:49:58 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.01.09 23:49:56 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.09 23:49:56 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.01.09 23:49:52 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.12.11 08:44:52 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV - [2013.02.15 10:50:11 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.07 20:51:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.21 23:10:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.01.11 17:35:48 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Disabled | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012.10.28 11:35:48 | 000,529,744 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.08.13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.15 15:54:00 | 004,340,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.03.14 15:25:48 | 000,451,936 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2011.03.14 15:25:48 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011.03.14 15:20:16 | 000,619,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe -- (TpMediaServer)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.09.04 09:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 11:12:08 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.27 10:39:33 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.27 10:39:33 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.06 09:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.01.06 09:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.08.11 23:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.06.02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.06.02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.06.02 06:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011.06.02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.03.14 15:25:18 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.12.11 09:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.12.11 07:51:08 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://rautemusik-club.radio.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..network.proxy.ftp: "213.197.182.78"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "213.197.182.78"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "213.197.182.78"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "213.197.182.78"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.23 19:32:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.25 17:57:17 | 000,000,000 | ---D | M]
 
[2012.08.22 17:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\Extensions
[2013.02.21 00:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\4a9djrri.default\extensions
[2013.02.23 19:05:48 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\4a9djrri.default\extensions\sparpilot@sparpilot.com
[2013.02.14 16:32:15 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\firefox\profiles\4a9djrri.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.23 19:30:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.23 19:32:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.07 20:51:03 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 12:31:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - Extension: Skype Click to Call = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: AVG Do Not Track = C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
 
O1 HOSTS File: ([2012.12.21 15:12:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Spotify] C:\Users\Dustin\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Dustin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Need for Speed™ Undercover-Registrierung.lnk =  File not found
O4 - Startup: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4055A85-66C9-4D70-9120-E0A443B8C953}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011.02.14 16:15:37 | 000,385,024 | R--- | M] (TP-LINK TECHNOLOGIES CO., LTD.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.02.14 16:15:38 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.25 18:51:12 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Desktop\Neuer Ordner (3)
[2013.02.25 18:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2013.02.25 18:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2013.02.25 18:15:04 | 001,547,616 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2013.02.25 18:15:04 | 000,327,008 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2013.02.25 18:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013.02.25 18:14:36 | 002,399,584 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll
[2013.02.25 18:14:36 | 001,607,008 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll
[2013.02.25 18:14:36 | 001,112,928 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll
[2013.02.25 18:14:36 | 001,112,928 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll
[2013.02.25 18:14:36 | 000,128,864 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll
[2013.02.25 18:14:36 | 000,128,864 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll
[2013.02.25 18:14:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RaLanguages
[2013.02.25 18:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK
[2013.02.24 16:55:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013.02.24 16:54:54 | 000,000,000 | ---D | C] -- C:\inetpub
[2013.02.24 16:54:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013.02.23 19:57:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.02.22 13:19:53 | 000,000,000 | ---D | C] -- C:\416d886bbb846752c65e
[2013.02.21 00:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2013.02.21 00:06:51 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Temp7c4a35cf67d83ab210af389844429258
[2013.02.20 23:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital Image Tool 2.0
[2013.02.20 21:47:50 | 000,000,000 | -H-D | C] -- C:\Users\Dustin\Desktop\.picasaoriginals
[2013.02.07 20:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.04 22:06:12 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Awesomium
[2013.02.04 22:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2013.02.04 22:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2013.02.04 22:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2013.02.02 21:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.02 21:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.30 16:09:49 | 000,000,000 | ---D | C] -- C:\Users\Dustin\Documents\FUSSBALL MANAGER 13
[2013.01.30 15:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUSSBALL MANAGER 13
[2013.01.30 15:43:39 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.01.30 14:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.01.30 14:08:11 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Local\Origin
[2013.01.30 14:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.01.30 13:49:55 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Origin
[2013.01.30 13:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.01.30 13:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.25 22:28:15 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.25 22:28:15 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.25 22:25:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.25 22:25:29 | 2117,570,559 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.25 18:50:53 | 000,038,919 | ---- | M] () -- C:\Users\Dustin\Desktop\X15-65741.iso.y053jwt.partial
[2013.02.25 18:15:47 | 000,001,995 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Client Utility.lnk
[2013.02.25 18:15:47 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\TP-LINK Wireless Client Utility.lnk
[2013.02.25 18:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.25 18:09:36 | 001,768,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.25 18:09:36 | 000,759,860 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.25 18:09:36 | 000,703,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.25 18:09:36 | 000,169,478 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.25 18:09:36 | 000,137,918 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.24 16:56:06 | 001,653,284 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.19 11:31:41 | 000,001,509 | ---- | M] () -- C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Need for Speed™ Undercover-Registrierung.lnk
[2013.02.14 19:15:02 | 000,294,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.04 22:05:48 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2013.02.04 22:05:47 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk
[2013.02.02 21:01:02 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.30 16:08:32 | 000,001,220 | ---- | M] () -- C:\Users\Public\Desktop\FUSSBALL MANAGER 13.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.25 18:44:59 | 000,038,919 | ---- | C] () -- C:\Users\Dustin\Desktop\X15-65741.iso.y053jwt.partial
[2013.02.25 18:15:47 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Client Utility.lnk
[2013.02.25 18:15:47 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\TP-LINK Wireless Client Utility.lnk
[2013.02.25 18:15:04 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2013.02.25 18:15:04 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2013.02.25 18:14:36 | 000,000,452 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2013.02.25 18:14:36 | 000,000,452 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.ini
[2013.02.25 18:14:34 | 000,792,416 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.dll
[2013.02.25 18:14:33 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2013.02.24 16:56:03 | 001,653,284 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.23 19:58:17 | 000,001,235 | ---- | C] () -- C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.02.04 22:05:48 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2013.02.04 22:05:47 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk
[2013.01.30 15:43:42 | 000,001,220 | ---- | C] () -- C:\Users\Public\Desktop\FUSSBALL MANAGER 13.lnk
[2013.01.21 23:10:17 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.21 23:10:16 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.21 14:33:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.21 14:33:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.21 14:33:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.21 14:33:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.21 14:33:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.21 09:35:03 | 000,000,000 | ---- | C] () -- C:\Users\Dustin\defogger_reenable
[2012.08.30 12:18:43 | 000,000,450 | ---- | C] () -- C:\Program Files (x86)\release
[2012.08.30 12:18:18 | 000,003,409 | ---- | C] () -- C:\Program Files (x86)\COPYRIGHT
[2012.08.30 12:18:18 | 000,000,983 | ---- | C] () -- C:\Program Files (x86)\Welcome.html
[2012.08.30 12:18:18 | 000,000,041 | ---- | C] () -- C:\Program Files (x86)\LICENSE
[2012.07.03 08:42:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.03 08:40:07 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.10 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Audio Recorder for Free
[2013.02.23 19:32:31 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\AVG2013
[2013.02.04 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Awesomium
[2013.02.23 19:31:24 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\DAEMON Tools Lite
[2013.02.25 17:42:39 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\ICQ
[2012.07.22 13:21:39 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\ICQ Search
[2013.01.21 23:19:10 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Leadertech
[2012.07.03 11:34:23 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\LolClient
[2013.02.23 19:31:25 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\OpenOffice.org
[2013.01.30 14:37:27 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Origin
[2013.02.23 19:31:26 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\PunkBuster
[2012.07.27 10:05:08 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Samsung
[2013.02.25 22:27:57 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\Spotify
[2012.12.21 18:31:35 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\TS3Client
[2012.10.26 13:56:51 | 000,000,000 | ---D | M] -- C:\Users\Dustin\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.08 22:34:56 | 000,000,000 | ---D | M] -- C:\$AVG
[2013.02.23 19:30:46 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2013.02.22 13:20:26 | 000,000,000 | ---D | M] -- C:\416d886bbb846752c65e
[2013.02.25 18:15:04 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.07.02 22:24:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.02.24 16:54:54 | 000,000,000 | ---D | M] -- C:\inetpub
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.23 19:47:39 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.25 18:14:46 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.25 18:15:55 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012.07.02 22:24:14 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.02.23 19:31:09 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012.07.02 22:24:16 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.07.03 07:45:05 | 000,000,000 | ---D | M] -- C:\Riot Games
[2013.02.25 22:31:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.08.16 20:55:42 | 000,000,000 | ---D | M] -- C:\Temp
[2012.07.02 22:24:21 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.25 17:40:17 | 000,000,000 | ---D | M] -- C:\Windows
[2012.12.21 12:59:15 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU(97).TXT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.12.21 20:45:43 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.12.21 09:35:03 | 000,000,000 | ---- | M] () -- C:\Users\Dustin\defogger_reenable
[2013.02.25 22:34:37 | 001,835,008 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat
[2013.02.25 22:34:37 | 000,262,144 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat.LOG1
[2012.07.02 22:24:21 | 000,000,000 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat.LOG2
[2012.07.02 22:29:35 | 000,065,536 | -HS- | M] () -- C:\Users\Dustin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.07.02 22:29:35 | 000,524,288 | -HS- | M] () -- C:\Users\Dustin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.07.02 22:29:35 | 000,524,288 | -HS- | M] () -- C:\Users\Dustin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013.02.23 19:38:35 | 000,065,536 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat{0a8d6e2c-7de5-11e2-94b5-0219020d8135}.TM.blf
[2013.02.23 19:38:35 | 000,524,288 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat{0a8d6e2c-7de5-11e2-94b5-0219020d8135}.TMContainer00000000000000000001.regtrans-ms
[2013.02.23 19:38:35 | 000,524,288 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat{0a8d6e2c-7de5-11e2-94b5-0219020d8135}.TMContainer00000000000000000002.regtrans-ms
[2013.01.16 15:27:50 | 000,065,536 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat{4c3b510c-5fe7-11e2-b2cb-0219020d8135}.TM.blf
[2013.01.16 15:27:50 | 000,524,288 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat{4c3b510c-5fe7-11e2-b2cb-0219020d8135}.TMContainer00000000000000000001.regtrans-ms
[2013.01.16 15:27:50 | 000,524,288 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat{4c3b510c-5fe7-11e2-b2cb-0219020d8135}.TMContainer00000000000000000002.regtrans-ms
[2013.02.23 19:29:23 | 000,065,536 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat{bfed2c8c-7de3-11e2-94b5-0219020d8135}.TM.blf
[2013.02.23 19:29:23 | 000,524,288 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat{bfed2c8c-7de3-11e2-94b5-0219020d8135}.TMContainer00000000000000000001.regtrans-ms
[2013.02.23 19:29:23 | 000,524,288 | -HS- | M] () -- C:\Users\Dustin\ntuser.dat{bfed2c8c-7de3-11e2-94b5-0219020d8135}.TMContainer00000000000000000002.regtrans-ms
[2012.07.02 22:24:21 | 000,000,020 | -HS- | M] () -- C:\Users\Dustin\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
allerdings sehe ich keinen extra.txt


Alt 25.02.2013, 22:59   #6
markusg
/// Malware-holic
 
Virus - Standard

Virus


hi,
otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
:files
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - Startup: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Need for Speed™ Undercover-Registrierung.lnk =  File not found
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> Virus

Alt 26.02.2013, 11:53   #7
dasthat
 
Virus - Standard

Virus


Code:
ATTFilter
All processes killed
========== OTL ==========
========== FILES ==========
File\Folder O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. not found.
File\Folder O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL File not found not found.
File\Folder O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. not found.
File\Folder O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found not found.
File\Folder O4 - Startup: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Need for Speed™ Undercover-Registrierung.lnk =  File not found not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dustin
->Temp folder emptied: 10736941 bytes
->Temporary Internet Files folder emptied: 8163989 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27588712 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 997 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49866 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 73917121 bytes
 
Total Files Cleaned = 115,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02262013_114920

Files\Folders moved on Reboot...
C:\Users\Dustin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 26.02.2013, 16:00   #8
markusg
/// Malware-holic
 
Virus - Standard

Virus


Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2013, 17:23   #9
dasthat
 
Virus - Standard

Virus


Code:
ATTFilter
17:19:48.0833 1756  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:19:48.0833 1756  UEFI system
17:19:49.0005 1756  ============================================================
17:19:49.0005 1756  Current date / time: 2013/02/26 17:19:49.0005
17:19:49.0005 1756  SystemInfo:
17:19:49.0005 1756  
17:19:49.0005 1756  OS Version: 6.1.7601 ServicePack: 1.0
17:19:49.0005 1756  Product type: Workstation
17:19:49.0005 1756  ComputerName: DUSTIN-PC
17:19:49.0005 1756  UserName: Dustin
17:19:49.0005 1756  Windows directory: C:\Windows
17:19:49.0005 1756  System windows directory: C:\Windows
17:19:49.0005 1756  Running under WOW64
17:19:49.0005 1756  Processor architecture: Intel x64
17:19:49.0005 1756  Number of processors: 4
17:19:49.0005 1756  Page size: 0x1000
17:19:49.0005 1756  Boot type: Normal boot
17:19:49.0005 1756  ============================================================
17:19:57.0866 1756  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:19:57.0881 1756  ============================================================
17:19:57.0881 1756  \Device\Harddisk0\DR0:
17:19:57.0897 1756  GPT partitions:
17:19:57.0897 1756  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {6A4DBCE5-F91A-4725-BE1E-D55C41656AE7}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
17:19:57.0897 1756  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {4B04E50A-4140-41DD-852E-2D16CE32A6D1}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
17:19:57.0897 1756  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DDBF5510-21A0-4BB1-95A7-9562B682FBC6}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x74694000
17:19:57.0897 1756  MBR partitions:
17:19:57.0897 1756  ============================================================
17:19:58.0022 1756  C: <-> \Device\Harddisk0\DR0\Partition3
17:19:58.0022 1756  ============================================================
17:19:58.0022 1756  Initialize success
17:19:58.0022 1756  ============================================================
17:20:22.0312 1852  ============================================================
17:20:22.0312 1852  Scan started
17:20:22.0312 1852  Mode: Manual; SigCheck; TDLFS; 
17:20:22.0312 1852  ============================================================
17:20:24.0059 1852  ================ Scan system memory ========================
17:20:24.0059 1852  System memory - ok
17:20:24.0059 1852  ================ Scan services =============================
17:20:24.0293 1852  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:20:24.0418 1852  1394ohci - ok
17:20:24.0480 1852  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:20:24.0512 1852  ACPI - ok
17:20:24.0512 1852  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:20:24.0590 1852  AcpiPmi - ok
17:20:24.0714 1852  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:20:24.0730 1852  AdobeARMservice - ok
17:20:25.0026 1852  [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:20:25.0073 1852  AdobeFlashPlayerUpdateSvc - ok
17:20:25.0151 1852  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:20:25.0182 1852  adp94xx - ok
17:20:25.0245 1852  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:20:25.0260 1852  adpahci - ok
17:20:25.0276 1852  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:20:25.0292 1852  adpu320 - ok
17:20:25.0307 1852  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:20:25.0448 1852  AeLookupSvc - ok
17:20:25.0510 1852  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:20:25.0619 1852  AFD - ok
17:20:25.0666 1852  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:20:25.0682 1852  agp440 - ok
17:20:25.0682 1852  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:20:25.0744 1852  ALG - ok
17:20:25.0760 1852  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:20:25.0775 1852  aliide - ok
17:20:25.0838 1852  [ E886A4DB908F4184BA24431A41AD76B7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:20:25.0884 1852  AMD External Events Utility - ok
17:20:25.0900 1852  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:20:25.0916 1852  amdide - ok
17:20:25.0947 1852  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:20:25.0994 1852  AmdK8 - ok
17:20:26.0150 1852  [ A497FF5AE4D0C93DA2CFB98E6A355C1F ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
17:20:26.0306 1852  amdkmdag - ok
17:20:26.0337 1852  [ 91B89BE832D436AF257B91666BC32C30 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:20:26.0384 1852  amdkmdap - ok
17:20:26.0415 1852  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:20:26.0446 1852  AmdPPM - ok
17:20:26.0493 1852  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:20:26.0508 1852  amdsata - ok
17:20:26.0540 1852  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:20:26.0555 1852  amdsbs - ok
17:20:26.0571 1852  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:20:26.0586 1852  amdxata - ok
17:20:26.0633 1852  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
17:20:26.0680 1852  androidusb - ok
17:20:26.0789 1852  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
17:20:26.0836 1852  AppHostSvc - ok
17:20:26.0914 1852  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:20:27.0039 1852  AppID - ok
17:20:27.0054 1852  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:20:27.0117 1852  AppIDSvc - ok
17:20:27.0164 1852  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:20:27.0210 1852  Appinfo - ok
17:20:27.0273 1852  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:20:27.0288 1852  arc - ok
17:20:27.0320 1852  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:20:27.0335 1852  arcsas - ok
17:20:27.0398 1852  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:20:27.0460 1852  AsyncMac - ok
17:20:27.0491 1852  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:20:27.0491 1852  atapi - ok
17:20:27.0616 1852  [ D481083348138B4933ACFE95812DB71C ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
17:20:27.0632 1852  AtiHdmiService - ok
17:20:27.0741 1852  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:20:27.0819 1852  AudioEndpointBuilder - ok
17:20:27.0866 1852  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:20:27.0912 1852  AudioSrv - ok
17:20:28.0022 1852  [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6a.sys
17:20:28.0037 1852  Avgfwfd - ok
17:20:28.0178 1852  [ 733D86815BEB34E2982BC7F561C35AE3 ] avgfws          C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
17:20:28.0209 1852  avgfws - ok
17:20:28.0646 1852  [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
17:20:28.0708 1852  AVGIDSAgent - ok
17:20:28.0770 1852  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:20:28.0786 1852  AVGIDSDriver - ok
17:20:28.0833 1852  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
17:20:28.0833 1852  AVGIDSHA - ok
17:20:28.0926 1852  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
17:20:28.0942 1852  Avgldx64 - ok
17:20:29.0020 1852  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
17:20:29.0051 1852  Avgloga - ok
17:20:29.0098 1852  [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
17:20:29.0129 1852  Avgmfx64 - ok
17:20:29.0145 1852  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
17:20:29.0160 1852  Avgrkx64 - ok
17:20:29.0192 1852  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
17:20:29.0207 1852  Avgtdia - ok
17:20:29.0254 1852  [ E964EA70249DDE1343C8F694B52575EE ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
17:20:29.0285 1852  avgtp - ok
17:20:29.0301 1852  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
17:20:29.0316 1852  avgwd - ok
17:20:29.0394 1852  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:20:29.0613 1852  AxInstSV - ok
17:20:29.0738 1852  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:20:29.0816 1852  b06bdrv - ok
17:20:29.0925 1852  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:20:29.0956 1852  b57nd60a - ok
17:20:30.0050 1852  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:20:30.0112 1852  BDESVC - ok
17:20:30.0112 1852  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:20:30.0174 1852  Beep - ok
17:20:30.0221 1852  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:20:30.0252 1852  BFE - ok
17:20:30.0377 1852  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
17:20:30.0455 1852  BITS - ok
17:20:30.0518 1852  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:20:30.0549 1852  blbdrive - ok
17:20:30.0627 1852  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:20:30.0705 1852  bowser - ok
17:20:30.0752 1852  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:20:31.0079 1852  BrFiltLo - ok
17:20:31.0095 1852  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:20:31.0110 1852  BrFiltUp - ok
17:20:31.0220 1852  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
17:20:31.0266 1852  BridgeMP - ok
17:20:31.0407 1852  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:20:31.0500 1852  Browser - ok
17:20:31.0547 1852  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:20:31.0703 1852  Brserid - ok
17:20:31.0719 1852  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:20:31.0766 1852  BrSerWdm - ok
17:20:31.0812 1852  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:20:31.0844 1852  BrUsbMdm - ok
17:20:31.0875 1852  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:20:31.0922 1852  BrUsbSer - ok
17:20:31.0953 1852  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:20:31.0984 1852  BTHMODEM - ok
17:20:32.0062 1852  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:20:32.0124 1852  bthserv - ok
17:20:32.0265 1852  catchme - ok
17:20:32.0312 1852  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:20:32.0374 1852  cdfs - ok
17:20:32.0483 1852  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:20:32.0561 1852  cdrom - ok
17:20:32.0639 1852  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:20:32.0702 1852  CertPropSvc - ok
17:20:32.0733 1852  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:20:32.0780 1852  circlass - ok
17:20:32.0858 1852  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:20:32.0904 1852  CLFS - ok
17:20:32.0998 1852  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:20:33.0029 1852  clr_optimization_v2.0.50727_32 - ok
17:20:33.0138 1852  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:20:33.0154 1852  clr_optimization_v2.0.50727_64 - ok
17:20:33.0357 1852  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:20:33.0388 1852  clr_optimization_v4.0.30319_32 - ok
17:20:33.0482 1852  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:20:33.0513 1852  clr_optimization_v4.0.30319_64 - ok
17:20:33.0575 1852  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:20:33.0591 1852  CmBatt - ok
17:20:33.0591 1852  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:20:33.0606 1852  cmdide - ok
17:20:33.0669 1852  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
17:20:33.0700 1852  CNG - ok
17:20:33.0700 1852  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:20:33.0716 1852  Compbatt - ok
17:20:33.0762 1852  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:20:33.0809 1852  CompositeBus - ok
17:20:33.0840 1852  COMSysApp - ok
17:20:33.0887 1852  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:20:33.0887 1852  crcdisk - ok
17:20:33.0981 1852  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:20:34.0028 1852  CryptSvc - ok
17:20:34.0106 1852  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:20:34.0168 1852  DcomLaunch - ok
17:20:34.0230 1852  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:20:34.0293 1852  defragsvc - ok
17:20:34.0324 1852  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:20:34.0386 1852  DfsC - ok
17:20:34.0480 1852  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:20:34.0558 1852  Dhcp - ok
17:20:34.0589 1852  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:20:34.0667 1852  discache - ok
17:20:34.0792 1852  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:20:34.0823 1852  Disk - ok
17:20:34.0870 1852  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:20:34.0964 1852  Dnscache - ok
17:20:35.0010 1852  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:20:35.0104 1852  dot3svc - ok
17:20:35.0135 1852  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:20:35.0198 1852  DPS - ok
17:20:35.0244 1852  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:20:35.0291 1852  drmkaud - ok
17:20:35.0369 1852  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:20:35.0385 1852  DXGKrnl - ok
17:20:35.0478 1852  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:20:35.0541 1852  EapHost - ok
17:20:35.0822 1852  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:20:35.0884 1852  ebdrv - ok
17:20:35.0915 1852  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:20:35.0993 1852  EFS - ok
17:20:36.0118 1852  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:20:36.0243 1852  ehRecvr - ok
17:20:36.0305 1852  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:20:36.0352 1852  ehSched - ok
17:20:36.0492 1852  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:20:36.0524 1852  elxstor - ok
17:20:36.0539 1852  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:20:36.0617 1852  ErrDev - ok
17:20:36.0680 1852  [ F4845B5EECA94D200F621BBAAF7946C1 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
17:20:36.0758 1852  EtronHub3 - ok
17:20:36.0789 1852  [ 4A5945B5CDCF8EC3F842AE8AAA146A1F ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
17:20:36.0820 1852  EtronXHCI - ok
17:20:36.0867 1852  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:20:36.0898 1852  EventSystem - ok
17:20:36.0960 1852  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:20:37.0023 1852  exfat - ok
17:20:37.0054 1852  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:20:37.0116 1852  fastfat - ok
17:20:37.0241 1852  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:20:37.0319 1852  Fax - ok
17:20:37.0335 1852  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:20:37.0366 1852  fdc - ok
17:20:37.0428 1852  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:20:37.0491 1852  fdPHost - ok
17:20:37.0506 1852  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:20:37.0569 1852  FDResPub - ok
17:20:37.0600 1852  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:20:37.0600 1852  FileInfo - ok
17:20:37.0616 1852  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:20:37.0725 1852  Filetrace - ok
17:20:37.0740 1852  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:20:37.0756 1852  flpydisk - ok
17:20:37.0803 1852  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:20:37.0818 1852  FltMgr - ok
17:20:37.0912 1852  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
17:20:37.0990 1852  FontCache - ok
17:20:38.0021 1852  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:20:38.0037 1852  FontCache3.0.0.0 - ok
17:20:38.0068 1852  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:20:38.0115 1852  FsDepends - ok
17:20:38.0177 1852  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:20:38.0193 1852  Fs_Rec - ok
17:20:38.0286 1852  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:20:38.0318 1852  fvevol - ok
17:20:38.0380 1852  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:20:38.0396 1852  gagp30kx - ok
17:20:38.0474 1852  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:20:38.0536 1852  gpsvc - ok
17:20:38.0583 1852  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:20:38.0645 1852  hcw85cir - ok
17:20:38.0754 1852  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:20:38.0786 1852  HdAudAddService - ok
17:20:38.0832 1852  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:20:38.0864 1852  HDAudBus - ok
17:20:38.0879 1852  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:20:38.0926 1852  HidBatt - ok
17:20:38.0957 1852  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:20:38.0988 1852  HidBth - ok
17:20:39.0004 1852  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:20:39.0020 1852  HidIr - ok
17:20:39.0035 1852  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
17:20:39.0098 1852  hidserv - ok
17:20:39.0191 1852  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:20:39.0222 1852  HidUsb - ok
17:20:39.0347 1852  [ D498AD244C51B2DD0639C8C75F68E2F4 ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
17:20:39.0503 1852  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
17:20:39.0503 1852  HiPatchService - detected UnsignedFile.Multi.Generic (1)
17:20:39.0581 1852  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:20:39.0690 1852  hkmsvc - ok
17:20:39.0753 1852  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:20:39.0800 1852  HomeGroupListener - ok
17:20:39.0846 1852  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:20:39.0878 1852  HomeGroupProvider - ok
17:20:39.0987 1852  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:20:40.0018 1852  HpSAMD - ok
17:20:40.0080 1852  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:20:40.0143 1852  HTTP - ok
17:20:40.0174 1852  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:20:40.0174 1852  hwpolicy - ok
17:20:40.0268 1852  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:20:40.0299 1852  i8042prt - ok
17:20:40.0377 1852  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:20:40.0408 1852  iaStorV - ok
17:20:40.0564 1852  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:20:40.0626 1852  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:20:40.0626 1852  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:20:40.0736 1852  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:20:40.0782 1852  idsvc - ok
17:20:40.0845 1852  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:20:40.0860 1852  iirsp - ok
17:20:40.0970 1852  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:20:41.0048 1852  IKEEXT - ok
17:20:41.0079 1852  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:20:41.0094 1852  intelide - ok
17:20:41.0141 1852  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:20:41.0172 1852  intelppm - ok
17:20:41.0219 1852  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:20:41.0297 1852  IPBusEnum - ok
17:20:41.0375 1852  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:20:41.0453 1852  IpFilterDriver - ok
17:20:41.0500 1852  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:20:41.0578 1852  iphlpsvc - ok
17:20:41.0594 1852  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:20:41.0625 1852  IPMIDRV - ok
17:20:41.0672 1852  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:20:41.0750 1852  IPNAT - ok
17:20:41.0781 1852  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:20:41.0937 1852  IRENUM - ok
17:20:41.0984 1852  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:20:41.0984 1852  isapnp - ok
17:20:42.0030 1852  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:20:42.0062 1852  iScsiPrt - ok
17:20:42.0140 1852  [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
17:20:42.0155 1852  iusb3hub - ok
17:20:42.0218 1852  [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
17:20:42.0249 1852  iusb3xhc - ok
17:20:42.0311 1852  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:20:42.0327 1852  kbdclass - ok
17:20:42.0389 1852  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:20:42.0405 1852  kbdhid - ok
17:20:42.0452 1852  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:20:42.0467 1852  KeyIso - ok
17:20:42.0514 1852  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:20:42.0530 1852  KSecDD - ok
17:20:42.0561 1852  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:20:42.0592 1852  KSecPkg - ok
17:20:42.0623 1852  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:20:42.0701 1852  ksthunk - ok
17:20:42.0717 1852  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:20:42.0764 1852  KtmRm - ok
17:20:42.0826 1852  [ B8040D3B97B16B89701E31A17353856C ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
17:20:42.0826 1852  L1C - ok
17:20:42.0873 1852  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
17:20:42.0935 1852  LanmanServer - ok
17:20:42.0998 1852  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:20:43.0060 1852  LanmanWorkstation - ok
17:20:43.0138 1852  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:20:43.0200 1852  lltdio - ok
17:20:43.0232 1852  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:20:43.0278 1852  lltdsvc - ok
17:20:43.0310 1852  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:20:43.0325 1852  lmhosts - ok
17:20:43.0419 1852  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:20:43.0434 1852  LSI_FC - ok
17:20:43.0466 1852  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:20:43.0481 1852  LSI_SAS - ok
17:20:43.0544 1852  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:20:43.0575 1852  LSI_SAS2 - ok
17:20:43.0606 1852  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:20:43.0622 1852  LSI_SCSI - ok
17:20:43.0668 1852  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:20:43.0715 1852  luafv - ok
17:20:43.0871 1852  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:20:43.0871 1852  MBAMProtector - ok
17:20:44.0012 1852  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:20:44.0027 1852  MBAMScheduler - ok
17:20:44.0136 1852  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:20:44.0168 1852  MBAMService - ok
17:20:44.0199 1852  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:20:44.0246 1852  Mcx2Svc - ok
17:20:44.0277 1852  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:20:44.0277 1852  megasas - ok
17:20:44.0402 1852  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:20:44.0417 1852  MegaSR - ok
17:20:44.0448 1852  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
17:20:44.0448 1852  MEIx64 - ok
17:20:44.0480 1852  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:20:44.0542 1852  MMCSS - ok
17:20:44.0542 1852  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:20:44.0620 1852  Modem - ok
17:20:44.0682 1852  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:20:44.0714 1852  monitor - ok
17:20:44.0760 1852  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:20:44.0776 1852  mouclass - ok
17:20:44.0807 1852  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:20:44.0854 1852  mouhid - ok
17:20:44.0932 1852  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:20:44.0948 1852  mountmgr - ok
17:20:45.0010 1852  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:20:45.0104 1852  MozillaMaintenance - ok
17:20:45.0119 1852  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:20:45.0150 1852  mpio - ok
17:20:45.0150 1852  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:20:45.0182 1852  mpsdrv - ok
17:20:45.0244 1852  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:20:45.0306 1852  MpsSvc - ok
17:20:45.0369 1852  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:20:45.0416 1852  MRxDAV - ok
17:20:45.0447 1852  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:20:45.0509 1852  mrxsmb - ok
17:20:45.0540 1852  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:20:45.0572 1852  mrxsmb10 - ok
17:20:45.0603 1852  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:20:45.0618 1852  mrxsmb20 - ok
17:20:45.0634 1852  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:20:45.0650 1852  msahci - ok
17:20:45.0681 1852  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:20:45.0696 1852  msdsm - ok
17:20:45.0712 1852  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:20:45.0743 1852  MSDTC - ok
17:20:45.0790 1852  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:20:45.0837 1852  Msfs - ok
17:20:45.0899 1852  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:20:45.0946 1852  mshidkmdf - ok
17:20:45.0977 1852  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:20:45.0977 1852  msisadrv - ok
17:20:45.0993 1852  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:20:46.0055 1852  MSiSCSI - ok
17:20:46.0055 1852  msiserver - ok
17:20:46.0102 1852  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:20:46.0164 1852  MSKSSRV - ok
17:20:46.0196 1852  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:20:46.0258 1852  MSPCLOCK - ok
17:20:46.0274 1852  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:20:46.0336 1852  MSPQM - ok
17:20:46.0398 1852  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:20:46.0430 1852  MsRPC - ok
17:20:46.0461 1852  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:20:46.0476 1852  mssmbios - ok
17:20:46.0492 1852  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:20:46.0570 1852  MSTEE - ok
17:20:46.0586 1852  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:20:46.0617 1852  MTConfig - ok
17:20:46.0648 1852  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:20:46.0664 1852  Mup - ok
17:20:46.0695 1852  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:20:46.0757 1852  napagent - ok
17:20:46.0835 1852  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:20:46.0866 1852  NativeWifiP - ok
17:20:47.0038 1852  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:20:47.0085 1852  NDIS - ok
17:20:47.0147 1852  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:20:47.0194 1852  NdisCap - ok
17:20:47.0256 1852  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:20:47.0319 1852  NdisTapi - ok
17:20:47.0381 1852  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:20:47.0444 1852  Ndisuio - ok
17:20:47.0459 1852  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:20:47.0522 1852  NdisWan - ok
17:20:47.0584 1852  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:20:47.0631 1852  NDProxy - ok
17:20:47.0646 1852  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:20:47.0709 1852  NetBIOS - ok
17:20:47.0771 1852  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:20:47.0834 1852  NetBT - ok
17:20:47.0896 1852  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:20:47.0912 1852  Netlogon - ok
17:20:47.0974 1852  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:20:48.0036 1852  Netman - ok
17:20:48.0083 1852  [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:48.0099 1852  NetMsmqActivator - ok
17:20:48.0130 1852  [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:48.0146 1852  NetPipeActivator - ok
17:20:48.0177 1852  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:20:48.0224 1852  netprofm - ok
17:20:48.0567 1852  [ 53D7442AA919C91D055DBD44635F32B1 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
17:20:48.0692 1852  netr28ux - ok
17:20:48.0723 1852  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:48.0738 1852  NetTcpActivator - ok
17:20:48.0738 1852  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:20:48.0754 1852  NetTcpPortSharing - ok
17:20:48.0832 1852  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:20:48.0848 1852  nfrd960 - ok
17:20:48.0910 1852  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:20:48.0957 1852  NlaSvc - ok
17:20:48.0972 1852  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:20:49.0035 1852  Npfs - ok
17:20:49.0113 1852  npggsvc - ok
17:20:49.0144 1852  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:20:49.0191 1852  nsi - ok
17:20:49.0206 1852  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:20:49.0284 1852  nsiproxy - ok
17:20:49.0503 1852  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:20:49.0565 1852  Ntfs - ok
17:20:49.0596 1852  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:20:49.0659 1852  Null - ok
17:20:49.0737 1852  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:20:49.0768 1852  nvraid - ok
17:20:49.0799 1852  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:20:49.0815 1852  nvstor - ok
17:20:49.0877 1852  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:20:49.0908 1852  nv_agp - ok
17:20:49.0940 1852  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:20:49.0986 1852  ohci1394 - ok
17:20:50.0033 1852  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:20:50.0080 1852  p2pimsvc - ok
17:20:50.0158 1852  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:20:50.0174 1852  p2psvc - ok
17:20:50.0205 1852  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:20:50.0220 1852  Parport - ok
17:20:50.0252 1852  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:20:50.0267 1852  partmgr - ok
17:20:50.0283 1852  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:20:50.0314 1852  PcaSvc - ok
17:20:50.0345 1852  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:20:50.0345 1852  pci - ok
17:20:50.0361 1852  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:20:50.0376 1852  pciide - ok
17:20:50.0392 1852  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:20:50.0408 1852  pcmcia - ok
17:20:50.0423 1852  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:20:50.0439 1852  pcw - ok
17:20:50.0626 1852  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:20:50.0704 1852  PEAUTH - ok
17:20:51.0188 1852  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:20:51.0234 1852  PerfHost - ok
17:20:51.0344 1852  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:20:51.0422 1852  pla - ok
17:20:51.0500 1852  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:20:51.0500 1852  PlugPlay - ok
17:20:51.0562 1852  PnkBstrA - ok
17:20:51.0578 1852  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:20:51.0640 1852  PNRPAutoReg - ok
17:20:51.0671 1852  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:20:51.0687 1852  PNRPsvc - ok
17:20:51.0796 1852  [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64         C:\Windows\system32\DRIVERS\point64.sys
17:20:51.0827 1852  Point64 - ok
17:20:51.0905 1852  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:20:51.0999 1852  PolicyAgent - ok
17:20:52.0046 1852  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:20:52.0092 1852  Power - ok
17:20:52.0124 1852  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:20:52.0202 1852  PptpMiniport - ok
17:20:52.0217 1852  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:20:52.0264 1852  Processor - ok
17:20:52.0326 1852  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:20:52.0358 1852  ProfSvc - ok
17:20:52.0389 1852  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:20:52.0389 1852  ProtectedStorage - ok
17:20:52.0498 1852  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:20:52.0560 1852  Psched - ok
17:20:52.0826 1852  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:20:52.0888 1852  ql2300 - ok
17:20:52.0935 1852  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:20:52.0966 1852  ql40xx - ok
17:20:53.0013 1852  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:20:53.0060 1852  QWAVE - ok
17:20:53.0091 1852  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:20:53.0153 1852  QWAVEdrv - ok
17:20:53.0372 1852  [ 3FC8252625F2574036777D2981F839EE ] RalinkRegistryWriter C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry.exe
17:20:53.0387 1852  RalinkRegistryWriter - ok
17:20:53.0528 1852  [ 3A6F58A249DF7466F9844F70499627F7 ] RalinkRegistryWriter64 C:\Program Files (x86)\TP-LINK\COMMON\RaRegistry64.exe
17:20:53.0559 1852  RalinkRegistryWriter64 - ok
17:20:53.0637 1852  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:20:53.0684 1852  RasAcd - ok
17:20:53.0699 1852  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:20:53.0730 1852  RasAgileVpn - ok
17:20:53.0762 1852  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:20:53.0824 1852  RasAuto - ok
17:20:53.0840 1852  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:20:53.0902 1852  Rasl2tp - ok
17:20:54.0011 1852  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:20:54.0105 1852  RasMan - ok
17:20:54.0136 1852  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:20:54.0214 1852  RasPppoe - ok
17:20:54.0214 1852  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:20:54.0276 1852  RasSstp - ok
17:20:54.0323 1852  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:20:54.0370 1852  rdbss - ok
17:20:54.0386 1852  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:20:54.0432 1852  rdpbus - ok
17:20:54.0448 1852  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:20:54.0495 1852  RDPCDD - ok
17:20:54.0557 1852  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:20:54.0604 1852  RDPENCDD - ok
17:20:54.0620 1852  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:20:54.0666 1852  RDPREFMP - ok
17:20:54.0854 1852  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:20:54.0885 1852  RdpVideoMiniport - ok
17:20:54.0947 1852  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:20:54.0994 1852  RDPWD - ok
17:20:55.0041 1852  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:20:55.0072 1852  rdyboost - ok
17:20:55.0103 1852  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:20:55.0181 1852  RemoteAccess - ok
17:20:55.0259 1852  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:20:55.0322 1852  RemoteRegistry - ok
17:20:55.0337 1852  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:20:55.0368 1852  RpcEptMapper - ok
17:20:55.0384 1852  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:20:55.0415 1852  RpcLocator - ok
17:20:55.0509 1852  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:20:55.0556 1852  RpcSs - ok
17:20:55.0587 1852  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:20:55.0634 1852  rspndr - ok
17:20:55.0649 1852  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:20:55.0649 1852  SamSs - ok
17:20:55.0680 1852  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:20:55.0712 1852  sbp2port - ok
17:20:55.0758 1852  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:20:55.0805 1852  SCardSvr - ok
17:20:55.0836 1852  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:20:55.0899 1852  scfilter - ok
17:20:56.0008 1852  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:20:56.0070 1852  Schedule - ok
17:20:56.0102 1852  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:20:56.0133 1852  SCPolicySvc - ok
17:20:56.0180 1852  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:20:56.0226 1852  SDRSVC - ok
17:20:56.0304 1852  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:20:56.0367 1852  secdrv - ok
17:20:56.0382 1852  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:20:56.0429 1852  seclogon - ok
17:20:56.0460 1852  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
17:20:56.0523 1852  SENS - ok
17:20:56.0538 1852  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:20:56.0570 1852  SensrSvc - ok
17:20:56.0601 1852  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:20:56.0648 1852  Serenum - ok
17:20:56.0710 1852  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:20:56.0741 1852  Serial - ok
17:20:56.0804 1852  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:20:56.0835 1852  sermouse - ok
17:20:56.0866 1852  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:20:56.0913 1852  SessionEnv - ok
17:20:56.0944 1852  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:20:56.0960 1852  sffdisk - ok
17:20:56.0975 1852  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:20:56.0991 1852  sffp_mmc - ok
17:20:57.0006 1852  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:20:57.0053 1852  sffp_sd - ok
17:20:57.0069 1852  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:20:57.0116 1852  sfloppy - ok
17:20:57.0162 1852  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:20:57.0240 1852  SharedAccess - ok
17:20:57.0272 1852  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:20:57.0318 1852  ShellHWDetection - ok
17:20:57.0365 1852  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:20:57.0396 1852  SiSRaid2 - ok
17:20:57.0412 1852  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:20:57.0443 1852  SiSRaid4 - ok
17:20:57.0864 1852  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:20:58.0286 1852  Skype C2C Service - ok
17:20:58.0442 1852  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:20:58.0769 1852  SkypeUpdate - ok
17:20:58.0816 1852  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:20:58.0878 1852  Smb - ok
17:20:58.0941 1852  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:20:58.0972 1852  SNMPTRAP - ok
17:20:58.0988 1852  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:20:59.0003 1852  spldr - ok
17:20:59.0097 1852  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:20:59.0144 1852  Spooler - ok
17:20:59.0612 1852  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:20:59.0752 1852  sppsvc - ok
17:20:59.0783 1852  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:20:59.0861 1852  sppuinotify - ok
17:20:59.0877 1852  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:20:59.0908 1852  srv - ok
17:20:59.0970 1852  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:21:00.0002 1852  srv2 - ok
17:21:00.0064 1852  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:21:00.0111 1852  srvnet - ok
17:21:00.0189 1852  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
17:21:00.0236 1852  ssadbus - ok
17:21:00.0298 1852  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
17:21:00.0314 1852  ssadmdfl - ok
17:21:00.0360 1852  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
17:21:00.0407 1852  ssadmdm - ok
17:21:00.0470 1852  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
17:21:00.0516 1852  ssadserd - ok
17:21:00.0610 1852  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:21:00.0704 1852  SSDPSRV - ok
17:21:00.0719 1852  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:21:00.0735 1852  SstpSvc - ok
17:21:00.0891 1852  Steam Client Service - ok
17:21:00.0938 1852  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:21:00.0953 1852  stexstor - ok
17:21:01.0047 1852  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:21:01.0109 1852  stisvc - ok
17:21:01.0140 1852  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:21:01.0156 1852  swenum - ok
17:21:01.0218 1852  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:21:01.0312 1852  swprv - ok
17:21:01.0437 1852  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:21:01.0546 1852  SysMain - ok
17:21:01.0577 1852  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:21:01.0624 1852  TabletInputService - ok
17:21:01.0733 1852  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:21:01.0842 1852  TapiSrv - ok
17:21:01.0874 1852  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:21:01.0920 1852  TBS - ok
17:21:02.0170 1852  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:21:02.0232 1852  Tcpip - ok
17:21:02.0357 1852  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:21:02.0404 1852  TCPIP6 - ok
17:21:02.0435 1852  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:21:02.0482 1852  tcpipreg - ok
17:21:02.0544 1852  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:21:02.0576 1852  TDPIPE - ok
17:21:02.0607 1852  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:21:02.0654 1852  TDTCP - ok
17:21:02.0700 1852  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:21:02.0732 1852  tdx - ok
17:21:02.0747 1852  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:21:02.0763 1852  TermDD - ok
17:21:02.0856 1852  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:21:02.0934 1852  TermService - ok
17:21:02.0981 1852  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:21:03.0012 1852  Themes - ok
17:21:03.0044 1852  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:21:03.0075 1852  THREADORDER - ok
17:21:03.0137 1852  [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr         C:\Windows\System32\tlntsvr.exe
17:21:03.0168 1852  TlntSvr - ok
17:21:03.0496 1852  [ 25F16B72A7CC494EAC01A90A44218456 ] TpMediaServer   C:\Program Files (x86)\TP-LINK\COMMON\RaMediaServer.exe
17:21:03.0527 1852  TpMediaServer - ok
17:21:03.0574 1852  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:21:03.0636 1852  TrkWks - ok
17:21:03.0699 1852  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:21:03.0761 1852  TrustedInstaller - ok
17:21:03.0792 1852  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:21:03.0824 1852  tssecsrv - ok
17:21:03.0933 1852  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:21:03.0964 1852  TsUsbFlt - ok
17:21:04.0058 1852  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:21:04.0120 1852  tunnel - ok
17:21:04.0151 1852  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:21:04.0167 1852  uagp35 - ok
17:21:04.0182 1852  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:21:04.0245 1852  udfs - ok
17:21:04.0292 1852  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:21:04.0338 1852  UI0Detect - ok
17:21:04.0401 1852  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:21:04.0416 1852  uliagpkx - ok
17:21:04.0448 1852  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:21:04.0479 1852  umbus - ok
17:21:04.0557 1852  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:21:04.0572 1852  UmPass - ok
17:21:04.0635 1852  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:21:04.0697 1852  upnphost - ok
17:21:04.0713 1852  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:21:04.0744 1852  usbccgp - ok
17:21:04.0775 1852  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:21:04.0822 1852  usbcir - ok
17:21:04.0838 1852  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:21:04.0869 1852  usbehci - ok
17:21:04.0978 1852  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:21:05.0025 1852  usbhub - ok
17:21:05.0056 1852  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:21:05.0103 1852  usbohci - ok
17:21:05.0134 1852  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:21:05.0165 1852  usbprint - ok
17:21:05.0181 1852  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:21:05.0228 1852  USBSTOR - ok
17:21:05.0243 1852  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:21:05.0290 1852  usbuhci - ok
17:21:05.0321 1852  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:21:05.0384 1852  UxSms - ok
17:21:05.0399 1852  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:21:05.0399 1852  VaultSvc - ok
17:21:05.0415 1852  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:21:05.0415 1852  vdrvroot - ok
17:21:05.0493 1852  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:21:05.0571 1852  vds - ok
17:21:05.0618 1852  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:21:05.0649 1852  vga - ok
17:21:05.0664 1852  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:21:05.0711 1852  VgaSave - ok
17:21:05.0758 1852  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:21:05.0789 1852  vhdmp - ok
17:21:05.0805 1852  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:21:05.0820 1852  viaide - ok
17:21:05.0867 1852  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:21:05.0883 1852  volmgr - ok
17:21:05.0914 1852  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:21:05.0945 1852  volmgrx - ok
17:21:05.0976 1852  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:21:05.0992 1852  volsnap - ok
17:21:06.0039 1852  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:21:06.0054 1852  vsmraid - ok
17:21:06.0132 1852  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:21:06.0210 1852  VSS - ok
17:21:06.0288 1852  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:21:06.0304 1852  vwifibus - ok
17:21:06.0351 1852  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:21:06.0429 1852  vwififlt - ok
17:21:06.0460 1852  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:21:06.0491 1852  vwifimp - ok
17:21:06.0600 1852  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:21:06.0663 1852  W32Time - ok
17:21:06.0881 1852  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
17:21:06.0928 1852  W3SVC - ok
17:21:06.0944 1852  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:21:06.0990 1852  WacomPen - ok
17:21:07.0053 1852  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:21:07.0131 1852  WANARP - ok
17:21:07.0162 1852  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:21:07.0193 1852  Wanarpv6 - ok
17:21:07.0302 1852  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
17:21:07.0318 1852  WAS - ok
17:21:07.0505 1852  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:21:07.0583 1852  wbengine - ok
17:21:07.0614 1852  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:21:07.0630 1852  WbioSrvc - ok
17:21:07.0646 1852  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:21:07.0661 1852  wcncsvc - ok
17:21:07.0677 1852  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:21:07.0677 1852  WcsPlugInService - ok
17:21:07.0692 1852  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:21:07.0692 1852  Wd - ok
17:21:07.0724 1852  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:21:07.0739 1852  Wdf01000 - ok
17:21:07.0755 1852  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:21:07.0817 1852  WdiServiceHost - ok
17:21:07.0817 1852  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:21:07.0833 1852  WdiSystemHost - ok
17:21:07.0880 1852  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:21:07.0911 1852  WebClient - ok
17:21:07.0942 1852  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:21:08.0004 1852  Wecsvc - ok
17:21:08.0020 1852  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:21:08.0051 1852  wercplsupport - ok
17:21:08.0114 1852  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:21:08.0145 1852  WerSvc - ok
17:21:08.0176 1852  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:21:08.0223 1852  WfpLwf - ok
17:21:08.0254 1852  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:21:08.0270 1852  WIMMount - ok
17:21:08.0270 1852  WinDefend - ok
17:21:08.0285 1852  WinHttpAutoProxySvc - ok
17:21:08.0332 1852  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:21:08.0379 1852  Winmgmt - ok
17:21:08.0426 1852  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:21:08.0472 1852  WinRM - ok
17:21:08.0535 1852  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:21:08.0566 1852  Wlansvc - ok
17:21:08.0613 1852  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:21:08.0644 1852  WmiAcpi - ok
17:21:08.0675 1852  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:21:08.0722 1852  wmiApSrv - ok
17:21:08.0784 1852  WMPNetworkSvc - ok
17:21:08.0784 1852  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:21:08.0800 1852  WPCSvc - ok
17:21:08.0862 1852  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:21:08.0878 1852  WPDBusEnum - ok
17:21:08.0909 1852  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:21:08.0972 1852  ws2ifsl - ok
17:21:08.0987 1852  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
17:21:09.0018 1852  wscsvc - ok
17:21:09.0018 1852  WSearch - ok
17:21:09.0096 1852  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:21:09.0174 1852  wuauserv - ok
17:21:09.0190 1852  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:21:09.0221 1852  WudfPf - ok
17:21:09.0252 1852  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:21:09.0299 1852  WUDFRd - ok
17:21:09.0330 1852  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:21:09.0346 1852  wudfsvc - ok
17:21:09.0362 1852  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:21:09.0377 1852  WwanSvc - ok
17:21:09.0393 1852  ================ Scan global ===============================
17:21:09.0424 1852  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:21:09.0455 1852  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:21:09.0471 1852  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:21:09.0518 1852  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:21:09.0533 1852  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:21:09.0533 1852  [Global] - ok
17:21:09.0533 1852  ================ Scan MBR ==================================
17:21:09.0549 1852  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
17:21:09.0752 1852  \Device\Harddisk0\DR0 - ok
17:21:09.0752 1852  ================ Scan VBR ==================================
17:21:09.0783 1852  [ 54ED33547CC659018B00F5002531AD76 ] \Device\Harddisk0\DR0\Partition1
17:21:09.0783 1852  \Device\Harddisk0\DR0\Partition1 - ok
17:21:09.0814 1852  [ 8ACA1D6651261D00377F09D39DE6554B ] \Device\Harddisk0\DR0\Partition2
17:21:09.0814 1852  \Device\Harddisk0\DR0\Partition2 - ok
17:21:09.0830 1852  [ 3059E20963AFA8B418CCBC82DAB956C9 ] \Device\Harddisk0\DR0\Partition3
17:21:09.0830 1852  \Device\Harddisk0\DR0\Partition3 - ok
17:21:09.0830 1852  ============================================================
17:21:09.0830 1852  Scan finished
17:21:09.0830 1852  ============================================================
17:21:09.0845 1020  Detected object count: 2
17:21:09.0845 1020  Actual detected object count: 2
17:21:21.0405 1020  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:21.0405 1020  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:21:21.0405 1020  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:21:21.0405 1020  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

wobei ich immer noch nicht von meinem firefox aus downloaden kann ,aber jetzt nach den schritten wieder vom inet explorer

Alt 26.02.2013, 20:46   #10
markusg
/// Malware-holic
 
Virus - Standard

Virus


Immer mit der Ruhe :-)
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2013, 23:18   #11
dasthat
 
Virus - Standard

Virus


mmh folgendes :

habe combofix ausgeführt auch alles deaktiviert... beim neustart hat sich avira eingeschlatet und nach 30 min wo es verscuht hat combofix zuzlassen habe ich es abgebrochen ... einfach nm machen ?

Alt 27.02.2013, 13:34   #12
markusg
/// Malware-holic
 
Virus - Standard

Virus


ich verstehe nur die Hälfte von dem was du da schreibst....
lies mal deine letzten Sätze und sag mir mal ob du die selbst verstehst :d
führe combofix noch mal aus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.03.2013, 15:25   #13
dasthat
 
Virus - Standard

Virus


Code:
ATTFilter
ComboFix 13-03-04.01 - Dustin 05.03.2013  11:44:00.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8154.6740 [GMT 1:00]
ausgeführt von:: F:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\ntuser.dat
c:\users\Dustin\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-05 bis 2013-03-05  ))))))))))))))))))))))))))))))
.
.
2013-03-05 10:47 . 2013-03-05 10:47	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-03-05 10:47 . 2013-03-05 10:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-25 17:59 . 2012-06-01 05:36	192000	----a-w-	c:\windows\system32\iisRtl.dll
2013-02-25 17:59 . 2012-06-01 05:34	55296	----a-w-	c:\windows\system32\admwprox.dll
2013-02-25 17:59 . 2012-06-01 04:37	154624	----a-w-	c:\windows\SysWow64\iisRtl.dll
2013-02-25 17:59 . 2012-06-01 05:39	14848	----a-w-	c:\windows\system32\wamregps.dll
2013-02-25 17:59 . 2012-06-01 05:36	11264	----a-w-	c:\windows\system32\iisrstap.dll
2013-02-25 17:59 . 2012-06-01 05:35	60928	----a-w-	c:\windows\system32\ahadmin.dll
2013-02-25 17:59 . 2012-06-01 05:33	16896	----a-w-	c:\windows\system32\iisreset.exe
2013-02-25 17:59 . 2012-06-01 04:40	10752	----a-w-	c:\windows\SysWow64\wamregps.dll
2013-02-25 17:59 . 2012-06-01 04:37	8192	----a-w-	c:\windows\SysWow64\iisrstap.dll
2013-02-25 17:59 . 2012-06-01 04:35	26624	----a-w-	c:\windows\SysWow64\ahadmin.dll
2013-02-25 17:59 . 2012-06-01 04:35	50688	----a-w-	c:\windows\SysWow64\admwprox.dll
2013-02-25 17:59 . 2012-06-01 04:34	15360	----a-w-	c:\windows\SysWow64\iisreset.exe
2013-02-25 17:15 . 2013-02-25 17:15	--------	d-----w-	c:\programdata\Ralink
2013-02-25 17:14 . 2013-02-25 17:15	--------	d-----w-	c:\program files (x86)\Cisco
2013-02-25 17:14 . 2013-02-25 17:14	--------	d-----w-	c:\windows\system32\RaLanguages
2013-02-25 17:14 . 2011-03-14 14:26	1607008	----a-w-	c:\windows\SysWow64\RaCertMgr.dll
2013-02-25 17:14 . 2011-03-14 14:26	2399584	----a-w-	c:\windows\system32\RaCertMgr.dll
2013-02-25 17:14 . 2011-03-14 14:26	128864	----a-w-	c:\windows\SysWow64\RAEXTUI.dll
2013-02-25 17:14 . 2011-03-14 14:26	128864	----a-w-	c:\windows\system32\RAEXTUI.dll
2013-02-25 17:14 . 2011-03-14 14:26	1112928	----a-w-	c:\windows\SysWow64\RAIHV.dll
2013-02-25 17:14 . 2011-03-14 14:26	1112928	----a-w-	c:\windows\system32\RAIHV.dll
2013-02-25 17:14 . 2011-03-14 14:26	792416	----a-w-	c:\windows\system32\DiagFunc.dll
2013-02-25 17:14 . 2011-03-14 14:26	792416	----a-w-	c:\windows\SysWow64\DiagFunc.dll
2013-02-25 17:14 . 2013-02-25 17:14	--------	d-----w-	c:\program files (x86)\TP-LINK
2013-02-24 15:55 . 2013-02-24 15:55	--------	d-----w-	c:\windows\SysWow64\BestPractices
2013-02-24 15:54 . 2013-02-24 15:54	--------	d-----w-	c:\windows\system32\BestPractices
2013-02-24 15:54 . 2013-02-24 15:54	--------	d-----w-	C:\inetpub
2013-02-23 18:34 . 2013-01-08 05:32	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E9F458C-A8D6-415E-B123-15C41518A968}\mpengine.dll
2013-02-22 12:19 . 2013-02-22 12:20	--------	d-----w-	C:\416d886bbb846752c65e
2013-02-20 23:06 . 2013-02-21 09:09	--------	d-----w-	c:\program files (x86)\Optimizer Pro
2013-02-20 23:06 . 2013-02-23 18:05	--------	d-----w-	c:\users\Dustin\AppData\Local\Temp7c4a35cf67d83ab210af389844429258
2013-02-20 22:53 . 2013-02-23 18:05	--------	d-----w-	c:\program files (x86)\Digital Image Tool 2.0
2013-02-14 17:51 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 17:51 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 17:49 . 2013-01-09 01:48	17812992	----a-w-	c:\windows\system32\mshtml.dll
2013-02-14 17:49 . 2013-01-09 01:22	10925568	----a-w-	c:\windows\system32\ieframe.dll
2013-02-07 11:42 . 2013-02-07 11:42	333856	----a-w-	c:\windows\system32\RaCoInstx.dll
2013-02-07 11:42 . 2013-02-07 11:42	2201120	----a-w-	c:\windows\system32\drivers\netr28ux.sys
2013-02-04 21:06 . 2013-02-04 21:06	--------	d-----w-	c:\users\Dustin\AppData\Roaming\Awesomium
2013-02-04 21:05 . 2013-02-23 18:31	--------	d-----w-	c:\programdata\Hi-Rez Studios
2013-02-04 21:05 . 2013-02-23 18:32	--------	d-----w-	c:\program files (x86)\Hi-Rez Studios
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 12:13 . 2012-12-21 19:45	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 12:13 . 2012-12-21 19:45	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-14 17:53 . 2012-07-03 06:42	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2012-11-28 17:49	273840	----a-w-	c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 15:32	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 08:26	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 08:26	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 08:26	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 08:26	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2012-12-21 15:14	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 20:58	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 20:58	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 20:58	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 20:58	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 20:58	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 20:58	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 20:58	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 20:58	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 20:58	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 20:58	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 20:58	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 20:58	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 20:58	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 20:58	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 20:58	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 20:58	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 20:58	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 20:58	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 20:58	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 20:58	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 20:58	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 20:58	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 20:58	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 20:58	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 20:58	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 20:58	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 20:58	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 20:58	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 20:58	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 20:58	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 20:58	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 20:58	51712	----a-w-	c:\windows\SysWow64\esrb.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
c:\progra~2\SEARCH~1\Datamngr\BROWSE~1.DLL [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-01-10 22:05	197920	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-26 1597864]
"Spotify Web Helper"="c:\users\Dustin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]
"Spotify"="c:\users\Dustin\AppData\Roaming\Spotify\Spotify.exe" [2012-10-27 7880664]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Need for Speed™ Undercover-Registrierung.lnk - c:\program files (x86)\EA Games\Need for Speed Undercover\Support\EAregister.exe [N/A]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Client Utility.lnk - c:\program files (x86)\TP-LINK\COMMON\TWCU.exe [2013-2-25 10918400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TpMediaServer;TpMediaServer;c:\program files (x86)\TP-LINK\COMMON\RaMediaServer.exe [2011-03-14 619872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-01-11 8704]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-21 31080]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\TP-LINK\COMMON\RaRegistry64.exe [2011-03-14 451936]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-01-06 59392]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-01-06 84608]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-21 12:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\4a9djrri.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://rautemusik-club.radio.de/
FF - prefs.js: network.proxy.ftp - 213.197.182.78
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 213.197.182.78
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 213.197.182.78
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 213.197.182.78
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-21 00:06; sparpilot@sparpilot.com; c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\4a9djrri.default\extensions\sparpilot@sparpilot.com
FF - user.js: extentions.y2layers.installId - 39e245d5-a732-4ab7-a298-264839b98b6a
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
AddRemove-TMACv6.0 - c:\program files (x86)\Technitium\TMACv6.0\Installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\TP-LINK\COMMON\RaRegistry.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-05  11:52:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-05 10:52
ComboFix2.txt  2012-12-21 14:18
.
Vor Suchlauf: 14 Verzeichnis(se), 741.958.053.888 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 741.877.780.480 Bytes frei
.
- - End Of File - - 09B5134296723A7252C510A2388EA518


soweit funzt einiges wieder , allerdings geht mein wlan noch nciht

für firefox habe ich adminrechte zulassen müssen , da ich sonst keinen internet zugriff haben würde

Alt 05.03.2013, 17:02   #14
markusg
/// Malware-holic
 
Virus - Standard

Virus


Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.03.2013, 15:29   #15
dasthat
 
Virus - Standard

Virus


Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171 notwendig
Adobe Reader XI (11.0.02) - Deutsch Adobe Systems Incorporated 24.02.2013 132MB 11.0.02 notwendig
ATI Catalyst Install Manager ATI Technologies, Inc. 03.07.2012 22,1MB 3.0.758.0 unbekannt
CCleaner Piriform 25.11.2012 3.25 notwendig
Cisco EAP-FAST Module Cisco Systems, Inc. 25.02.2013 1,55MB 2.2.14 unbekannt
Cisco LEAP Module Cisco Systems, Inc. 25.02.2013 644KB 1.0.19 unbekannt
Cisco PEAP Module Cisco Systems, Inc. 25.02.2013 1,23MB 1.1.6 unbekannt
FUSSBALL MANAGER 13 Electronic Arts 30.01.2013 6,41GB 1.0.2.0 notwendig
Hi-Rez Studios Authenticate and Update Service Hi-Rez Studios 04.02.2013 3.0.0.0 unnötig
ICQ7M ICQ 22.07.2012 7.8 unnötig
Java 7 Update 6 Oracle 30.08.2012 128MB 7.0.60 notwendig
League of Legends Riot Games 03.07.2012 1.3 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 08.01.2013 18,4MB 1.70.0.1100 noch notwendig ??
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.07.2012 38,8MB 4.0.30320 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.07.2012 2,93MB 4.0.30320 unbekannt
Microsoft Office Excel Viewer Microsoft Corporation 04.11.2012 71,0MB 12.0.6219.1000 unbekannt
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 05.09.2012 90,8MB 12.0.4518.1014 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23.07.2012 428KB 8.0.56336 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 03.07.2012 780KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 23.01.2013 788KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.07.2012 240KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 03.07.2012 596KB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 23.01.2013 600KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 30.01.2013 1,41MB 10.0.40219 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 26.10.2012 11,1MB 10.0.40219 unbekannt
Microsoft-Maus- und Tastatur-Center Microsoft Corporation 29.11.2012 2.0.162.0 unbekannt
Mozilla Firefox 19.0 (x86 de) Mozilla 27.02.2013 48,7MB 19.0 notwendig
Mozilla Maintenance Service Mozilla 27.02.2013 330KB 19.0 unbekannt
OpenOffice.org 3.4.1 Apache Software Foundation 23.01.2013 331MB 3.41.9593 notwenidg
Origin Electronic Arts, Inc. 30.01.2013 9.0.11.77 notwendig
Pando Media Booster Pando Networks Inc. 31.08.2012 5,46MB 2.6.0.8 notwendig
Realtek Ethernet Controller Driver Realtek 03.07.2012 7.49.927.2011 unbekannt ( denke lan/wlan also eher notwendig )
Skype Click to Call Skype Technologies S.A. 22.08.2012 29,2MB 6.2.10687 unnötig
Skype™ 6.1 Skype Technologies S.A. 02.02.2013 21,1MB 6.1.129 notwendig
Smite Hi-Rez Studios 05.02.2013 0.1.1328.1 unnötig
Spotify Spotify AB 27.10.2012 0.8.5.1333.g822e0de8 unnötig
StarCraft II Blizzard Entertainment 27.10.2012 1.5.3.23260 notwendig
Steam Valve 23.07.2012 42,1MB 1.0.0.0 notwendig
TeamSpeak 3 Client TeamSpeak Systems GmbH 31.08.2012 3.0.8.1 notwendig
Technitium MAC Address Changer v6.0.3 Technitium 31.08.2012 6.0.3 notwendig
TP-LINK Wireless Client Utility TP-LINK 25.02.2013 1.0.0.0 notwendig
Visual Studio 2008 x64 Redistributables AVG Technologies 03.07.2012 11,7MB 10.0.0.2 unbekannt
Visual Studio 2010 x64 Redistributables AVG Technologies 26.10.2012 12,4MB 13.0.0.1 unbekannt
Warcraft III Blizzard Entertainment 31.08.2012 notwendig
WinRAR 4.20 (32-Bit) win.rar GmbH 31.08.2012 4.20.0 notwendig
Yontoo 1.12.02 Yontoo LLC 25.01.2013 1,16MB 1.12.02 unbekannt / lässt sich nicht deinstallieren , da
( System kann die angegebene Datei nicht finden )

Antwort
Seite 1 von 2 1 2

Themen zu Virus
administrator, anti-malware, audio, autostart, code, dateien, eingefangen, erfolgreich, explorer, files, free, gelöscht, gen, hängen, leute, log, malwarebytes, mbam, quarantäne, quelldatei, registrierung, service, speicher, version, virus, windows


« Email Anhang geöffnet! | Antivir wirft häufig infizierte Objekte aus / OTL Analyse »


Ähnliche Themen: Virus


  1. Virus versenden; virus angriff; virus schützen; rache;
    Log-Analyse und Auswertung - 06.12.2010 (10)
  2. AVG Anti Virus free meldet Virus PSW.Generic7.BWMP, Virus läßt sich nicht beseitigen
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (21)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus - Hallo leute , ich habe mir etwas eingefangen . mein pc startete nicht und blieb hängen , sodass ich eine systemwiederhersttellung von windows ausführte ! hier der mbam log : - Virus...
Archiv
Du betrachtest: Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131