| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verdacht auf Virenbefall - Internet langsam/laggtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.03.2013, 03:24
| #1 |
 |  Verdacht auf Virenbefall - Internet langsam/laggt Hallo, ich habe den starken Veracht das mein Computer unter Virenbefall leidet. Mein Internet ist seit ca. einer Woche deutlich langsamer geworden und laggt ziemlich oft. Im Anhang die 3 Logdateien. |
|
06.03.2013, 12:56
| #2 |
| /// Malware-holic   | Verdacht auf Virenbefall - Internet langsam/laggt Hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
06.03.2013, 23:04
| #3 |
| | Verdacht auf Virenbefall - Internet langsam/laggtCode:
ATTFilter 23:03:16.0620 4312 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:03:16.0748 4312 ============================================================
23:03:16.0748 4312 Current date / time: 2013/03/06 23:03:16.0748
23:03:16.0748 4312 SystemInfo:
23:03:16.0748 4312
23:03:16.0748 4312 OS Version: 6.1.7601 ServicePack: 1.0
23:03:16.0749 4312 Product type: Workstation
23:03:16.0749 4312 ComputerName: JARO-PC
23:03:16.0749 4312 UserName: Jaro
23:03:16.0749 4312 Windows directory: C:\Windows
23:03:16.0749 4312 System windows directory: C:\Windows
23:03:16.0749 4312 Running under WOW64
23:03:16.0749 4312 Processor architecture: Intel x64
23:03:16.0749 4312 Number of processors: 4
23:03:16.0749 4312 Page size: 0x1000
23:03:16.0749 4312 Boot type: Normal boot
23:03:16.0749 4312 ============================================================
23:03:16.0896 4312 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
23:03:16.0900 4312 ============================================================
23:03:16.0900 4312 \Device\Harddisk0\DR0:
23:03:16.0901 4312 MBR partitions:
23:03:16.0901 4312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:03:16.0901 4312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
23:03:16.0901 4312 ============================================================
23:03:16.0902 4312 C: <-> \Device\Harddisk0\DR0\Partition2
23:03:16.0902 4312 ============================================================
23:03:16.0902 4312 Initialize success
23:03:16.0902 4312 ============================================================
23:03:27.0163 1220 ============================================================
23:03:27.0163 1220 Scan started
23:03:27.0163 1220 Mode: Manual; SigCheck; TDLFS;
23:03:27.0163 1220 ============================================================
23:03:27.0277 1220 ================ Scan system memory ========================
23:03:27.0277 1220 System memory - ok
23:03:27.0277 1220 ================ Scan services =============================
23:03:27.0315 1220 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:03:27.0362 1220 1394ohci - ok
23:03:27.0368 1220 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:03:27.0379 1220 ACPI - ok
23:03:27.0382 1220 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:03:27.0397 1220 AcpiPmi - ok
23:03:27.0402 1220 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:03:27.0409 1220 AdobeARMservice - ok
23:03:27.0431 1220 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:03:27.0441 1220 AdobeFlashPlayerUpdateSvc - ok
23:03:27.0454 1220 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:03:27.0468 1220 adp94xx - ok
23:03:27.0474 1220 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:03:27.0485 1220 adpahci - ok
23:03:27.0489 1220 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:03:27.0498 1220 adpu320 - ok
23:03:27.0503 1220 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:03:27.0549 1220 AeLookupSvc - ok
23:03:27.0556 1220 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:03:27.0575 1220 AFD - ok
23:03:27.0579 1220 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:03:27.0587 1220 agp440 - ok
23:03:27.0590 1220 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:03:27.0600 1220 ALG - ok
23:03:27.0603 1220 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:03:27.0610 1220 aliide - ok
23:03:27.0615 1220 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:03:27.0633 1220 AMD External Events Utility - ok
23:03:27.0636 1220 AMD FUEL Service - ok
23:03:27.0639 1220 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:03:27.0646 1220 amdide - ok
23:03:27.0649 1220 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:03:27.0657 1220 AmdK8 - ok
23:03:27.0757 1220 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:03:27.0896 1220 amdkmdag - ok
23:03:27.0909 1220 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:03:27.0925 1220 amdkmdap - ok
23:03:27.0929 1220 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:03:27.0937 1220 AmdPPM - ok
23:03:27.0941 1220 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:03:27.0949 1220 amdsata - ok
23:03:27.0954 1220 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:03:27.0962 1220 amdsbs - ok
23:03:27.0965 1220 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:03:27.0972 1220 amdxata - ok
23:03:27.0975 1220 [ EE4797DFEBBE8ACDB548DD8E80BE0A88 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
23:03:27.0985 1220 amd_sata - ok
23:03:27.0988 1220 [ D56EAD71A86FD2ACAE2DB47D0A6A3A41 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
23:03:27.0994 1220 amd_xata - ok
23:03:27.0996 1220 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
23:03:28.0002 1220 AODDriver4.2 - ok
23:03:28.0007 1220 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
23:03:28.0019 1220 AppHostSvc - ok
23:03:28.0024 1220 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:03:28.0083 1220 AppID - ok
23:03:28.0086 1220 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:03:28.0107 1220 AppIDSvc - ok
23:03:28.0110 1220 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:03:28.0132 1220 Appinfo - ok
23:03:28.0137 1220 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:03:28.0146 1220 AppMgmt - ok
23:03:28.0150 1220 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
23:03:28.0157 1220 arc - ok
23:03:28.0161 1220 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:03:28.0169 1220 arcsas - ok
23:03:28.0181 1220 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:03:28.0188 1220 aspnet_state - ok
23:03:28.0191 1220 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:03:28.0212 1220 AsyncMac - ok
23:03:28.0215 1220 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:03:28.0221 1220 atapi - ok
23:03:28.0226 1220 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:03:28.0235 1220 AtiHDAudioService - ok
23:03:28.0250 1220 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:03:28.0279 1220 AudioEndpointBuilder - ok
23:03:28.0286 1220 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:03:28.0309 1220 AudioSrv - ok
23:03:28.0313 1220 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:03:28.0330 1220 AxInstSV - ok
23:03:28.0337 1220 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:03:28.0349 1220 b06bdrv - ok
23:03:28.0356 1220 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:03:28.0377 1220 b57nd60a - ok
23:03:28.0383 1220 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:03:28.0391 1220 BDESVC - ok
23:03:28.0394 1220 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:03:28.0416 1220 Beep - ok
23:03:28.0425 1220 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:03:28.0452 1220 BFE - ok
23:03:28.0462 1220 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:03:28.0498 1220 BITS - ok
23:03:28.0501 1220 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:03:28.0509 1220 blbdrive - ok
23:03:28.0512 1220 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:03:28.0520 1220 bowser - ok
23:03:28.0523 1220 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:03:28.0532 1220 BrFiltLo - ok
23:03:28.0535 1220 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:03:28.0543 1220 BrFiltUp - ok
23:03:28.0547 1220 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:03:28.0555 1220 Browser - ok
23:03:28.0561 1220 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:03:28.0572 1220 Brserid - ok
23:03:28.0575 1220 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:03:28.0586 1220 BrSerWdm - ok
23:03:28.0591 1220 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:03:28.0605 1220 BrUsbMdm - ok
23:03:28.0609 1220 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:03:28.0616 1220 BrUsbSer - ok
23:03:28.0620 1220 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:03:28.0629 1220 BTHMODEM - ok
23:03:28.0634 1220 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:03:28.0656 1220 bthserv - ok
23:03:28.0659 1220 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:03:28.0681 1220 cdfs - ok
23:03:28.0686 1220 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:03:28.0695 1220 cdrom - ok
23:03:28.0699 1220 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:03:28.0729 1220 CertPropSvc - ok
23:03:28.0732 1220 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
23:03:28.0741 1220 circlass - ok
23:03:28.0747 1220 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:03:28.0758 1220 CLFS - ok
23:03:28.0764 1220 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:03:28.0771 1220 clr_optimization_v2.0.50727_32 - ok
23:03:28.0777 1220 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:03:28.0783 1220 clr_optimization_v2.0.50727_64 - ok
23:03:28.0790 1220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:03:28.0799 1220 clr_optimization_v4.0.30319_32 - ok
23:03:28.0802 1220 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:03:28.0810 1220 clr_optimization_v4.0.30319_64 - ok
23:03:28.0813 1220 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:03:28.0821 1220 CmBatt - ok
23:03:28.0828 1220 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:03:28.0837 1220 cmdide - ok
23:03:28.0845 1220 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
23:03:28.0862 1220 CNG - ok
23:03:28.0866 1220 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:03:28.0873 1220 Compbatt - ok
23:03:28.0876 1220 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:03:28.0885 1220 CompositeBus - ok
23:03:28.0887 1220 COMSysApp - ok
23:03:28.0891 1220 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:03:28.0897 1220 crcdisk - ok
23:03:28.0903 1220 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:03:28.0916 1220 CryptSvc - ok
23:03:28.0923 1220 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
23:03:28.0950 1220 CSC - ok
23:03:28.0960 1220 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
23:03:28.0974 1220 CscService - ok
23:03:28.0982 1220 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:03:29.0008 1220 DcomLaunch - ok
23:03:29.0014 1220 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:03:29.0038 1220 defragsvc - ok
23:03:29.0044 1220 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:03:29.0066 1220 DfsC - ok
23:03:29.0072 1220 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:03:29.0083 1220 Dhcp - ok
23:03:29.0086 1220 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:03:29.0107 1220 discache - ok
23:03:29.0111 1220 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
23:03:29.0118 1220 Disk - ok
23:03:29.0121 1220 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
23:03:29.0129 1220 dmvsc - ok
23:03:29.0134 1220 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:03:29.0143 1220 Dnscache - ok
23:03:29.0148 1220 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:03:29.0176 1220 dot3svc - ok
23:03:29.0182 1220 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:03:29.0204 1220 DPS - ok
23:03:29.0207 1220 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:03:29.0216 1220 drmkaud - ok
23:03:29.0227 1220 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:03:29.0246 1220 DXGKrnl - ok
23:03:29.0250 1220 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:03:29.0273 1220 EapHost - ok
23:03:29.0307 1220 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:03:29.0351 1220 ebdrv - ok
23:03:29.0355 1220 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:03:29.0363 1220 EFS - ok
23:03:29.0372 1220 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:03:29.0389 1220 ehRecvr - ok
23:03:29.0393 1220 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:03:29.0406 1220 ehSched - ok
23:03:29.0411 1220 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
23:03:29.0418 1220 ElbyCDIO - ok
23:03:29.0425 1220 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:03:29.0439 1220 elxstor - ok
23:03:29.0441 1220 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:03:29.0448 1220 ErrDev - ok
23:03:29.0457 1220 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:03:29.0483 1220 EventSystem - ok
23:03:29.0487 1220 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:03:29.0512 1220 exfat - ok
23:03:29.0518 1220 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:03:29.0545 1220 fastfat - ok
23:03:29.0554 1220 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:03:29.0569 1220 Fax - ok
23:03:29.0572 1220 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:03:29.0579 1220 fdc - ok
23:03:29.0582 1220 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:03:29.0603 1220 fdPHost - ok
23:03:29.0606 1220 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:03:29.0629 1220 FDResPub - ok
23:03:29.0635 1220 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:03:29.0645 1220 FileInfo - ok
23:03:29.0649 1220 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:03:29.0670 1220 Filetrace - ok
23:03:29.0673 1220 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:03:29.0680 1220 flpydisk - ok
23:03:29.0685 1220 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:03:29.0695 1220 FltMgr - ok
23:03:29.0709 1220 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
23:03:29.0730 1220 FontCache - ok
23:03:29.0734 1220 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:03:29.0744 1220 FontCache3.0.0.0 - ok
23:03:29.0749 1220 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:03:29.0757 1220 FsDepends - ok
23:03:29.0761 1220 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:03:29.0768 1220 Fs_Rec - ok
23:03:29.0772 1220 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:03:29.0783 1220 fvevol - ok
23:03:29.0787 1220 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:03:29.0794 1220 gagp30kx - ok
23:03:29.0802 1220 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:03:29.0830 1220 gpsvc - ok
23:03:29.0834 1220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:03:29.0840 1220 gupdate - ok
23:03:29.0843 1220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:03:29.0849 1220 gupdatem - ok
23:03:29.0855 1220 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:03:29.0866 1220 hcw85cir - ok
23:03:29.0872 1220 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:03:29.0885 1220 HdAudAddService - ok
23:03:29.0889 1220 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:03:29.0898 1220 HDAudBus - ok
23:03:29.0901 1220 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:03:29.0908 1220 HidBatt - ok
23:03:29.0912 1220 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:03:29.0921 1220 HidBth - ok
23:03:29.0925 1220 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:03:29.0933 1220 HidIr - ok
23:03:29.0936 1220 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:03:29.0957 1220 hidserv - ok
23:03:29.0960 1220 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:03:29.0976 1220 HidUsb - ok
23:03:29.0981 1220 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:03:30.0004 1220 hkmsvc - ok
23:03:30.0008 1220 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:03:30.0018 1220 HomeGroupListener - ok
23:03:30.0023 1220 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:03:30.0032 1220 HomeGroupProvider - ok
23:03:30.0036 1220 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:03:30.0042 1220 HpSAMD - ok
23:03:30.0051 1220 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:03:30.0083 1220 HTTP - ok
23:03:30.0087 1220 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:03:30.0094 1220 hwpolicy - ok
23:03:30.0098 1220 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:03:30.0105 1220 i8042prt - ok
23:03:30.0113 1220 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:03:30.0125 1220 iaStorV - ok
23:03:30.0135 1220 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:03:30.0151 1220 idsvc - ok
23:03:30.0155 1220 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:03:30.0162 1220 iirsp - ok
23:03:30.0166 1220 [ AB55B8A9B13130F638546881CE4425F8 ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
23:03:30.0175 1220 IISADMIN - ok
23:03:30.0188 1220 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:03:30.0223 1220 IKEEXT - ok
23:03:30.0257 1220 [ DBB365794DD346C9466F05C8D4CB3D25 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:03:30.0321 1220 IntcAzAudAddService - ok
23:03:30.0326 1220 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:03:30.0333 1220 intelide - ok
23:03:30.0336 1220 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
23:03:30.0344 1220 intelppm - ok
23:03:30.0348 1220 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:03:30.0370 1220 IPBusEnum - ok
23:03:30.0373 1220 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:03:30.0393 1220 IpFilterDriver - ok
23:03:30.0401 1220 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:03:30.0414 1220 iphlpsvc - ok
23:03:30.0418 1220 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:03:30.0432 1220 IPMIDRV - ok
23:03:30.0437 1220 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:03:30.0459 1220 IPNAT - ok
23:03:30.0462 1220 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:03:30.0472 1220 IRENUM - ok
23:03:30.0475 1220 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:03:30.0481 1220 isapnp - ok
23:03:30.0486 1220 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:03:30.0496 1220 iScsiPrt - ok
23:03:30.0500 1220 [ 73A968D4A85BB2552DDCF72CB15F06D2 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
23:03:30.0508 1220 JRAID - ok
23:03:30.0511 1220 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:03:30.0518 1220 kbdclass - ok
23:03:30.0521 1220 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:03:30.0528 1220 kbdhid - ok
23:03:30.0537 1220 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:03:30.0555 1220 KeyIso - ok
23:03:30.0559 1220 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:03:30.0567 1220 KSecDD - ok
23:03:30.0571 1220 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:03:30.0579 1220 KSecPkg - ok
23:03:30.0583 1220 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:03:30.0603 1220 ksthunk - ok
23:03:30.0609 1220 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:03:30.0634 1220 KtmRm - ok
23:03:30.0639 1220 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:03:30.0665 1220 LanmanServer - ok
23:03:30.0669 1220 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:03:30.0691 1220 LanmanWorkstation - ok
23:03:30.0695 1220 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:03:30.0716 1220 lltdio - ok
23:03:30.0722 1220 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:03:30.0745 1220 lltdsvc - ok
23:03:30.0749 1220 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:03:30.0778 1220 lmhosts - ok
23:03:30.0785 1220 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:03:30.0793 1220 LSI_FC - ok
23:03:30.0797 1220 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:03:30.0804 1220 LSI_SAS - ok
23:03:30.0807 1220 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:03:30.0814 1220 LSI_SAS2 - ok
23:03:30.0818 1220 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:03:30.0825 1220 LSI_SCSI - ok
23:03:30.0829 1220 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:03:30.0851 1220 luafv - ok
23:03:30.0854 1220 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:03:30.0860 1220 MBAMProtector - ok
23:03:30.0866 1220 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:03:30.0876 1220 MBAMScheduler - ok
23:03:30.0890 1220 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:03:30.0904 1220 MBAMService - ok
23:03:30.0908 1220 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:03:30.0917 1220 Mcx2Svc - ok
23:03:30.0921 1220 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
23:03:30.0927 1220 megasas - ok
23:03:30.0932 1220 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:03:30.0942 1220 MegaSR - ok
23:03:30.0946 1220 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:03:30.0967 1220 MMCSS - ok
23:03:30.0971 1220 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:03:30.0992 1220 Modem - ok
23:03:31.0000 1220 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:03:31.0012 1220 monitor - ok
23:03:31.0016 1220 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:03:31.0023 1220 mouclass - ok
23:03:31.0026 1220 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:03:31.0033 1220 mouhid - ok
23:03:31.0037 1220 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:03:31.0044 1220 mountmgr - ok
23:03:31.0048 1220 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:03:31.0056 1220 mpio - ok
23:03:31.0060 1220 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:03:31.0081 1220 mpsdrv - ok
23:03:31.0091 1220 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:03:31.0126 1220 MpsSvc - ok
23:03:31.0130 1220 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
23:03:31.0140 1220 MQAC - ok
23:03:31.0144 1220 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:03:31.0155 1220 MRxDAV - ok
23:03:31.0159 1220 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:03:31.0169 1220 mrxsmb - ok
23:03:31.0174 1220 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:03:31.0183 1220 mrxsmb10 - ok
23:03:31.0188 1220 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:03:31.0195 1220 mrxsmb20 - ok
23:03:31.0198 1220 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:03:31.0205 1220 msahci - ok
23:03:31.0209 1220 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:03:31.0220 1220 msdsm - ok
23:03:31.0227 1220 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:03:31.0243 1220 MSDTC - ok
23:03:31.0249 1220 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:03:31.0270 1220 Msfs - ok
23:03:31.0273 1220 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:03:31.0294 1220 mshidkmdf - ok
23:03:31.0297 1220 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:03:31.0303 1220 msisadrv - ok
23:03:31.0308 1220 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:03:31.0330 1220 MSiSCSI - ok
23:03:31.0333 1220 msiserver - ok
23:03:31.0336 1220 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:03:31.0364 1220 MSKSSRV - ok
23:03:31.0367 1220 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
23:03:31.0374 1220 MSMQ - ok
23:03:31.0378 1220 [ 59ED174FD4314B0218DC91F9BFA6CD3D ] MSMQTriggers C:\Windows\system32\mqtgsvc.exe
23:03:31.0386 1220 MSMQTriggers - ok
23:03:31.0389 1220 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:03:31.0409 1220 MSPCLOCK - ok
23:03:31.0412 1220 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:03:31.0433 1220 MSPQM - ok
23:03:31.0439 1220 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:03:31.0450 1220 MsRPC - ok
23:03:31.0455 1220 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:03:31.0463 1220 mssmbios - ok
23:03:31.0471 1220 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:03:31.0494 1220 MSTEE - ok
23:03:31.0497 1220 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:03:31.0504 1220 MTConfig - ok
23:03:31.0507 1220 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:03:31.0514 1220 Mup - ok
23:03:31.0521 1220 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:03:31.0547 1220 napagent - ok
23:03:31.0553 1220 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:03:31.0566 1220 NativeWifiP - ok
23:03:31.0580 1220 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:03:31.0604 1220 NDIS - ok
23:03:31.0608 1220 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:03:31.0629 1220 NdisCap - ok
23:03:31.0632 1220 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:03:31.0652 1220 NdisTapi - ok
23:03:31.0656 1220 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:03:31.0676 1220 Ndisuio - ok
23:03:31.0680 1220 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:03:31.0704 1220 NdisWan - ok
23:03:31.0709 1220 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:03:31.0738 1220 NDProxy - ok
23:03:31.0742 1220 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:03:31.0762 1220 NetBIOS - ok
23:03:31.0768 1220 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:03:31.0790 1220 NetBT - ok
23:03:31.0793 1220 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:03:31.0799 1220 Netlogon - ok
23:03:31.0805 1220 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:03:31.0834 1220 Netman - ok
23:03:31.0838 1220 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:03:31.0846 1220 NetMsmqActivator - ok
23:03:31.0849 1220 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:03:31.0855 1220 NetPipeActivator - ok
23:03:31.0862 1220 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:03:31.0888 1220 netprofm - ok
23:03:31.0891 1220 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:03:31.0897 1220 NetTcpActivator - ok
23:03:31.0900 1220 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:03:31.0906 1220 NetTcpPortSharing - ok
23:03:31.0909 1220 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:03:31.0918 1220 nfrd960 - ok
23:03:31.0927 1220 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:03:31.0942 1220 NlaSvc - ok
23:03:31.0946 1220 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:03:31.0967 1220 Npfs - ok
23:03:31.0970 1220 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:03:31.0991 1220 nsi - ok
23:03:31.0994 1220 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:03:32.0015 1220 nsiproxy - ok
23:03:32.0037 1220 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:03:32.0066 1220 Ntfs - ok
23:03:32.0069 1220 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:03:32.0090 1220 Null - ok
23:03:32.0094 1220 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:03:32.0102 1220 nvraid - ok
23:03:32.0107 1220 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:03:32.0115 1220 nvstor - ok
23:03:32.0119 1220 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:03:32.0126 1220 nv_agp - ok
23:03:32.0130 1220 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:03:32.0138 1220 ohci1394 - ok
23:03:32.0148 1220 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:03:32.0164 1220 p2pimsvc - ok
23:03:32.0172 1220 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:03:32.0183 1220 p2psvc - ok
23:03:32.0187 1220 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
23:03:32.0195 1220 Parport - ok
23:03:32.0199 1220 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:03:32.0206 1220 partmgr - ok
23:03:32.0211 1220 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:03:32.0223 1220 PcaSvc - ok
23:03:32.0228 1220 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:03:32.0236 1220 pci - ok
23:03:32.0239 1220 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:03:32.0245 1220 pciide - ok
23:03:32.0250 1220 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:03:32.0259 1220 pcmcia - ok
23:03:32.0267 1220 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:03:32.0277 1220 pcw - ok
23:03:32.0286 1220 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:03:32.0313 1220 PEAUTH - ok
23:03:32.0329 1220 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:03:32.0352 1220 PeerDistSvc - ok
23:03:32.0373 1220 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:03:32.0394 1220 PerfHost - ok
23:03:32.0413 1220 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:03:32.0449 1220 pla - ok
23:03:32.0456 1220 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:03:32.0469 1220 PlugPlay - ok
23:03:32.0473 1220 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:03:32.0480 1220 PNRPAutoReg - ok
23:03:32.0486 1220 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:03:32.0496 1220 PNRPsvc - ok
23:03:32.0510 1220 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:03:32.0536 1220 PolicyAgent - ok
23:03:32.0542 1220 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:03:32.0564 1220 Power - ok
23:03:32.0568 1220 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:03:32.0589 1220 PptpMiniport - ok
23:03:32.0593 1220 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
23:03:32.0600 1220 Processor - ok
23:03:32.0605 1220 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:03:32.0621 1220 ProfSvc - ok
23:03:32.0626 1220 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:03:32.0633 1220 ProtectedStorage - ok
23:03:32.0637 1220 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:03:32.0658 1220 Psched - ok
23:03:32.0674 1220 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:03:32.0701 1220 ql2300 - ok
23:03:32.0706 1220 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:03:32.0713 1220 ql40xx - ok
23:03:32.0719 1220 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:03:32.0746 1220 QWAVE - ok
23:03:32.0749 1220 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:03:32.0760 1220 QWAVEdrv - ok
23:03:32.0763 1220 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:03:32.0783 1220 RasAcd - ok
23:03:32.0787 1220 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:03:32.0807 1220 RasAgileVpn - ok
23:03:32.0811 1220 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:03:32.0833 1220 RasAuto - ok
23:03:32.0837 1220 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:03:32.0875 1220 Rasl2tp - ok
23:03:32.0881 1220 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:03:32.0905 1220 RasMan - ok
23:03:32.0909 1220 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:03:32.0931 1220 RasPppoe - ok
23:03:32.0934 1220 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:03:32.0957 1220 RasSstp - ok
23:03:32.0966 1220 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:03:32.0989 1220 rdbss - ok
23:03:32.0992 1220 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:03:33.0001 1220 rdpbus - ok
23:03:33.0004 1220 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:03:33.0024 1220 RDPCDD - ok
23:03:33.0030 1220 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:03:33.0038 1220 RDPDR - ok
23:03:33.0041 1220 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:03:33.0062 1220 RDPENCDD - ok
23:03:33.0069 1220 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:03:33.0104 1220 RDPREFMP - ok
23:03:33.0109 1220 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:03:33.0116 1220 RdpVideoMiniport - ok
23:03:33.0121 1220 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:03:33.0130 1220 RDPWD - ok
23:03:33.0135 1220 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:03:33.0144 1220 rdyboost - ok
23:03:33.0148 1220 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:03:33.0170 1220 RemoteAccess - ok
23:03:33.0174 1220 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:03:33.0208 1220 RemoteRegistry - ok
23:03:33.0212 1220 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
23:03:33.0233 1220 RMCAST - ok
23:03:33.0237 1220 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:03:33.0258 1220 RpcEptMapper - ok
23:03:33.0261 1220 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:03:33.0269 1220 RpcLocator - ok
23:03:33.0276 1220 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:03:33.0299 1220 RpcSs - ok
23:03:33.0303 1220 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:03:33.0345 1220 rspndr - ok
23:03:33.0351 1220 [ C435AC77704EB16E85C9D630F4D4B4F7 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
23:03:33.0359 1220 RTHDMIAzAudService - ok
23:03:33.0369 1220 [ 61A04C0C084D560BBEF1D09604608262 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:03:33.0385 1220 RTL8167 - ok
23:03:33.0389 1220 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:03:33.0396 1220 s3cap - ok
23:03:33.0399 1220 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:03:33.0405 1220 SamSs - ok
23:03:33.0409 1220 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:03:33.0418 1220 sbp2port - ok
23:03:33.0425 1220 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:03:33.0448 1220 SCardSvr - ok
23:03:33.0451 1220 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:03:33.0471 1220 scfilter - ok
23:03:33.0483 1220 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:03:33.0516 1220 Schedule - ok
23:03:33.0520 1220 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:03:33.0545 1220 SCPolicySvc - ok
23:03:33.0550 1220 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:03:33.0560 1220 SDRSVC - ok
23:03:33.0563 1220 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:03:33.0584 1220 secdrv - ok
23:03:33.0588 1220 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:03:33.0607 1220 seclogon - ok
23:03:33.0611 1220 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:03:33.0633 1220 SENS - ok
23:03:33.0636 1220 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:03:33.0644 1220 SensrSvc - ok
23:03:33.0649 1220 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:03:33.0663 1220 Serenum - ok
23:03:33.0669 1220 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:03:33.0678 1220 Serial - ok
23:03:33.0682 1220 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:03:33.0689 1220 sermouse - ok
23:03:33.0697 1220 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:03:33.0718 1220 SessionEnv - ok
23:03:33.0721 1220 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:03:33.0730 1220 sffdisk - ok
23:03:33.0733 1220 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:03:33.0741 1220 sffp_mmc - ok
23:03:33.0744 1220 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:03:33.0753 1220 sffp_sd - ok
23:03:33.0755 1220 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:03:33.0763 1220 sfloppy - ok
23:03:33.0768 1220 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:03:33.0799 1220 SharedAccess - ok
23:03:33.0805 1220 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:03:33.0829 1220 ShellHWDetection - ok
23:03:33.0832 1220 [ E9E830D540EDEDED650F906628468548 ] simptcp C:\Windows\System32\tcpsvcs.exe
23:03:33.0840 1220 simptcp - ok
23:03:33.0843 1220 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:03:33.0851 1220 SiSRaid2 - ok
23:03:33.0854 1220 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:03:33.0861 1220 SiSRaid4 - ok
23:03:33.0865 1220 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:03:33.0889 1220 Smb - ok
23:03:33.0899 1220 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:03:33.0907 1220 SNMPTRAP - ok
23:03:33.0912 1220 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
23:03:33.0918 1220 Sony PC Companion - ok
23:03:33.0921 1220 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:03:33.0928 1220 spldr - ok
23:03:33.0935 1220 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:03:33.0948 1220 Spooler - ok
23:03:33.0982 1220 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:03:34.0049 1220 sppsvc - ok
23:03:34.0054 1220 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:03:34.0076 1220 sppuinotify - ok
23:03:34.0082 1220 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:03:34.0094 1220 srv - ok
23:03:34.0103 1220 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:03:34.0115 1220 srv2 - ok
23:03:34.0120 1220 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:03:34.0128 1220 srvnet - ok
23:03:34.0132 1220 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:03:34.0154 1220 SSDPSRV - ok
23:03:34.0158 1220 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:03:34.0180 1220 SstpSvc - ok
23:03:34.0182 1220 Steam Client Service - ok
23:03:34.0186 1220 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:03:34.0193 1220 stexstor - ok
23:03:34.0201 1220 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:03:34.0230 1220 stisvc - ok
23:03:34.0234 1220 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:03:34.0241 1220 storflt - ok
23:03:34.0244 1220 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:03:34.0252 1220 StorSvc - ok
23:03:34.0254 1220 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:03:34.0261 1220 storvsc - ok
23:03:34.0264 1220 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:03:34.0271 1220 swenum - ok
23:03:34.0277 1220 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:03:34.0304 1220 swprv - ok
23:03:34.0323 1220 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:03:34.0357 1220 SysMain - ok
23:03:34.0361 1220 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:03:34.0372 1220 TabletInputService - ok
23:03:34.0378 1220 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:03:34.0401 1220 TapiSrv - ok
23:03:34.0405 1220 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:03:34.0426 1220 TBS - ok
23:03:34.0452 1220 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:03:34.0484 1220 Tcpip - ok
23:03:34.0504 1220 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:03:34.0528 1220 TCPIP6 - ok
23:03:34.0533 1220 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:03:34.0540 1220 tcpipreg - ok
23:03:34.0545 1220 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:03:34.0559 1220 TDPIPE - ok
23:03:34.0564 1220 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:03:34.0576 1220 TDTCP - ok
23:03:34.0580 1220 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:03:34.0601 1220 tdx - ok
23:03:34.0605 1220 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:03:34.0611 1220 TermDD - ok
23:03:34.0620 1220 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:03:34.0648 1220 TermService - ok
23:03:34.0651 1220 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:03:34.0661 1220 Themes - ok
23:03:34.0665 1220 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:03:34.0687 1220 THREADORDER - ok
23:03:34.0692 1220 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:03:34.0714 1220 TrkWks - ok
23:03:34.0719 1220 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:03:34.0740 1220 TrustedInstaller - ok
23:03:34.0745 1220 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:03:34.0765 1220 tssecsrv - ok
23:03:34.0768 1220 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:03:34.0776 1220 TsUsbFlt - ok
23:03:34.0779 1220 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:03:34.0789 1220 TsUsbGD - ok
23:03:34.0795 1220 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:03:34.0820 1220 tunnel - ok
23:03:34.0824 1220 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:03:34.0831 1220 uagp35 - ok
23:03:34.0836 1220 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:03:34.0861 1220 udfs - ok
23:03:34.0867 1220 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:03:34.0875 1220 UI0Detect - ok
23:03:34.0879 1220 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:03:34.0886 1220 uliagpkx - ok
23:03:34.0889 1220 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:03:34.0898 1220 umbus - ok
23:03:34.0904 1220 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
23:03:34.0928 1220 UmPass - ok
23:03:34.0934 1220 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
23:03:34.0944 1220 UmRdpService - ok
23:03:34.0950 1220 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:03:34.0975 1220 upnphost - ok
23:03:34.0979 1220 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:03:34.0989 1220 usbaudio - ok
23:03:34.0993 1220 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:03:35.0000 1220 usbccgp - ok
23:03:35.0005 1220 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:03:35.0013 1220 usbcir - ok
23:03:35.0017 1220 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:03:35.0026 1220 usbehci - ok
23:03:35.0031 1220 [ 504901430B6E03B99EBB6BF26E0868C6 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
23:03:35.0037 1220 usbfilter - ok
23:03:35.0043 1220 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:03:35.0054 1220 usbhub - ok
23:03:35.0057 1220 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:03:35.0064 1220 usbohci - ok
23:03:35.0067 1220 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:03:35.0076 1220 usbprint - ok
23:03:35.0080 1220 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
23:03:35.0088 1220 USBSTOR - ok
23:03:35.0091 1220 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:03:35.0098 1220 usbuhci - ok
23:03:35.0101 1220 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:03:35.0123 1220 UxSms - ok
23:03:35.0126 1220 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:03:35.0150 1220 VaultSvc - ok
23:03:35.0154 1220 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
23:03:35.0160 1220 VClone - ok
23:03:35.0163 1220 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:03:35.0170 1220 vdrvroot - ok
23:03:35.0177 1220 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:03:35.0203 1220 vds - ok
23:03:35.0206 1220 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:03:35.0215 1220 vga - ok
23:03:35.0218 1220 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:03:35.0239 1220 VgaSave - ok
23:03:35.0243 1220 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:03:35.0257 1220 vhdmp - ok
23:03:35.0262 1220 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:03:35.0269 1220 viaide - ok
23:03:35.0275 1220 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:03:35.0284 1220 vmbus - ok
23:03:35.0287 1220 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:03:35.0294 1220 VMBusHID - ok
23:03:35.0298 1220 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:03:35.0305 1220 volmgr - ok
23:03:35.0311 1220 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:03:35.0321 1220 volmgrx - ok
23:03:35.0327 1220 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:03:35.0337 1220 volsnap - ok
23:03:35.0342 1220 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:03:35.0350 1220 vsmraid - ok
23:03:35.0370 1220 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:03:35.0410 1220 VSS - ok
23:03:35.0414 1220 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:03:35.0423 1220 vwifibus - ok
23:03:35.0429 1220 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:03:35.0454 1220 W32Time - ok
23:03:35.0462 1220 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
23:03:35.0473 1220 W3SVC - ok
23:03:35.0481 1220 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:03:35.0491 1220 WacomPen - ok
23:03:35.0495 1220 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:03:35.0515 1220 WANARP - ok
23:03:35.0518 1220 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:03:35.0538 1220 Wanarpv6 - ok
23:03:35.0544 1220 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
23:03:35.0553 1220 WAS - ok
23:03:35.0569 1220 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:03:35.0605 1220 wbengine - ok
23:03:35.0613 1220 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:03:35.0626 1220 WbioSrvc - ok
23:03:35.0632 1220 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:03:35.0646 1220 wcncsvc - ok
23:03:35.0650 1220 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:03:35.0658 1220 WcsPlugInService - ok
23:03:35.0661 1220 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
23:03:35.0667 1220 Wd - ok
23:03:35.0677 1220 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:03:35.0695 1220 Wdf01000 - ok
23:03:35.0699 1220 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:03:35.0729 1220 WdiServiceHost - ok
23:03:35.0732 1220 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:03:35.0742 1220 WdiSystemHost - ok
23:03:35.0747 1220 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:03:35.0760 1220 WebClient - ok
23:03:35.0766 1220 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:03:35.0789 1220 Wecsvc - ok
23:03:35.0793 1220 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:03:35.0817 1220 wercplsupport - ok
23:03:35.0824 1220 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:03:35.0847 1220 WerSvc - ok
23:03:35.0850 1220 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:03:35.0870 1220 WfpLwf - ok
23:03:35.0873 1220 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:03:35.0880 1220 WIMMount - ok
23:03:35.0882 1220 WinDefend - ok
23:03:35.0887 1220 WinHttpAutoProxySvc - ok
23:03:35.0896 1220 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:03:35.0920 1220 Winmgmt - ok
23:03:35.0923 1220 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys
23:03:35.0935 1220 WinRing0_1_2_0 - ok
23:03:35.0960 1220 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:03:36.0004 1220 WinRM - ok
23:03:36.0010 1220 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:03:36.0019 1220 WinUsb - ok
23:03:36.0030 1220 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:03:36.0053 1220 Wlansvc - ok
23:03:36.0082 1220 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:03:36.0118 1220 wlidsvc - ok
23:03:36.0123 1220 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:03:36.0130 1220 WmiAcpi - ok
23:03:36.0136 1220 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:03:36.0145 1220 wmiApSrv - ok
23:03:36.0148 1220 WMPNetworkSvc - ok
23:03:36.0152 1220 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:03:36.0159 1220 WPCSvc - ok
23:03:36.0163 1220 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:03:36.0174 1220 WPDBusEnum - ok
23:03:36.0179 1220 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:03:36.0207 1220 ws2ifsl - ok
23:03:36.0211 1220 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:03:36.0222 1220 wscsvc - ok
23:03:36.0225 1220 WSearch - ok
23:03:36.0251 1220 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:03:36.0291 1220 wuauserv - ok
23:03:36.0296 1220 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:03:36.0310 1220 WudfPf - ok
23:03:36.0315 1220 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:03:36.0324 1220 WUDFRd - ok
23:03:36.0328 1220 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:03:36.0336 1220 wudfsvc - ok
23:03:36.0341 1220 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:03:36.0354 1220 WwanSvc - ok
23:03:36.0358 1220 ================ Scan global ===============================
23:03:36.0360 1220 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:03:36.0364 1220 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:03:36.0370 1220 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:03:36.0373 1220 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:03:36.0378 1220 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:03:36.0382 1220 [Global] - ok
23:03:36.0382 1220 ================ Scan MBR ==================================
23:03:36.0384 1220 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:03:36.0461 1220 \Device\Harddisk0\DR0 - ok
23:03:36.0461 1220 ================ Scan VBR ==================================
23:03:36.0463 1220 [ E8B0C2E50DBFE4747B348101D6E65D26 ] \Device\Harddisk0\DR0\Partition1
23:03:36.0464 1220 \Device\Harddisk0\DR0\Partition1 - ok
23:03:36.0466 1220 [ 1F167B21EC0334067EEF649AF6CD66F7 ] \Device\Harddisk0\DR0\Partition2
23:03:36.0467 1220 \Device\Harddisk0\DR0\Partition2 - ok
23:03:36.0467 1220 ============================================================
23:03:36.0467 1220 Scan finished
23:03:36.0467 1220 ============================================================
23:03:36.0474 2140 Detected object count: 0
23:03:36.0474 2140 Actual detected object count: 0
|
|
08.03.2013, 20:53
| #4 |
| /// Malware-holic | Verdacht auf Virenbefall - Internet langsam/laggt Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.03.2013, 21:42
| #5 |
| | Verdacht auf Virenbefall - Internet langsam/laggt Hallo, hier die Logdatei: Code:
ATTFilter ComboFix 13-03-07.03 - Jaro 08.03.2013 21:32:55.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.2997 [GMT 1:00]
ausgeführt von:: c:\users\Jaro\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-08 bis 2013-03-08 ))))))))))))))))))))))))))))))
.
.
2013-03-06 01:03 . 2013-03-06 01:03 -------- d-----w- c:\users\Jaro\AppData\Roaming\Malwarebytes
2013-03-06 01:03 . 2013-03-06 01:03 -------- d-----w- c:\programdata\Malwarebytes
2013-03-06 01:03 . 2013-03-06 01:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-06 01:03 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-04 00:56 . 2013-03-04 00:56 -------- d-----w- c:\users\Jaro\AppData\Roaming\vlc
2013-03-04 00:55 . 2013-03-04 00:55 -------- d-----w- c:\program files (x86)\VideoLAN
2013-03-04 00:46 . 2013-03-04 00:46 -------- d-----w- c:\program files (x86)\Sony
2013-02-25 12:47 . 2013-02-25 12:47 -------- d-----w- c:\users\Jaro\AppData\Local\ElevatedDiagnostics
2013-02-25 12:31 . 2012-12-26 17:26 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-02-25 12:31 . 2012-12-26 17:26 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-02-22 04:05 . 2013-02-22 04:05 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-22 04:05 . 2013-02-22 04:05 -------- d-----w- c:\program files (x86)\Java
2013-02-13 17:03 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:03 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 02:44 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 02:44 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 02:44 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 02:44 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 02:44 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 02:44 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 02:44 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 02:44 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 02:44 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 02:44 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 02:44 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 02:44 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-08 20:35 . 2013-01-07 05:15 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-02-27 13:26 . 2013-01-19 07:25 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 13:26 . 2013-01-19 07:25 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-22 04:05 . 2012-12-04 17:55 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-22 04:05 . 2012-12-04 17:55 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-13 17:05 . 2012-12-04 17:57 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-12 03:04 . 2013-01-12 03:04 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-01-04 04:43 . 2013-02-13 02:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-27 07:26 . 2013-01-30 09:10 805088 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-12-26 02:37 . 2013-01-26 04:17 3269088 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-12-26 01:34 . 2013-01-26 04:17 126688 ----a-w- c:\windows\system32\RCoInstII64.dll
2012-12-20 15:52 . 2013-01-26 04:17 988896 ----a-w- c:\windows\system32\RtkApi64.dll
2012-12-19 20:50 . 2013-01-26 04:13 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48 . 2013-01-26 04:13 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:29 . 2013-01-26 04:13 23461376 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-19 20:22 . 2013-01-26 04:13 70144 ----a-w- c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2013-01-26 04:13 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2013-01-26 04:13 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-19 20:18 . 2013-01-26 04:13 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17 . 2013-01-26 04:13 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-19 20:17 . 2013-01-26 04:13 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17 . 2013-01-26 04:13 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-19 20:13 . 2013-01-26 04:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12 . 2013-01-26 04:13 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09 . 2013-01-26 04:13 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08 . 2012-09-28 01:41 1151488 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-19 20:06 . 2013-01-26 04:13 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59 . 2012-09-28 01:31 5087744 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-19 19:57 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2013-01-26 04:13 550912 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-19 19:56 . 2013-01-26 04:13 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2013-01-26 04:13 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-19 19:54 . 2013-01-26 04:13 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2013-01-26 04:13 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-19 19:54 . 2013-01-26 04:13 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49 . 2012-09-28 01:22 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-19 19:44 . 2013-01-26 04:13 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44 . 2012-09-28 01:25 6786560 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-19 19:33 . 2013-01-26 04:13 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-19 19:33 . 2013-01-26 04:13 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-19 19:33 . 2012-09-28 01:13 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2013-01-26 04:13 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33 . 2013-01-26 04:13 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33 . 2013-01-26 04:13 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33 . 2013-01-26 04:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-19 19:33 . 2013-01-26 04:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33 . 2013-01-26 04:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2013-01-26 04:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-19 19:33 . 2013-01-26 04:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32 . 2013-01-26 04:13 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2012-09-28 01:11 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-19 19:31 . 2013-01-26 04:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31 . 2012-09-28 01:11 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-19 19:30 . 2013-01-26 04:13 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30 . 2013-01-26 04:13 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-19 14:45 . 2012-12-19 14:45 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 14:44 . 2012-12-19 14:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-12-19 14:44 . 2012-12-19 14:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-12-19 14:44 . 2012-12-19 14:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll
2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-12-19 14:34 . 2012-12-19 14:34 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-18 22:49 . 2012-12-04 18:09 2079968 ----a-w- c:\windows\RtlExUpd.dll
2012-12-16 17:11 . 2012-12-21 03:58 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 03:58 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 03:58 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 03:58 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 00:50 . 2013-01-26 04:17 1652960 ----a-w- c:\windows\system32\RTSnMg64.cpl
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AOD"="c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" [2012-12-19 361984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2012-04-11 82560]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2012-04-11 42624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-12-27 805088]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-08-28 58536]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-04 23:47 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-19 13:26]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 17:37]
.
2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 17:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2010-11-21 247808]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-13 13263072]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-157001695-2697609133-1144193094-1001\Software\SecuROM\License information*]
"datasecu"=hex:62,31,cd,fb,e6,6b,bb,3d,96,6d,8d,21,d2,3a,f6,33,b7,bb,97,51,3e,
15,07,cc,f0,fd,be,65,77,68,c8,ed,08,5c,1e,e0,73,3f,1a,da,25,93,d4,5a,e1,80,\
"rkeysecu"=hex:54,1b,e0,b8,69,96,83,ce,6b,09,fc,2b,3a,28,40,c0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-08 21:37:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-08 20:37
.
Vor Suchlauf: 6 Verzeichnis(se), 62.855.479.296 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 62.481.481.728 Bytes frei
.
- - End Of File - - EC5C8A965B71C5F2357A2D4B4C1D0914
|
|
11.03.2013, 18:37
| #6 |
| /// Malware-holic | Verdacht auf Virenbefall - Internet langsam/laggt hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> Verdacht auf Virenbefall - Internet langsam/laggt |
|
12.03.2013, 00:58
| #7 |
| | Verdacht auf Virenbefall - Internet langsam/laggtCode:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171; notwendig Adobe Reader XI (11.0.01) - Deutsch Adobe Systems Incorporated 09.01.2013 132MB 11.0.01; notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 12.02.2013 26,3MB 8.0.903.0; notwendig CCleaner Piriform 25.02.2013 3.28; notwendig Curse Client Curse 09.02.2013 5.1.1.644; notwendig EVEREST Ultimate Edition v5.50 Lavalys, Inc. 05.12.2012 5.50; notwendig Fraps (remove only) 23.01.2013; unnötig Google Chrome Google Inc. 04.12.2012 25.0.1364.152; notwendig Java 7 Update 15 Oracle 22.02.2013 129MB 7.0.150; notwendig JDownloader 0.9 AppWork GmbH 29.12.2012 0.9; unnötig JDownloader Packages 29.12.2012; unnötig JMicron JMB36X Driver JMicron Technology Corp. 04.12.2012 1.17.65.11; unbekannt K-Lite Codec Pack 9.7.0 (Full) 19.01.2013 83,4MB 9.7.0; unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 06.03.2013 18,4MB 1.70.0.1100; notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 04.12.2012 38,8MB 4.0.30319; notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 28.12.2012 2,93MB 4.0.30319; notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 28.12.2012 51,9MB 4.0.30319; notwendig Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 28.12.2012 10,6MB 4.0.30319; notwendig Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 12.01.2013 32,5MB 2.0.672.0; unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12.01.2013 300KB 8.0.61001; notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 04.12.2012 788KB 9.0.30729; notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 06.12.2012 788KB 9.0.30729.6161; notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 29.12.2012 596KB 9.0.30729; notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 30.12.2012 600KB 9.0.30729.6161; notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 07.12.2012 15,0MB 10.0.30319; notwendig NetSpeedMonitor 2.5.4.0 x64 Florian Gilles 04.12.2012 1,24MB 2.5.4.0; unnötig Notepad++ 04.03.2013 6.3; notwendig OpenOffice.org 3.4.1 Apache Software Foundation 07.01.2013 330MB 3.41.9593; notwendig Razer Game Booster Razer USA Ltd. 28.12.2012 44,3MB 3.5.6.0; unnötig Realtek Ethernet Controller Driver Realtek 25.02.2013 7.67.1226.2012; notwendig Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 04.12.2012 6.0.1.6650; notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 26.01.2013 6.0.1.6809; notwendig Sony PC Companion 2.10.136 Sony 04.03.2013 18,3MB 2.10.136; notwendig Steam Valve Corporation 29.12.2012 35,4MB 1.0.0.0; unnötig SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54 eRightSoft 23.01.2013 54,0MB v2012.build.54; unnötig TeamSpeak 3 Client TeamSpeak Systems GmbH 05.03.2013 3.0.10; notwendig Tukui Client Tukui 11.03.2013 732KB 2.1.1; notwendig Tukui Client Installer Tukui 21.01.2013 720KB 2.0.7; notwendig Tukui Update Utility Tukui 04.12.2012 288KB 1.0.0; notwendig VirtualCloneDrive Elaborate Bytes 29.12.2012; unnötig VLC media player 2.0.5 VideoLAN 04.03.2013 2.0.5; notwendig Winamp Nullsoft, Inc 07.12.2012 5.63; notwendig Windows Live Essentials Microsoft Corporation 23.01.2013 16.4.3505.0912; unbekannt WinRAR 4.20 (64-Bit) win.rar GmbH 04.12.2012 4.20.0; notwendig World of Warcraft Blizzard Entertainment 11.03.2013 5.2.0.16683; notwendig |
|
12.03.2013, 19:36
| #8 |
| /// Malware-holic | Verdacht auf Virenbefall - Internet langsam/laggt deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Fraps Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: JDownloader : beide K-Lite NetSpeedMonitor Razer Steam SUPER © VirtualCloneDrive Windows Live : alle für dich unnötigen Öffne CCleaner, analysieren, starten, pc neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.03.2013, 06:26
| #9 |
| | Verdacht auf Virenbefall - Internet langsam/laggt Hallo, habe alles so gemacht wie beschrieben. Hier die Logdatei: Code:
ATTFilter # AdwCleaner v2.114 - Datei am 13/03/2013 um 06:23:34 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Jaro - JARO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jaro\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.152
Datei : C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1443 octets] - [13/03/2013 06:23:34]
########## EOF - C:\AdwCleaner[S1].txt - [1503 octets] ##########
|
|
13.03.2013, 18:39
| #10 |
| /// Malware-holic | Verdacht auf Virenbefall - Internet langsam/laggt Hi, HitmanPro - Download - Filepony hitmanpro laden, doppelklicken,lizenz, testlizenz. auf Scan, nichts löschen. auf weiter, und log als xml exportieren und posten, bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.03.2013, 01:05
| #11 |
| | Verdacht auf Virenbefall - Internet langsam/laggtCode:
ATTFilter <Log computer="JARO-PC" windows="6.1.1.7601.X64/4" scan="Normal" version="3.7.2.190" date="2013-03-14T01:02:00" timeSpentInSecs="59" filesProcessed="14599">
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.computecmedia.de" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\0ZELIMPJ.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\18COMTBQ.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\1MQ1QA74.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\2LYM6Q2S.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\3ZX2IT2H.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\4RCNK02F.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\BAFNRC3C.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\D7T11QT7.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\ILKIGK9G.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\LTX13PCT.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\RT94BGHP.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\UHILGVPX.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\UPFH3NKY.txt" /></Item>
<Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Cookies\V4H86YP5.txt" /></Item>
</Log>
|
|
14.03.2013, 20:48
| #12 |
| /// Malware-holic | Verdacht auf Virenbefall - Internet langsam/laggt funde löschen bitte, neues otl log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.03.2013, 05:21
| #13 |
| | Verdacht auf Virenbefall - Internet langsam/laggtCode:
ATTFilter OTL logfile created on: 17.03.2013 05:19:47 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jaro\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,92 Gb Available Physical Memory | 72,92% Memory free 10,00 Gb Paging File | 8,61 Gb Available in Paging File | 86,17% Paging File free Paging file location(s): c:\pagefile.sys 6144 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 58,88 Gb Free Space | 52,72% Space Free | Partition Type: NTFS Computer Name: JARO-PC | User Name: Jaro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.17 05:15:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jaro\Desktop\OTL.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.11.21 04:24:38 | 000,189,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqtgsvc.exe -- (MSMQTriggers) SRV:64bit: - [2010.11.21 04:24:38 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV:64bit: - [2009.07.14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010.11.21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.21 04:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.09.17 15:05:10 | 000,123,704 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2012.08.28 13:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2012.04.11 02:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2012.04.11 02:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.11.21 04:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-157001695-2697609133-1144193094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-157001695-2697609133-1144193094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-157001695-2697609133-1144193094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CB E5 3A F5 44 D2 CD 01 [binary data] IE - HKU\S-1-5-21-157001695-2697609133-1144193094-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-157001695-2697609133-1144193094-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-157001695-2697609133-1144193094-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\plugin/npUrlAdvisor.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\plugin/npABPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\ CHR - Extension: Yahoo Mail Checker = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbgodfidfimmjgeapafonbdkkkndpmp\1.4.1_0\ CHR - Extension: Google Mail = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Drive = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\ CHR - Extension: Yahoo Mail Checker = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbgodfidfimmjgeapafonbdkkkndpmp\1.4.1_0\ CHR - Extension: Google Mail = C:\Users\Jaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.03.08 21:35:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found O4 - HKU\S-1-5-18..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune File not found O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-157001695-2697609133-1144193094-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-157001695-2697609133-1144193094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Policies\Microsoft\Internet Explorer\Control Panel present O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E9871FF-5006-4541-8562-AD172DDF9B13}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 05:15:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jaro\Desktop\OTL.exe [2013.03.14 01:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 01:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 01:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.14 01:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013.03.14 01:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.03.14 01:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.03.13 06:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.13 06:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.13 06:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.08 21:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\delight software gmbh [2013.03.08 21:37:05 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.08 21:32:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.08 21:32:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.08 21:32:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.08 21:32:12 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.08 21:32:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.06 02:03:56 | 000,000,000 | ---D | C] -- C:\Users\Jaro\AppData\Roaming\Malwarebytes [2013.03.06 02:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.06 02:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.06 02:03:46 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.06 02:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.04 01:56:02 | 000,000,000 | ---D | C] -- C:\Users\Jaro\AppData\Roaming\vlc [2013.03.04 01:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.04 01:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.03.04 01:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2013.03.04 01:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2013.03.04 01:40:14 | 000,000,000 | --SD | C] -- C:\Users\Jaro\Documents\Passwords Database [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.17 05:15:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jaro\Desktop\OTL.exe [2013.03.17 04:47:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.17 01:47:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.16 23:41:58 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.16 23:41:58 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.16 23:39:04 | 001,804,186 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.16 23:39:04 | 000,772,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.16 23:39:04 | 000,715,136 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.16 23:39:04 | 000,174,872 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.16 23:39:04 | 000,142,518 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.16 23:34:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.14 21:07:28 | 000,001,195 | ---- | M] () -- C:\Users\Jaro\Desktop\Downloads.lnk [2013.03.14 01:16:44 | 000,002,117 | ---- | M] () -- C:\Users\Jaro\Desktop\Microsoft Security Essentials.lnk [2013.03.14 01:12:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.14 01:12:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.14 01:12:12 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.03.12 00:47:55 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.11 04:01:55 | 000,003,041 | ---- | M] () -- C:\Users\Jaro\Desktop\Tukui Client.lnk [2013.03.08 21:35:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.06 02:53:59 | 000,000,000 | ---- | M] () -- C:\Users\Jaro\defogger_reenable [2013.03.06 02:03:47 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.04 02:03:22 | 000,001,051 | ---- | M] () -- C:\Users\Jaro\Desktop\Notepad++.lnk [2013.03.04 01:55:59 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.04 01:46:38 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.02.27 18:58:09 | 000,111,037 | ---- | M] () -- C:\Users\Jaro\Documents\ts3_clientui-win64-1351504843-2013-02-27 18_58_09.071321.dmp [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.14 01:18:34 | 000,001,421 | ---- | C] () -- C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.14 01:16:44 | 000,002,117 | ---- | C] () -- C:\Users\Jaro\Desktop\Microsoft Security Essentials.lnk [2013.03.14 01:12:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.14 01:12:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.14 01:12:05 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013.03.11 04:01:55 | 000,003,041 | ---- | C] () -- C:\Users\Jaro\Desktop\Tukui Client.lnk [2013.03.11 04:01:55 | 000,003,001 | ---- | C] () -- C:\Users\Jaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tukui Client.lnk [2013.03.08 21:32:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.08 21:32:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.08 21:32:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.08 21:32:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.08 21:32:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.06 02:53:59 | 000,000,000 | ---- | C] () -- C:\Users\Jaro\defogger_reenable [2013.03.06 02:03:47 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.04 01:55:59 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.04 01:46:38 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.02.27 18:58:09 | 000,111,037 | ---- | C] () -- C:\Users\Jaro\Documents\ts3_clientui-win64-1351504843-2013-02-27 18_58_09.071321.dmp [2013.02.25 13:31:55 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2013.02.15 04:12:33 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.01.23 05:45:22 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2013.01.19 10:54:13 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.01.14 05:04:05 | 000,017,408 | ---- | C] () -- C:\Users\Jaro\AppData\Local\WebpageIcons.db [2013.01.03 06:39:45 | 000,000,921 | ---- | C] () -- C:\Users\Jaro\AppData\Roaming\MPQEditor.ini [2012.12.28 13:34:03 | 001,781,080 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.04 18:40:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.29 18:05:19 | 000,000,000 | ---D | M] -- C:\Users\Jaro\AppData\Roaming\Day 1 Studios [2012.12.29 16:25:03 | 000,000,000 | ---D | M] -- C:\Users\Jaro\AppData\Roaming\JDownloaderPackages [2012.12.04 18:54:46 | 000,000,000 | ---D | M] -- C:\Users\Jaro\AppData\Roaming\NetSpeedMonitor [2013.03.04 02:03:22 | 000,000,000 | ---D | M] -- C:\Users\Jaro\AppData\Roaming\Notepad++ [2013.01.07 07:33:06 | 000,000,000 | ---D | M] -- C:\Users\Jaro\AppData\Roaming\OpenOffice.org [2013.01.23 07:43:02 | 000,000,000 | ---D | M] -- C:\Users\Jaro\AppData\Roaming\Publish Providers [2013.01.23 07:43:01 | 000,000,000 | ---D | M] -- C:\Users\Jaro\AppData\Roaming\Sony [2013.01.19 08:25:09 | 000,000,000 | ---D | M] -- C:\Users\Jaro\AppData\Roaming\SplitMediaLabs [2013.03.16 01:38:17 | 000,000,000 | ---D | M] -- C:\Users\Jaro\AppData\Roaming\TS3Client [2013.03.05 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\Jaro\AppData\Roaming\ts3overlay [2012.12.16 19:39:50 | 000,000,000 | ---D | M] -- C:\Users\Jaro\AppData\Roaming\ts3overlay_hook_win64 [2013.01.04 07:40:44 | 000,000,000 | ---D | M] -- C:\Users\Jaro\AppData\Roaming\WinISO Computing ========== Purity Check ========== < End of report > |
|
28.03.2013, 19:42
| #14 |
| /// Malware-holic | Verdacht auf Virenbefall - Internet langsam/laggt sorry, war im Urlaub, und rkrank otl fix Fixen mit OTL
Code:
ATTFilter :OTL
:files
:Commands
[emptytemp]
bitte teste, ob es im Firefox, internet explorer, und sonstigen evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt. Teste wie pc und programme allgemein laufen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Verdacht auf Virenbefall - Internet langsam/laggt |
| befall, compu, computer, deutlich, inter, interne, internet, langsamer, starke, verdacht, virenbefall, woche, ziemlich |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
