Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Bundestrojaner! in System32/services.exe

Bundestrojaner! in System32/services.exe


Plagegeister aller Art und deren Bekämpfung: Bundestrojaner! in System32/services.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.06.2013, 11:09   #1
Twen
 
Bundestrojaner! in System32/services.exe - Standard

Bundestrojaner! in System32/services.exe


Guten Tag liebes Trojaner-Board Team,
Ich habe mir vor 2 Tagen anscheinend den Bundestrojaner eingefangen und habe seitdem schon ein wenig versucht mit Malwarebytes und meinem Antivirenporgramm Avast das Problem zu lösen. Allerdings ohne Erfolg...
Das Typische Bild mit der Aufforderung zur Überweisung von 100€ kam vor, als ich mir im Internet ein Video angeschaut habe. Danach versuchte ich mich mit einem anderen Nutzer anzumelden, um eventuell den Trojaner per Hand zu löschen, über die suche nach zuletzt hinzugefügten .exe Dateien, aber eben ohne Erfolg.
Seid dem ich mich mit dem anderen Benutzer einlogge, bringt auch Avast immer im 5er Pack eine Bedrohungsmeldung:
Objekt: Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}U\800000.@
die Dateien sind alle im selben Ordner, haben nur unterschiedliche Zahlen. Außerdem werden sie von der Services.exe ausgeführt.

Ich hab bereits mehrmals einen Malwarebytes check durchgeführt und ein paar Dateien gelöscht. Das hier war der erste:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
User :: NB-SHK-DELL [Administrator]

Schutz: Aktiviert

12.06.2013 19:49:46
mbam-log-2013-06-12 (19-49-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 446574
Laufzeit: 16 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 52
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trz2E9B.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trz65C6.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trz6668.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trz6689.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzE645.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzE6E6.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzE717.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzE788.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzE7CA.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzE89B.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzE93E.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzE9C2.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzE9D4.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzEA48.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzEA5A.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzEADE.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzEB10.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzEB74.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzEB84.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trzEBB7.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\8qcov.dat (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\StefanKellner\AppData\Local\Temp\bfhfbaucsyalqxgygsf.bfg (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\StefanKellner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3a2ada32-5d4583d2 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz142E.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz1EE0.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz2E4E.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz48CA.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz4C6A.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz54F0.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz59EA.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz6089.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz68D4.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz69E4.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz7056.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz7922.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz80D2.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz8222.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz8490.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz8893.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz91A2.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz95BA.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trz9954.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trzABC4.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trzADD0.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trzADD9.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trzAF8.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trzC7A8.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trzD65B.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trzDF36.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trzFBDF.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{932a73e3-a4a0-1965-f827-f52a67be8d5c}\U\trzFCCD.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
auserdem hab ich Kaspersky TDSSKiller runtergeladen und durchlaufen lassen, allerdings habe ich da noch nichts gelöscht oder reparieren lassen
Code:
ATTFilter
11:13:34.0135 0632  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:13:34.0306 0632  ============================================================
11:13:34.0306 0632  Current date / time: 2013/06/13 11:13:34.0306
11:13:34.0306 0632  SystemInfo:
11:13:34.0306 0632  
11:13:34.0306 0632  OS Version: 6.1.7601 ServicePack: 1.0
11:13:34.0306 0632  Product type: Workstation
11:13:34.0306 0632  ComputerName: NB-SHK-DELL
11:13:34.0306 0632  UserName: User
11:13:34.0306 0632  Windows directory: C:\Windows
11:13:34.0306 0632  System windows directory: C:\Windows
11:13:34.0306 0632  Running under WOW64
11:13:34.0306 0632  Processor architecture: Intel x64
11:13:34.0306 0632  Number of processors: 2
11:13:34.0306 0632  Page size: 0x1000
11:13:34.0306 0632  Boot type: Normal boot
11:13:34.0306 0632  ============================================================
11:13:34.0775 0632  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:13:34.0775 0632  ============================================================
11:13:34.0775 0632  \Device\Harddisk0\DR0:
11:13:34.0775 0632  MBR partitions:
11:13:34.0775 0632  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1DCF2800
11:13:34.0775 0632  ============================================================
11:13:34.0775 0632  C: <-> \Device\Harddisk0\DR0\Partition1
11:13:34.0775 0632  ============================================================
11:13:34.0775 0632  Initialize success
11:13:34.0775 0632  ============================================================
11:14:15.0577 4244  ============================================================
11:14:15.0577 4244  Scan started
11:14:15.0577 4244  Mode: Manual; SigCheck; TDLFS; 
11:14:15.0577 4244  ============================================================
11:14:15.0717 4244  ================ Scan system memory ========================
11:14:15.0717 4244  System memory - ok
11:14:15.0717 4244  ================ Scan services =============================
11:14:15.0749 4244  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
11:14:15.0811 4244  1394ohci - ok
11:14:15.0811 4244  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:14:15.0827 4244  ACPI - ok
11:14:15.0842 4244  [ 12C5274CD87449A2A37A607CDB321922 ] acpials         C:\Windows\system32\DRIVERS\acpials.sys
11:14:15.0858 4244  acpials - ok
11:14:15.0858 4244  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:14:15.0873 4244  AcpiPmi - ok
11:14:15.0889 4244  AdobeFlashPlayerUpdateSvc - ok
11:14:15.0889 4244  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:14:15.0905 4244  adp94xx - ok
11:14:15.0920 4244  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:14:15.0936 4244  adpahci - ok
11:14:15.0936 4244  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:14:15.0951 4244  adpu320 - ok
11:14:15.0951 4244  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:14:15.0983 4244  AeLookupSvc - ok
11:14:15.0998 4244  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
11:14:16.0014 4244  AFD - ok
11:14:16.0014 4244  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:14:16.0029 4244  agp440 - ok
11:14:16.0029 4244  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:14:16.0045 4244  ALG - ok
11:14:16.0061 4244  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:14:16.0061 4244  aliide - ok
11:14:16.0061 4244  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:14:16.0076 4244  amdide - ok
11:14:16.0076 4244  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:14:16.0092 4244  AmdK8 - ok
11:14:16.0107 4244  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
11:14:16.0107 4244  AmdPPM - ok
11:14:16.0123 4244  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:14:16.0123 4244  amdsata - ok
11:14:16.0139 4244  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:14:16.0154 4244  amdsbs - ok
11:14:16.0154 4244  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:14:16.0170 4244  amdxata - ok
11:14:16.0170 4244  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:14:16.0201 4244  AppID - ok
11:14:16.0201 4244  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:14:16.0232 4244  AppIDSvc - ok
11:14:16.0232 4244  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
11:14:16.0248 4244  Appinfo - ok
11:14:16.0248 4244  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:14:16.0263 4244  AppMgmt - ok
11:14:16.0279 4244  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
11:14:16.0279 4244  arc - ok
11:14:16.0295 4244  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:14:16.0295 4244  arcsas - ok
11:14:16.0310 4244  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:14:16.0326 4244  aspnet_state - ok
11:14:16.0326 4244  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
11:14:16.0341 4244  aswFsBlk - ok
11:14:16.0357 4244  [ 7A62C389380F6FF3FA952D511D8790B8 ] aswFW           C:\Windows\system32\drivers\aswFW.sys
11:14:16.0357 4244  aswFW - ok
11:14:16.0373 4244  [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
11:14:16.0373 4244  aswKbd - ok
11:14:16.0388 4244  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
11:14:16.0388 4244  aswMonFlt - ok
11:14:16.0388 4244  [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis         C:\Windows\system32\DRIVERS\aswNdis.sys
11:14:16.0404 4244  aswNdis - ok
11:14:16.0404 4244  [ 94CCA87794454E1824D59B092B9F70C4 ] aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
11:14:16.0419 4244  aswNdis2 - ok
11:14:16.0435 4244  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
11:14:16.0435 4244  aswRdr - ok
11:14:16.0451 4244  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
11:14:16.0451 4244  aswRvrt - ok
11:14:16.0466 4244  [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
11:14:16.0482 4244  aswSnx - ok
11:14:16.0497 4244  [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP           C:\Windows\system32\drivers\aswSP.sys
11:14:16.0513 4244  aswSP - ok
11:14:16.0513 4244  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
11:14:16.0529 4244  aswTdi - ok
11:14:16.0529 4244  [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
11:14:16.0544 4244  aswVmm - ok
11:14:16.0544 4244  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:14:16.0575 4244  AsyncMac - ok
11:14:16.0575 4244  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:14:16.0591 4244  atapi - ok
11:14:16.0607 4244  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:14:16.0638 4244  AudioEndpointBuilder - ok
11:14:16.0653 4244  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:14:16.0685 4244  AudioSrv - ok
11:14:16.0685 4244  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:14:16.0700 4244  avast! Antivirus - ok
11:14:16.0700 4244  [ C2009C6A452BD07B30D773349589B762 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
11:14:16.0716 4244  avast! Firewall - ok
11:14:16.0716 4244  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:14:16.0731 4244  AxInstSV - ok
11:14:16.0747 4244  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
11:14:16.0763 4244  b06bdrv - ok
11:14:16.0763 4244  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:14:16.0778 4244  b57nd60a - ok
11:14:16.0794 4244  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
11:14:16.0809 4244  BBSvc - ok
11:14:16.0809 4244  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
11:14:16.0825 4244  BBUpdate - ok
11:14:16.0825 4244  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:14:16.0841 4244  BDESVC - ok
11:14:16.0841 4244  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:14:16.0872 4244  Beep - ok
11:14:16.0887 4244  [ 06C1E887BF34C0E31EB8E2C999E4842F ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
11:14:16.0887 4244  BEService ( UnsignedFile.Multi.Generic ) - warning
11:14:16.0887 4244  BEService - detected UnsignedFile.Multi.Generic (1)
11:14:16.0903 4244  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:14:16.0934 4244  BFE - ok
11:14:16.0934 4244  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:14:16.0950 4244  blbdrive - ok
11:14:16.0950 4244  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:14:16.0965 4244  bowser - ok
11:14:16.0965 4244  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:14:16.0981 4244  BrFiltLo - ok
11:14:16.0997 4244  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:14:16.0997 4244  BrFiltUp - ok
11:14:17.0012 4244  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:14:17.0028 4244  Browser - ok
11:14:17.0028 4244  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:14:17.0043 4244  Brserid - ok
11:14:17.0043 4244  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:14:17.0059 4244  BrSerWdm - ok
11:14:17.0075 4244  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:14:17.0075 4244  BrUsbMdm - ok
11:14:17.0090 4244  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:14:17.0106 4244  BrUsbSer - ok
11:14:17.0106 4244  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
11:14:17.0121 4244  BthEnum - ok
11:14:17.0121 4244  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:14:17.0137 4244  BTHMODEM - ok
11:14:17.0137 4244  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:14:17.0153 4244  BthPan - ok
11:14:17.0168 4244  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
11:14:17.0184 4244  BTHPORT - ok
11:14:17.0184 4244  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:14:17.0215 4244  bthserv - ok
11:14:17.0231 4244  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
11:14:17.0246 4244  BTHUSB - ok
11:14:17.0246 4244  [ 7C72EF9D50CE9ACB415E19AA0C3B8ED7 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
11:14:17.0262 4244  btwaudio - ok
11:14:17.0262 4244  [ 229C274308C4BE6DF11988DD9B019324 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
11:14:17.0277 4244  btwavdt - ok
11:14:17.0277 4244  [ 81E53B4DFBA104687C5FFEFF74D709EE ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:14:17.0309 4244  btwdins - ok
11:14:17.0309 4244  [ 0037CB116097E8E0EA77F3B13C50FF1E ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
11:14:17.0324 4244  btwl2cap - ok
11:14:17.0324 4244  [ 7F5F8920E967534525981591338A92B0 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
11:14:17.0324 4244  btwrchid - ok
11:14:17.0340 4244  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:14:17.0371 4244  cdfs - ok
11:14:17.0371 4244  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:14:17.0387 4244  cdrom - ok
11:14:17.0402 4244  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:14:17.0418 4244  CertPropSvc - ok
11:14:17.0433 4244  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
11:14:17.0449 4244  circlass - ok
11:14:17.0449 4244  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:14:17.0465 4244  CLFS - ok
11:14:17.0480 4244  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:14:17.0480 4244  clr_optimization_v2.0.50727_32 - ok
11:14:17.0496 4244  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:14:17.0496 4244  clr_optimization_v2.0.50727_64 - ok
11:14:17.0511 4244  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:14:17.0527 4244  clr_optimization_v4.0.30319_32 - ok
11:14:17.0527 4244  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:14:17.0543 4244  clr_optimization_v4.0.30319_64 - ok
11:14:17.0543 4244  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:14:17.0558 4244  CmBatt - ok
11:14:17.0558 4244  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:14:17.0574 4244  cmdide - ok
11:14:17.0589 4244  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
11:14:17.0605 4244  CNG - ok
11:14:17.0605 4244  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:14:17.0621 4244  Compbatt - ok
11:14:17.0621 4244  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
11:14:17.0636 4244  CompositeBus - ok
11:14:17.0636 4244  COMSysApp - ok
11:14:17.0652 4244  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:14:17.0652 4244  crcdisk - ok
11:14:17.0667 4244  [ 3741EC4A0F2AB12F4C461DCCD8BA9705 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
11:14:17.0699 4244  Credential Vault Host Control Service - ok
11:14:17.0699 4244  [ 214C0DC5881951F0B0802E3FCA4C4690 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
11:14:17.0714 4244  Credential Vault Host Storage - ok
11:14:17.0714 4244  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:14:17.0730 4244  CryptSvc - ok
11:14:17.0745 4244  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
11:14:17.0761 4244  CSC - ok
11:14:17.0777 4244  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
11:14:17.0792 4244  CscService - ok
11:14:17.0792 4244  [ DBC6B7337004D5C6C66731C29DB6EAEA ] cvusbdrv        C:\Windows\system32\Drivers\cvusbdrv.sys
11:14:17.0808 4244  cvusbdrv - ok
11:14:17.0808 4244  [ 23C1A9E2E733547FE16584B89AC6E0B1 ] d553bus         C:\Windows\system32\DRIVERS\d553bus.sys
11:14:17.0823 4244  d553bus - ok
11:14:17.0839 4244  [ F4F4D86F9E0CC556F36D7B24B46BEE30 ] d553card        C:\Windows\system32\DRIVERS\d553card.sys
11:14:17.0855 4244  d553card - ok
11:14:17.0855 4244  [ 0AE0589615F46FA8583392702CB30790 ] d553gps         C:\Windows\system32\DRIVERS\d553gps64.sys
11:14:17.0855 4244  d553gps - ok
11:14:17.0870 4244  [ DA8608DCB3039B5E0CC837FADBEED502 ] d553mdfl2       C:\Windows\system32\DRIVERS\d553mdfl2.sys
11:14:17.0870 4244  d553mdfl2 - ok
11:14:17.0886 4244  [ 00A45B33DCEB66529BF0736076FA9E6A ] d553mdm2        C:\Windows\system32\DRIVERS\d553mdm2.sys
11:14:17.0901 4244  d553mdm2 - ok
11:14:17.0901 4244  [ 8A846C953E147942B135FA6A574631A2 ] d553nd5         C:\Windows\system32\DRIVERS\d553nd5.sys
11:14:17.0917 4244  d553nd5 - ok
11:14:17.0917 4244  [ E9C94249EE4DBD2DBDC8C353B46356D2 ] d553scard       C:\Windows\system32\DRIVERS\d553scard.sys
11:14:17.0917 4244  d553scard - ok
11:14:17.0933 4244  [ F37C03B2BE6710C92A34DD38A1552211 ] d553unic        C:\Windows\system32\DRIVERS\d553unic.sys
11:14:17.0948 4244  d553unic - ok
11:14:17.0948 4244  [ 7B2260B796D5DE34EDE7AE483005FCBB ] d554gps         C:\Windows\system32\DRIVERS\d554gps64.sys
11:14:17.0964 4244  d554gps - ok
11:14:17.0964 4244  [ CE9C61E6B14841845420F796A6FF429D ] d557bus         C:\Windows\system32\DRIVERS\d557bus.sys
11:14:17.0979 4244  d557bus - ok
11:14:17.0979 4244  [ 45A5C98F82413B0AEFFFB5353E2660D7 ] d557mdfl        C:\Windows\system32\DRIVERS\d557mdfl.sys
11:14:17.0995 4244  d557mdfl - ok
11:14:17.0995 4244  [ AFC8D92AECE1A9EF8CDD37F9ED483FD4 ] d557mdm         C:\Windows\system32\DRIVERS\d557mdm.sys
11:14:18.0011 4244  d557mdm - ok
11:14:18.0026 4244  [ B430F2576FFD60BA50139EAC989EB801 ] d557mgmt        C:\Windows\system32\DRIVERS\d557mgmt.sys
11:14:18.0042 4244  d557mgmt - ok
11:14:18.0042 4244  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:14:18.0073 4244  DcomLaunch - ok
11:14:18.0089 4244  [ A90D2A2D55D0B4499934271927BC7C09 ] dcpsysmgrsvc    C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
11:14:18.0104 4244  dcpsysmgrsvc - ok
11:14:18.0104 4244  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:14:18.0151 4244  defragsvc - ok
11:14:18.0151 4244  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:14:18.0182 4244  DfsC - ok
11:14:18.0182 4244  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:14:18.0198 4244  Dhcp - ok
11:14:18.0198 4244  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:14:18.0229 4244  discache - ok
11:14:18.0245 4244  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
11:14:18.0260 4244  Disk - ok
11:14:18.0260 4244  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
11:14:18.0276 4244  dmvsc - ok
11:14:18.0276 4244  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:14:18.0291 4244  Dnscache - ok
11:14:18.0291 4244  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:14:18.0323 4244  dot3svc - ok
11:14:18.0338 4244  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:14:18.0369 4244  DPS - ok
11:14:18.0369 4244  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:14:18.0385 4244  drmkaud - ok
11:14:18.0401 4244  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:14:18.0416 4244  DXGKrnl - ok
11:14:18.0432 4244  [ 761B9EDD97A021AA1922501B7A056635 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y62x64.sys
11:14:18.0432 4244  e1yexpress - ok
11:14:18.0447 4244  eabyeqpp - ok
11:14:18.0447 4244  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:14:18.0479 4244  EapHost - ok
11:14:18.0525 4244  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
11:14:18.0572 4244  ebdrv - ok
11:14:18.0572 4244  [ 7E63B3E6B7AE2E458C8A77BB6736A18A ] ecnssndis       C:\Windows\system32\Drivers\wwuss64.sys
11:14:18.0588 4244  ecnssndis - ok
11:14:18.0588 4244  [ 5ACC585E735191F83ABBFDC7C54A2F0E ] ecnssndisfltr   C:\Windows\system32\Drivers\wwussf64.sys
11:14:18.0603 4244  ecnssndisfltr - ok
11:14:18.0603 4244  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:14:18.0619 4244  EFS - ok
11:14:18.0635 4244  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:14:18.0650 4244  ehRecvr - ok
11:14:18.0650 4244  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:14:18.0666 4244  ehSched - ok
11:14:18.0681 4244  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:14:18.0697 4244  elxstor - ok
11:14:18.0697 4244  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:14:18.0713 4244  ErrDev - ok
11:14:18.0728 4244  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:14:18.0759 4244  EventSystem - ok
11:14:18.0775 4244  [ BDFCB7E8C108D042B213957D2B044E7E ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:14:18.0806 4244  EvtEng - ok
11:14:18.0806 4244  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:14:18.0837 4244  exfat - ok
11:14:18.0853 4244  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:14:18.0884 4244  fastfat - ok
11:14:18.0884 4244  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:14:18.0915 4244  Fax - ok
11:14:18.0915 4244  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
11:14:18.0931 4244  fdc - ok
11:14:18.0931 4244  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:14:18.0962 4244  fdPHost - ok
11:14:18.0962 4244  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:14:18.0993 4244  FDResPub - ok
11:14:18.0993 4244  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:14:19.0009 4244  FileInfo - ok
11:14:19.0009 4244  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:14:19.0040 4244  Filetrace - ok
11:14:19.0040 4244  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:14:19.0056 4244  flpydisk - ok
11:14:19.0071 4244  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:14:19.0071 4244  FltMgr - ok
11:14:19.0087 4244  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
11:14:19.0118 4244  FontCache - ok
11:14:19.0118 4244  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:14:19.0134 4244  FontCache3.0.0.0 - ok
11:14:19.0134 4244  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:14:19.0149 4244  FsDepends - ok
11:14:19.0149 4244  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:14:19.0165 4244  Fs_Rec - ok
11:14:19.0165 4244  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:14:19.0181 4244  fvevol - ok
11:14:19.0196 4244  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:14:19.0196 4244  gagp30kx - ok
11:14:19.0212 4244  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:14:19.0259 4244  gpsvc - ok
11:14:19.0259 4244  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:14:19.0274 4244  hcw85cir - ok
11:14:19.0274 4244  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:14:19.0290 4244  HdAudAddService - ok
11:14:19.0305 4244  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:14:19.0321 4244  HDAudBus - ok
11:14:19.0321 4244  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
11:14:19.0337 4244  HidBatt - ok
11:14:19.0337 4244  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:14:19.0352 4244  HidBth - ok
11:14:19.0352 4244  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:14:19.0368 4244  HidIr - ok
11:14:19.0368 4244  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
11:14:19.0399 4244  hidserv - ok
11:14:19.0399 4244  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:14:19.0415 4244  HidUsb - ok
11:14:19.0430 4244  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:14:19.0446 4244  hkmsvc - ok
11:14:19.0461 4244  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:14:19.0477 4244  HomeGroupListener - ok
11:14:19.0477 4244  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:14:19.0493 4244  HomeGroupProvider - ok
11:14:19.0493 4244  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:14:19.0508 4244  HpSAMD - ok
11:14:19.0524 4244  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:14:19.0555 4244  HTTP - ok
11:14:19.0571 4244  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:14:19.0571 4244  hwpolicy - ok
11:14:19.0586 4244  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:14:19.0586 4244  i8042prt - ok
11:14:19.0602 4244  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:14:19.0617 4244  iaStorV - ok
11:14:19.0633 4244  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:14:19.0649 4244  idsvc - ok
11:14:19.0649 4244  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:14:19.0664 4244  iirsp - ok
11:14:19.0680 4244  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:14:19.0711 4244  IKEEXT - ok
11:14:19.0711 4244  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:14:19.0727 4244  intelide - ok
11:14:19.0727 4244  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:14:19.0742 4244  intelppm - ok
11:14:19.0758 4244  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:14:19.0789 4244  IPBusEnum - ok
11:14:19.0789 4244  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:14:19.0820 4244  IpFilterDriver - ok
11:14:19.0820 4244  [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
11:14:19.0851 4244  IpHlpSvc - ok
11:14:19.0851 4244  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:14:19.0867 4244  IPMIDRV - ok
11:14:19.0867 4244  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:14:19.0898 4244  IPNAT - ok
11:14:19.0898 4244  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:14:19.0914 4244  IRENUM - ok
11:14:19.0914 4244  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:14:19.0929 4244  isapnp - ok
11:14:19.0945 4244  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:14:19.0945 4244  iScsiPrt - ok
11:14:19.0961 4244  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:14:19.0961 4244  kbdclass - ok
11:14:19.0976 4244  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:14:19.0992 4244  kbdhid - ok
11:14:19.0992 4244  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:14:20.0007 4244  KeyIso - ok
11:14:20.0007 4244  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:14:20.0023 4244  KSecDD - ok
11:14:20.0023 4244  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:14:20.0039 4244  KSecPkg - ok
11:14:20.0039 4244  [ 6EFBC82722D0F7B35283993189ECE9D0 ] KSS             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
11:14:20.0054 4244  KSS - ok
11:14:20.0054 4244  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:14:20.0085 4244  ksthunk - ok
11:14:20.0101 4244  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:14:20.0132 4244  KtmRm - ok
11:14:20.0132 4244  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:14:20.0163 4244  LanmanServer - ok
11:14:20.0179 4244  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:14:20.0210 4244  LanmanWorkstation - ok
11:14:20.0210 4244  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:14:20.0241 4244  lltdio - ok
11:14:20.0241 4244  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:14:20.0288 4244  lltdsvc - ok
11:14:20.0288 4244  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:14:20.0319 4244  lmhosts - ok
11:14:20.0319 4244  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:14:20.0335 4244  LSI_FC - ok
11:14:20.0335 4244  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:14:20.0351 4244  LSI_SAS - ok
11:14:20.0351 4244  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:14:20.0366 4244  LSI_SAS2 - ok
11:14:20.0366 4244  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:14:20.0382 4244  LSI_SCSI - ok
11:14:20.0382 4244  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:14:20.0413 4244  luafv - ok
11:14:20.0429 4244  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:14:20.0429 4244  MBAMProtector - ok
11:14:20.0444 4244  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:14:20.0460 4244  MBAMScheduler - ok
11:14:20.0460 4244  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:14:20.0475 4244  MBAMService - ok
11:14:20.0491 4244  [ 2E1652D8AB971403EAADDC921800B1FA ] mbmiodrvr       C:\Windows\syswow64\mbmiodrvr.sys
11:14:20.0507 4244  mbmiodrvr ( UnsignedFile.Multi.Generic ) - warning
11:14:20.0507 4244  mbmiodrvr - detected UnsignedFile.Multi.Generic (1)
11:14:20.0507 4244  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:14:20.0522 4244  Mcx2Svc - ok
11:14:20.0522 4244  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:14:20.0538 4244  megasas - ok
11:14:20.0538 4244  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:14:20.0553 4244  MegaSR - ok
11:14:20.0569 4244  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:14:20.0600 4244  MMCSS - ok
11:14:20.0600 4244  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:14:20.0632 4244  Modem - ok
11:14:20.0632 4244  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:14:20.0647 4244  monitor - ok
11:14:20.0647 4244  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:14:20.0663 4244  mouclass - ok
11:14:20.0663 4244  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:14:20.0678 4244  mouhid - ok
11:14:20.0678 4244  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:14:20.0694 4244  mountmgr - ok
11:14:20.0694 4244  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:14:20.0710 4244  MozillaMaintenance - ok
11:14:20.0710 4244  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:14:20.0725 4244  mpio - ok
11:14:20.0741 4244  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:14:20.0756 4244  mpsdrv - ok
11:14:20.0772 4244  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:14:20.0819 4244  MpsSvc - ok
11:14:20.0819 4244  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:14:20.0834 4244  MRxDAV - ok
11:14:20.0834 4244  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:14:20.0850 4244  mrxsmb - ok
11:14:20.0866 4244  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:14:20.0881 4244  mrxsmb10 - ok
11:14:20.0881 4244  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:14:20.0897 4244  mrxsmb20 - ok
11:14:20.0897 4244  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:14:20.0912 4244  msahci - ok
11:14:20.0912 4244  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:14:20.0928 4244  msdsm - ok
11:14:20.0928 4244  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:14:20.0944 4244  MSDTC - ok
11:14:20.0959 4244  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:14:20.0990 4244  Msfs - ok
11:14:20.0990 4244  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:14:21.0022 4244  mshidkmdf - ok
11:14:21.0022 4244  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:14:21.0037 4244  msisadrv - ok
11:14:21.0037 4244  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:14:21.0068 4244  MSiSCSI - ok
11:14:21.0068 4244  msiserver - ok
11:14:21.0068 4244  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:14:21.0100 4244  MSKSSRV - ok
11:14:21.0100 4244  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:14:21.0131 4244  MSPCLOCK - ok
11:14:21.0131 4244  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:14:21.0162 4244  MSPQM - ok
11:14:21.0178 4244  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:14:21.0193 4244  MsRPC - ok
11:14:21.0193 4244  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:14:21.0209 4244  mssmbios - ok
11:14:21.0209 4244  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:14:21.0240 4244  MSTEE - ok
11:14:21.0240 4244  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:14:21.0256 4244  MTConfig - ok
11:14:21.0256 4244  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:14:21.0271 4244  Mup - ok
11:14:21.0287 4244  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:14:21.0318 4244  napagent - ok
11:14:21.0318 4244  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:14:21.0349 4244  NativeWifiP - ok
11:14:21.0365 4244  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:14:21.0380 4244  NDIS - ok
11:14:21.0380 4244  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:14:21.0412 4244  NdisCap - ok
11:14:21.0427 4244  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:14:21.0443 4244  NdisTapi - ok
11:14:21.0458 4244  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:14:21.0490 4244  Ndisuio - ok
11:14:21.0490 4244  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:14:21.0521 4244  NdisWan - ok
11:14:21.0521 4244  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:14:21.0552 4244  NDProxy - ok
11:14:21.0552 4244  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:14:21.0583 4244  NetBIOS - ok
11:14:21.0599 4244  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:14:21.0630 4244  NetBT - ok
11:14:21.0630 4244  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:14:21.0646 4244  Netlogon - ok
11:14:21.0646 4244  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:14:21.0677 4244  Netman - ok
11:14:21.0692 4244  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:14:21.0692 4244  NetMsmqActivator - ok
11:14:21.0708 4244  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:14:21.0708 4244  NetPipeActivator - ok
11:14:21.0724 4244  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:14:21.0755 4244  netprofm - ok
11:14:21.0770 4244  [ 618C55B392238B9467F9113E13525C49 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
11:14:21.0802 4244  netr28ux - ok
11:14:21.0802 4244  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:14:21.0802 4244  NetTcpActivator - ok
11:14:21.0817 4244  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:14:21.0817 4244  NetTcpPortSharing - ok
11:14:21.0880 4244  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
11:14:21.0958 4244  netw5v64 - ok
11:14:22.0020 4244  [ EB43840BABF5589E33186D094DE7381D ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
11:14:22.0129 4244  NETwNs64 - ok
11:14:22.0129 4244  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:14:22.0145 4244  nfrd960 - ok
11:14:22.0145 4244  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:14:22.0160 4244  NlaSvc - ok
11:14:22.0176 4244  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:14:22.0192 4244  Npfs - ok
11:14:22.0207 4244  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:14:22.0238 4244  nsi - ok
11:14:22.0238 4244  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:14:22.0270 4244  nsiproxy - ok
11:14:22.0285 4244  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:14:22.0332 4244  Ntfs - ok
11:14:22.0332 4244  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:14:22.0363 4244  Null - ok
11:14:22.0472 4244  [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:14:22.0613 4244  nvlddmkm - ok
11:14:22.0613 4244  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:14:22.0628 4244  nvraid - ok
11:14:22.0628 4244  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:14:22.0644 4244  nvstor - ok
11:14:22.0660 4244  [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc           C:\Windows\system32\nvvsvc.exe
11:14:22.0691 4244  nvsvc - ok
11:14:22.0691 4244  [ 53AD8D1A1E1FF3699CF0BA2FBD044915 ] NvtlService     C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
11:14:22.0691 4244  NvtlService - ok
11:14:22.0706 4244  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:14:22.0722 4244  nv_agp - ok
11:14:22.0722 4244  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:14:22.0738 4244  ohci1394 - ok
11:14:22.0738 4244  [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService  C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
11:14:22.0753 4244  OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
11:14:22.0753 4244  OpenVPNService - detected UnsignedFile.Multi.Generic (1)
11:14:22.0753 4244  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:14:22.0769 4244  p2pimsvc - ok
11:14:22.0784 4244  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:14:22.0800 4244  p2psvc - ok
11:14:22.0816 4244  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:14:22.0831 4244  Parport - ok
11:14:22.0831 4244  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:14:22.0847 4244  partmgr - ok
11:14:22.0847 4244  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:14:22.0862 4244  PcaSvc - ok
11:14:22.0878 4244  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:14:22.0894 4244  pci - ok
11:14:22.0894 4244  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:14:22.0909 4244  pciide - ok
11:14:22.0909 4244  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:14:22.0925 4244  pcmcia - ok
11:14:22.0925 4244  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:14:22.0940 4244  pcw - ok
11:14:22.0940 4244  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:14:22.0987 4244  PEAUTH - ok
11:14:23.0003 4244  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
11:14:23.0034 4244  PeerDistSvc - ok
11:14:23.0034 4244  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:14:23.0050 4244  PerfHost - ok
11:14:23.0065 4244  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:14:23.0112 4244  pla - ok
11:14:23.0128 4244  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:14:23.0143 4244  PlugPlay - ok
11:14:23.0143 4244  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:14:23.0159 4244  PNRPAutoReg - ok
11:14:23.0159 4244  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:14:23.0174 4244  PNRPsvc - ok
11:14:23.0190 4244  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:14:23.0221 4244  PolicyAgent - ok
11:14:23.0237 4244  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
11:14:23.0268 4244  Power - ok
11:14:23.0268 4244  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:14:23.0299 4244  PptpMiniport - ok
11:14:23.0299 4244  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
11:14:23.0315 4244  Processor - ok
11:14:23.0330 4244  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:14:23.0346 4244  ProfSvc - ok
11:14:23.0346 4244  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:14:23.0362 4244  ProtectedStorage - ok
11:14:23.0362 4244  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:14:23.0393 4244  Psched - ok
11:14:23.0408 4244  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:14:23.0440 4244  ql2300 - ok
11:14:23.0440 4244  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:14:23.0455 4244  ql40xx - ok
11:14:23.0471 4244  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:14:23.0486 4244  QWAVE - ok
11:14:23.0486 4244  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:14:23.0502 4244  QWAVEdrv - ok
11:14:23.0502 4244  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:14:23.0549 4244  RasAcd - ok
11:14:23.0549 4244  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:14:23.0580 4244  RasAgileVpn - ok
11:14:23.0580 4244  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:14:23.0611 4244  RasAuto - ok
11:14:23.0627 4244  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:14:23.0642 4244  Rasl2tp - ok
11:14:23.0658 4244  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:14:23.0689 4244  RasMan - ok
11:14:23.0705 4244  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:14:23.0736 4244  RasPppoe - ok
11:14:23.0736 4244  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:14:23.0767 4244  RasSstp - ok
11:14:23.0767 4244  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:14:23.0798 4244  rdbss - ok
11:14:23.0798 4244  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:14:23.0814 4244  rdpbus - ok
11:14:23.0830 4244  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:14:23.0845 4244  RDPCDD - ok
11:14:23.0861 4244  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
11:14:23.0876 4244  RDPDR - ok
11:14:23.0876 4244  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:14:23.0908 4244  RDPENCDD - ok
11:14:23.0908 4244  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:14:23.0939 4244  RDPREFMP - ok
11:14:23.0939 4244  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:14:23.0954 4244  RdpVideoMiniport - ok
11:14:23.0954 4244  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:14:23.0970 4244  RDPWD - ok
11:14:23.0986 4244  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:14:24.0001 4244  rdyboost - ok
11:14:24.0017 4244  [ A6BAEA839CC888D4961AB5FE16BB8C4A ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:14:24.0032 4244  RegSrvc - ok
11:14:24.0032 4244  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:14:24.0064 4244  RemoteAccess - ok
11:14:24.0064 4244  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:14:24.0110 4244  RemoteRegistry - ok
11:14:24.0110 4244  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:14:24.0126 4244  RFCOMM - ok
11:14:24.0126 4244  [ 9C23519FC1FD331AAAEDC145AB947293 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
11:14:24.0142 4244  rimmptsk - ok
11:14:24.0142 4244  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:14:24.0173 4244  RpcEptMapper - ok
11:14:24.0173 4244  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:14:24.0188 4244  RpcLocator - ok
11:14:24.0204 4244  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:14:24.0235 4244  RpcSs - ok
11:14:24.0235 4244  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:14:24.0266 4244  rspndr - ok
11:14:24.0266 4244  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
11:14:24.0282 4244  s3cap - ok
11:14:24.0282 4244  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:14:24.0298 4244  SamSs - ok
11:14:24.0298 4244  SANDRA - ok
11:14:24.0313 4244  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:14:24.0329 4244  sbp2port - ok
11:14:24.0329 4244  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:14:24.0360 4244  SCardSvr - ok
11:14:24.0360 4244  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:14:24.0391 4244  scfilter - ok
11:14:24.0407 4244  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:14:24.0454 4244  Schedule - ok
11:14:24.0454 4244  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:14:24.0485 4244  SCPolicySvc - ok
11:14:24.0485 4244  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
11:14:24.0500 4244  sdbus - ok
11:14:24.0500 4244  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:14:24.0516 4244  SDRSVC - ok
11:14:24.0532 4244  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:14:24.0563 4244  secdrv - ok
11:14:24.0563 4244  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:14:24.0594 4244  seclogon - ok
11:14:24.0594 4244  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:14:24.0625 4244  SENS - ok
11:14:24.0625 4244  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:14:24.0641 4244  SensrSvc - ok
11:14:24.0641 4244  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:14:24.0656 4244  Serenum - ok
11:14:24.0672 4244  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:14:24.0688 4244  Serial - ok
11:14:24.0688 4244  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:14:24.0703 4244  sermouse - ok
11:14:24.0719 4244  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:14:24.0750 4244  SessionEnv - ok
11:14:24.0750 4244  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:14:24.0766 4244  sffdisk - ok
11:14:24.0766 4244  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:14:24.0781 4244  sffp_mmc - ok
11:14:24.0781 4244  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:14:24.0797 4244  sffp_sd - ok
11:14:24.0812 4244  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:14:24.0812 4244  sfloppy - ok
11:14:24.0828 4244  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:14:24.0859 4244  SharedAccess - ok
11:14:24.0875 4244  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:14:24.0906 4244  ShellHWDetection - ok
11:14:24.0906 4244  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:14:24.0922 4244  SiSRaid2 - ok
11:14:24.0922 4244  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:14:24.0937 4244  SiSRaid4 - ok
11:14:24.0937 4244  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:14:24.0953 4244  SkypeUpdate - ok
11:14:24.0953 4244  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:14:24.0984 4244  Smb - ok
11:14:25.0000 4244  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:14:25.0015 4244  SNMPTRAP - ok
11:14:25.0015 4244  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:14:25.0015 4244  spldr - ok
11:14:25.0031 4244  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
11:14:25.0046 4244  Spooler - ok
11:14:25.0078 4244  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:14:25.0156 4244  sppsvc - ok
11:14:25.0156 4244  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:14:25.0187 4244  sppuinotify - ok
11:14:25.0202 4244  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:14:25.0218 4244  srv - ok
11:14:25.0234 4244  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:14:25.0249 4244  srv2 - ok
11:14:25.0249 4244  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:14:25.0265 4244  srvnet - ok
11:14:25.0265 4244  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:14:25.0312 4244  SSDPSRV - ok
11:14:25.0312 4244  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:14:25.0343 4244  SstpSvc - ok
11:14:25.0343 4244  Steam Client Service - ok
11:14:25.0358 4244  [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:14:25.0358 4244  Stereo Service - ok
11:14:25.0374 4244  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:14:25.0390 4244  stexstor - ok
11:14:25.0390 4244  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:14:25.0421 4244  stisvc - ok
11:14:25.0421 4244  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
11:14:25.0436 4244  storflt - ok
11:14:25.0436 4244  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
11:14:25.0452 4244  StorSvc - ok
11:14:25.0452 4244  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
11:14:25.0468 4244  storvsc - ok
11:14:25.0468 4244  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:14:25.0483 4244  swenum - ok
11:14:25.0483 4244  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:14:25.0530 4244  swprv - ok
11:14:25.0546 4244  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:14:25.0577 4244  SysMain - ok
11:14:25.0592 4244  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:14:25.0608 4244  TabletInputService - ok
11:14:25.0608 4244  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
11:14:25.0624 4244  tap0901 - ok
11:14:25.0624 4244  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:14:25.0670 4244  TapiSrv - ok
11:14:25.0670 4244  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
11:14:25.0686 4244  tapoas - ok
11:14:25.0686 4244  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:14:25.0717 4244  TBS - ok
11:14:25.0733 4244  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:14:25.0780 4244  Tcpip - ok
11:14:25.0795 4244  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:14:25.0826 4244  TCPIP6 - ok
11:14:25.0826 4244  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:14:25.0842 4244  tcpipreg - ok
11:14:25.0842 4244  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:14:25.0858 4244  TDPIPE - ok
11:14:25.0858 4244  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:14:25.0873 4244  TDTCP - ok
11:14:25.0889 4244  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:14:25.0920 4244  tdx - ok
11:14:25.0920 4244  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:14:25.0936 4244  TermDD - ok
11:14:25.0936 4244  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:14:25.0982 4244  TermService - ok
11:14:25.0982 4244  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:14:25.0998 4244  Themes - ok
11:14:25.0998 4244  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:14:26.0029 4244  THREADORDER - ok
11:14:26.0045 4244  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:14:26.0076 4244  TrkWks - ok
11:14:26.0076 4244  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:14:26.0107 4244  TrustedInstaller - ok
11:14:26.0107 4244  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:14:26.0138 4244  tssecsrv - ok
11:14:26.0138 4244  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:14:26.0154 4244  TsUsbFlt - ok
11:14:26.0154 4244  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
11:14:26.0170 4244  TsUsbGD - ok
11:14:26.0170 4244  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:14:26.0201 4244  tunnel - ok
11:14:26.0216 4244  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:14:26.0216 4244  uagp35 - ok
11:14:26.0232 4244  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:14:26.0263 4244  udfs - ok
11:14:26.0263 4244  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:14:26.0279 4244  UI0Detect - ok
11:14:26.0279 4244  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:14:26.0294 4244  uliagpkx - ok
11:14:26.0294 4244  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:14:26.0310 4244  umbus - ok
11:14:26.0326 4244  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
11:14:26.0326 4244  UmPass - ok
11:14:26.0341 4244  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
11:14:26.0357 4244  UmRdpService - ok
11:14:26.0357 4244  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:14:26.0404 4244  upnphost - ok
11:14:26.0404 4244  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
11:14:26.0419 4244  usbaudio - ok
11:14:26.0419 4244  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:14:26.0435 4244  usbccgp - ok
11:14:26.0435 4244  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:14:26.0450 4244  usbcir - ok
11:14:26.0466 4244  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:14:26.0466 4244  usbehci - ok
11:14:26.0482 4244  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:14:26.0497 4244  usbhub - ok
11:14:26.0497 4244  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:14:26.0513 4244  usbohci - ok
11:14:26.0513 4244  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
11:14:26.0528 4244  usbprint - ok
11:14:26.0528 4244  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:14:26.0544 4244  USBSTOR - ok
11:14:26.0544 4244  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:14:26.0560 4244  usbuhci - ok
11:14:26.0560 4244  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:14:26.0606 4244  UxSms - ok
11:14:26.0606 4244  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:14:26.0622 4244  VaultSvc - ok
11:14:26.0622 4244  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:14:26.0638 4244  vdrvroot - ok
11:14:26.0638 4244  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:14:26.0684 4244  vds - ok
11:14:26.0684 4244  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:14:26.0700 4244  vga - ok
11:14:26.0700 4244  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:14:26.0731 4244  VgaSave - ok
11:14:26.0731 4244  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:14:26.0747 4244  vhdmp - ok
11:14:26.0747 4244  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:14:26.0762 4244  viaide - ok
11:14:26.0762 4244  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
11:14:26.0778 4244  vmbus - ok
11:14:26.0794 4244  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
11:14:26.0794 4244  VMBusHID - ok
11:14:26.0809 4244  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:14:26.0809 4244  volmgr - ok
11:14:26.0825 4244  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:14:26.0840 4244  volmgrx - ok
11:14:26.0840 4244  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:14:26.0856 4244  volsnap - ok
11:14:26.0872 4244  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:14:26.0887 4244  vsmraid - ok
11:14:26.0903 4244  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:14:26.0950 4244  VSS - ok
11:14:26.0950 4244  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:14:26.0965 4244  vwifibus - ok
11:14:26.0965 4244  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:14:26.0981 4244  vwififlt - ok
11:14:26.0996 4244  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
11:14:27.0012 4244  vwifimp - ok
11:14:27.0012 4244  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:14:27.0043 4244  W32Time - ok
11:14:27.0059 4244  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:14:27.0059 4244  WacomPen - ok
11:14:27.0074 4244  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:14:27.0106 4244  WANARP - ok
11:14:27.0106 4244  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:14:27.0137 4244  Wanarpv6 - ok
11:14:27.0152 4244  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:14:27.0184 4244  wbengine - ok
11:14:27.0184 4244  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:14:27.0199 4244  WbioSrvc - ok
11:14:27.0215 4244  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:14:27.0230 4244  wcncsvc - ok
11:14:27.0246 4244  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:14:27.0262 4244  WcsPlugInService - ok
11:14:27.0262 4244  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
11:14:27.0277 4244  Wd - ok
11:14:27.0277 4244  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:14:27.0308 4244  Wdf01000 - ok
11:14:27.0308 4244  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:14:27.0324 4244  WdiServiceHost - ok
11:14:27.0340 4244  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:14:27.0355 4244  WdiSystemHost - ok
11:14:27.0355 4244  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
11:14:27.0386 4244  WebClient - ok
11:14:27.0386 4244  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:14:27.0418 4244  Wecsvc - ok
11:14:27.0433 4244  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:14:27.0464 4244  wercplsupport - ok
11:14:27.0464 4244  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:14:27.0496 4244  WerSvc - ok
11:14:27.0496 4244  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:14:27.0527 4244  WfpLwf - ok
11:14:27.0527 4244  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:14:27.0542 4244  WIMMount - ok
11:14:27.0542 4244  WinDefend - ok
11:14:27.0558 4244  WinHttpAutoProxySvc - ok
11:14:27.0558 4244  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:14:27.0589 4244  Winmgmt - ok
11:14:27.0620 4244  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:14:27.0667 4244  WinRM - ok
11:14:27.0683 4244  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
11:14:27.0698 4244  WinUsb - ok
11:14:27.0698 4244  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:14:27.0730 4244  Wlansvc - ok
11:14:27.0745 4244  [ B7611A163ADC4D3C5262A869DA890FBC ] WMCoreService   C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
11:14:27.0745 4244  WMCoreService ( UnsignedFile.Multi.Generic ) - warning
11:14:27.0745 4244  WMCoreService - detected UnsignedFile.Multi.Generic (1)
11:14:27.0761 4244  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
11:14:27.0761 4244  WmiAcpi - ok
11:14:27.0776 4244  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:14:27.0792 4244  wmiApSrv - ok
11:14:27.0792 4244  WMPNetworkSvc - ok
11:14:27.0792 4244  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:14:27.0808 4244  WPCSvc - ok
11:14:27.0823 4244  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:14:27.0839 4244  WPDBusEnum - ok
11:14:27.0839 4244  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:14:27.0870 4244  ws2ifsl - ok
11:14:27.0870 4244  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:14:27.0886 4244  wscsvc - ok
11:14:27.0901 4244  WSearch - ok
11:14:27.0901 4244  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:14:27.0917 4244  WudfPf - ok
11:14:27.0917 4244  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:14:27.0932 4244  WUDFRd - ok
11:14:27.0948 4244  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:14:27.0964 4244  wudfsvc - ok
11:14:27.0964 4244  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:14:27.0979 4244  WwanSvc - ok
11:14:27.0979 4244  [ A1C2F6E26E47534EA926E92312E69B6C ] WwanUsbServ     C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
11:14:27.0995 4244  WwanUsbServ - ok
11:14:28.0010 4244  ================ Scan global ===============================
11:14:28.0026 4244  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:14:28.0026 4244  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:14:28.0042 4244  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:14:28.0042 4244  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:14:28.0042 4244  [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
11:14:28.0057 4244  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
11:14:28.0057 4244  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
11:14:28.0057 4244  ================ Scan MBR ==================================
11:14:28.0057 4244  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:14:28.0135 4244  \Device\Harddisk0\DR0 - ok
11:14:28.0135 4244  ================ Scan VBR ==================================
11:14:28.0135 4244  [ 318322C8502E538E9E56A4C8FA2ECD99 ] \Device\Harddisk0\DR0\Partition1
11:14:28.0151 4244  \Device\Harddisk0\DR0\Partition1 - ok
11:14:28.0151 4244  ============================================================
11:14:28.0151 4244  Scan finished
11:14:28.0151 4244  ============================================================
11:14:28.0151 0364  Detected object count: 5
11:14:28.0151 0364  Actual detected object count: 5
11:31:18.0822 0364  BEService ( UnsignedFile.Multi.Generic ) - skipped by user
11:31:18.0822 0364  BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:31:18.0822 0364  mbmiodrvr ( UnsignedFile.Multi.Generic ) - skipped by user
11:31:18.0822 0364  mbmiodrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:31:18.0822 0364  OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
11:31:18.0822 0364  OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:31:18.0822 0364  WMCoreService ( UnsignedFile.Multi.Generic ) - skipped by user
11:31:18.0822 0364  WMCoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:31:18.0822 0364  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
11:31:18.0822 0364  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
ich hab außerdem noch einen zoek-scann gemacht, da es mir von einem freund empfohlen worden ist euch das auch zu schicken.
ich hoffe damit könnt ihr was anfangen und danke schonmal im vorraus
mfg Stefan

Alt 13.06.2013, 11:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner! in System32/services.exe - Standard

Bundestrojaner! in System32/services.exe


Hallo und


Zitat:
C:\$Recycle.Bin\S-1-5-21-88614568-3788899469-1638983475-1000\trz2E9B.tmp (Rootkit.0Access)

C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a )

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.

  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.

  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.
Teile mir also mit, wie du dich entschieden hast.
__________________

__________________
Alt 13.06.2013, 12:20   #3
Twen
 
Bundestrojaner! in System32/services.exe - Standard

Bundestrojaner! in System32/services.exe


Ich benutze, anscheinend zum Glück, meinen Laptop nicht zum online Banking. daher mach ich mir in dieser Richtung keine Sorgen. Allerdings sind viele andere Passwörter dort unterwegs :S
ich würde gerne versuchen um ein komplettes Neu-aufsetzen herum zu kommen.
__________________
Alt 13.06.2013, 13:23   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner! in System32/services.exe - Standard

Bundestrojaner! in System32/services.exe


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.06.2013, 14:29   #5
Twen
 
Bundestrojaner! in System32/services.exe - Standard

Bundestrojaner! in System32/services.exe


so hier sind die OTL Logs:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.06.2013 15:18:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,93 Gb Total Physical Memory | 5,68 Gb Available Physical Memory | 71,68% Memory free
15,85 Gb Paging File | 13,35 Gb Available in Paging File | 84,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 118,06 Gb Free Space | 49,51% Space Free | Partition Type: NTFS
 
Computer Name: NB-SHK-DELL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.28\deploy\LolClient.exe (Adobe Systems Inc.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe ()
PRC - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Programme\Dell\Dell System Manager\PanelHelper32.exe (Dell Inc.)
PRC - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
PRC - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.28\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe ()
MOD - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()
SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (Credential Vault Host Control Service) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (dcpsysmgrsvc) -- C:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (NvtlService) -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WMCoreService) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013a\WNt500x64\Sandra.sys File not found
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (cvusbdrv) -- C:\Windows\SysNative\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB)
DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB)
DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (d554gps) -- C:\Windows\SysNative\drivers\d554gps64.sys (Ericsson AB)
DRV:64bit: - (d557mdm) -- C:\Windows\SysNative\drivers\d557mdm.sys (MCCI Corporation)
DRV:64bit: - (d557mgmt) -- C:\Windows\SysNative\drivers\d557mgmt.sys (MCCI Corporation)
DRV:64bit: - (d557bus) -- C:\Windows\SysNative\drivers\d557bus.sys (MCCI Corporation)
DRV:64bit: - (d557mdfl) -- C:\Windows\SysNative\drivers\d557mdfl.sys (MCCI Corporation)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (d553scard) -- C:\Windows\SysNative\drivers\d553scard.sys (Dell)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (d553gps) -- C:\Windows\SysNative\drivers\d553gps64.sys (Dell)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (d553unic) -- C:\Windows\SysNative\drivers\d553unic.sys (MCCI Corporation)
DRV:64bit: - (d553nd5) -- C:\Windows\SysNative\drivers\d553nd5.sys (MCCI Corporation)
DRV:64bit: - (d553mdm2) -- C:\Windows\SysNative\drivers\d553mdm2.sys (MCCI Corporation)
DRV:64bit: - (d553card) -- C:\Windows\SysNative\drivers\d553card.sys (MCCI Corporation)
DRV:64bit: - (d553bus) -- C:\Windows\SysNative\drivers\d553bus.sys (MCCI Corporation)
DRV:64bit: - (d553mdfl2) -- C:\Windows\SysNative\drivers\d553mdfl2.sys (MCCI Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mbmiodrvr) -- C:\Windows\SysWOW64\mbmiodrvr.sys (cansoft@livewiredev.com)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-88614568-3788899469-1638983475-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-88614568-3788899469-1638983475-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-88614568-3788899469-1638983475-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-88614568-3788899469-1638983475-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 85 75 66 8F B2 CD 01  [binary data]
IE - HKU\S-1-5-21-88614568-3788899469-1638983475-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-88614568-3788899469-1638983475-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-88614568-3788899469-1638983475-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-88614568-3788899469-1638983475-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\User\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.12 16:51:54 | 000,000,000 | ---D | M]
 
[2012.11.03 15:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.11.03 15:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2013.05.24 14:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.24 14:50:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.10.11 22:08:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\User\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\
CHR - Extension: Google Mail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.11.03 15:18:14 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (PDFXChange 2012) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Programme\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDFXChange 2012) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Programme\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-88614568-3788899469-1638983475-1000..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\StefanKellner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\StefanKellner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\StefanKellner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk = C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-88614568-3788899469-1638983475-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.98.31 192.168.100.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rak.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32070082-4F5C-47DF-A6B0-DE3778593FA4}: DhcpNameServer = 192.168.98.31 192.168.100.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{409D29F3-86D7-4BE7-BA5C-27457EDD4800}: NameServer = 10.74.210.210 10.74.210.211
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.13 15:17:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.06.13 14:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.06.13 14:03:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Google
[2013.06.13 14:03:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.06.13 14:03:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Deployment
[2013.06.13 14:03:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apps
[2013.06.13 11:07:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.13 10:52:17 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013.06.13 10:52:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Temp
[2013.06.12 19:47:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013.06.12 19:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.12 19:47:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.12 19:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.12 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.12 19:46:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013.06.12 18:39:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LolClient
[2013.06.12 18:12:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2013.06.12 18:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.06.12 18:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.06.12 16:51:56 | 000,270,824 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013.06.12 16:51:56 | 000,131,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013.06.12 16:51:56 | 000,022,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013.06.12 16:51:55 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2013.06.12 16:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013.06.12 13:03:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\WinRAR
[2013.06.12 12:48:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\raidcall
[2013.06.06 21:23:58 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.06.06 21:23:58 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.06.06 21:23:58 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013.06.06 21:23:58 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013.06.06 21:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2013.06.06 17:44:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.06.06 17:44:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2013.06.06 17:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.05 19:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.05.25 01:27:33 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.25 01:27:33 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.25 01:27:33 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.25 01:27:33 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.25 01:27:33 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.25 01:27:33 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.25 01:27:33 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.25 01:27:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.25 01:27:33 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.25 01:27:33 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.25 01:27:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.25 01:27:33 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.25 01:27:33 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.25 01:27:33 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.25 01:27:33 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.25 01:27:33 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.25 01:27:33 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.25 01:27:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.25 01:27:33 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.25 01:27:33 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.25 01:27:33 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.25 01:27:33 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.25 01:27:33 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.25 01:27:33 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.25 01:27:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.25 01:27:33 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.25 01:27:33 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.25 01:27:33 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.25 01:27:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.25 01:27:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.25 01:27:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.25 01:27:33 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.25 01:27:33 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.25 01:27:33 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.25 01:27:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.25 01:27:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.25 01:27:33 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.25 01:27:33 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.25 01:27:33 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.25 01:27:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.25 01:27:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.25 01:27:33 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.25 01:27:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.25 01:27:33 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.25 01:27:33 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.25 01:27:33 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.25 01:27:33 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.25 01:27:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.25 01:27:33 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.25 01:27:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.25 01:27:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.25 01:27:33 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.25 01:27:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.25 01:27:33 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.25 01:27:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.25 01:27:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.25 01:27:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.25 01:27:33 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.25 01:27:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.25 01:27:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.25 01:27:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.25 01:27:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.25 01:27:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.25 01:27:33 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.25 01:27:33 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.25 01:27:33 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.25 01:27:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.25 01:27:33 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.25 01:27:07 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.05.25 01:27:07 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.05.25 01:27:07 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.05.25 01:27:07 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.05.25 01:27:07 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.05.25 01:27:07 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.05.25 01:27:07 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.05.25 01:27:07 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.05.25 01:27:07 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.05.25 01:27:07 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.05.25 01:27:07 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.05.25 01:27:07 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.05.25 01:27:07 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.05.25 01:27:07 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.05.25 01:27:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.05.25 01:27:07 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.05.25 01:27:07 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.05.25 01:27:07 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.05.25 01:27:07 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.05.25 01:27:07 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.05.25 01:27:07 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.05.25 01:27:07 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.05.25 01:27:07 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.05.25 01:27:07 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.05.25 01:27:07 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.05.25 01:27:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.05.25 01:27:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.05.25 01:27:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.05.25 01:27:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.05.25 01:27:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.05.25 01:27:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.05.25 01:27:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.05.25 01:27:07 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.05.24 21:18:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2013.05.24 14:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.15 22:33:44 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 22:33:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 22:33:40 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 22:33:40 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 22:33:39 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 22:33:39 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 22:33:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.13 15:17:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.06.13 15:15:00 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2013.06.13 15:08:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.13 14:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.13 14:08:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.13 14:03:36 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.13 13:23:00 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1539696136-2885339463-3568682709-1151.job
[2013.06.13 11:14:13 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 11:14:13 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 11:11:25 | 001,613,166 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.13 11:11:25 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.13 11:11:25 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.13 11:11:25 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.13 11:11:25 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.13 11:07:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.13 11:06:55 | 2087,649,279 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.13 10:40:52 | 001,271,518 | ---- | M] () -- C:\Users\User\Desktop\zoek.exe
[2013.06.12 19:47:12 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.12 18:13:19 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.12 18:12:01 | 000,001,079 | ---- | M] () -- C:\Users\User\Desktop\Kaspersky Security Scan.lnk
[2013.06.12 16:51:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.12 16:51:03 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013.06.12 16:45:15 | 299,798,528 | ---- | M] () -- C:\Users\User\Desktop\kav_rescue_10.iso
[2013.06.12 11:26:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.06 21:23:58 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.06.06 21:23:58 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.06.06 21:23:58 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013.06.06 21:23:58 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013.06.05 23:29:58 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.25 01:27:33 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.25 01:27:33 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.25 01:27:33 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.25 01:27:33 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.25 01:27:33 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.25 01:27:33 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.25 01:27:33 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.25 01:27:33 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.25 01:27:33 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.25 01:27:33 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.25 01:27:33 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.25 01:27:33 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.25 01:27:33 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.25 01:27:33 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.25 01:27:33 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.25 01:27:33 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.25 01:27:33 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.25 01:27:33 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.25 01:27:33 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.25 01:27:33 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.25 01:27:33 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.25 01:27:33 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.25 01:27:33 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.25 01:27:33 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.25 01:27:33 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.25 01:27:33 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.25 01:27:33 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.25 01:27:33 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.25 01:27:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.25 01:27:33 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.25 01:27:33 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.25 01:27:33 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.25 01:27:33 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.25 01:27:33 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.25 01:27:33 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.25 01:27:33 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.25 01:27:33 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.25 01:27:33 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.25 01:27:33 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.25 01:27:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.25 01:27:33 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.25 01:27:33 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.25 01:27:33 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.25 01:27:33 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.25 01:27:33 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.25 01:27:33 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.25 01:27:33 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.25 01:27:33 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.25 01:27:33 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.25 01:27:33 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.25 01:27:33 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.25 01:27:33 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.25 01:27:33 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.25 01:27:33 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.25 01:27:33 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.25 01:27:33 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.25 01:27:33 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.25 01:27:33 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.25 01:27:33 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.25 01:27:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.25 01:27:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.25 01:27:33 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.25 01:27:33 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.25 01:27:33 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.25 01:27:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.25 01:27:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.25 01:27:33 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.25 01:27:33 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.25 01:27:33 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.25 01:27:33 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.25 01:27:07 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.05.25 01:27:07 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.05.25 01:27:07 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.05.25 01:27:07 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.05.25 01:27:07 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.05.25 01:27:07 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.05.25 01:27:07 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.05.25 01:27:07 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.05.25 01:27:07 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.05.25 01:27:07 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.05.25 01:27:07 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.05.25 01:27:07 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.05.25 01:27:07 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.05.25 01:27:07 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.05.25 01:27:07 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.05.25 01:27:07 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.05.25 01:27:07 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.05.25 01:27:07 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.05.25 01:27:07 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.05.25 01:27:07 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.05.25 01:27:07 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.05.25 01:27:07 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.05.25 01:27:07 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.05.25 01:27:07 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.05.25 01:27:07 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.05.25 01:27:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.05.25 01:27:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.05.25 01:27:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.05.25 01:27:07 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.05.25 01:27:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.05.25 01:27:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.05.25 01:27:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.05.25 01:27:07 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.05.25 01:27:07 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.05.24 13:55:22 | 000,000,364 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.13 14:03:36 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.13 14:03:13 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.13 14:03:13 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.13 10:40:52 | 001,271,518 | ---- | C] () -- C:\Users\User\Desktop\zoek.exe
[2013.06.12 19:47:12 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.12 18:12:03 | 000,001,079 | ---- | C] () -- C:\Users\User\Desktop\Kaspersky Security Scan.lnk
[2013.06.12 16:51:55 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.12 16:51:55 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.06.12 16:51:03 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013.06.12 16:43:24 | 299,798,528 | ---- | C] () -- C:\Users\User\Desktop\kav_rescue_10.iso
[2013.05.25 01:27:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.25 01:27:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.24 13:55:22 | 000,000,364 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2013.04.06 14:54:50 | 001,590,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.03 18:12:58 | 000,000,511 | ---- | C] () -- C:\Windows\eReg.dat
[2012.12.23 00:00:10 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2012.12.23 00:00:10 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2012.11.03 15:33:33 | 000,003,088 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.10.25 11:25:31 | 000,259,176 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013.06.13 11:07:02 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013.06.13 11:07:02 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.06.2013 15:18:42 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,93 Gb Total Physical Memory | 5,68 Gb Available Physical Memory | 71,68% Memory free
15,85 Gb Paging File | 13,35 Gb Available in Paging File | 84,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 118,06 Gb Free Space | 49,51% Space Free | Partition Type: NTFS
 
Computer Name: NB-SHK-DELL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-88614568-3788899469-1638983475-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi-Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68BCE2A4-02E9-4482-B956-CB1D9693522A}" = Dell 5530 Wireless Broadband Package
"{72E1C93F-BA1C-4E88-BA29-C3B716217E69}" = Dell ControlVault Host Components Installer 64 bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9CC89928-4787-4ED5-9942-4EBF6C2468E6}" = Dell System Manager
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D32F6B1F-0FD0-46DA-B821-8D876070F20C}" = Dell Wireless HSPA Mini-Card Drivers
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1" = PDF-XChange 2012 Pro
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-4.3.0.0
"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{58C7728C-D226-41B9-AA52-39CCC3ADB65F}_is1" = DEFIANCE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}" = DefianceRuntimes
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{A45F66B6-8F29-453B-86FE-060950DAB713}" = RuckZuck Studentenversion
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{CCDF8E78-6102-470A-BBE4-9AF13694C716}" = Dell Mobile Broadband Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Internet Security
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Cockatrice" = Cockatrice
"Dell Mobile Broadband Utility" = Dell Mobile Broadband Utility
"Google Chrome" = Google Chrome
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.2.2
"RaidCall" = RaidCall
"RegClean Pro_is1" = RegClean Pro
"Steam App 105600" = Terraria
"Steam App 113200" = The Binding of Isaac
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 219150" = Hotline Miami
"Steam App 219540" = ARMA 2: Operation Arrowhead Beta
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 35700" = Trine
"Steam App 35720" = Trine 2
"Steam App 39200" = Dungeon Siege 2
"Steam App 4000" = Garry's Mod
"Steam App 42910" = Magicka
"Steam App 4560" = Company of Heroes
"Steam App 570" = Dota 2
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 9340" = Company of Heroes: Opposing Fronts
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.06.2013 07:16:50 | Computer Name = NB-SHK-DELL.rak.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.06.2013 10:35:54 | Computer Name = NB-SHK-DELL.rak.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.06.2013 10:50:08 | Computer Name = NB-SHK-DELL.rak.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.06.2013 12:06:25 | Computer Name = NB-SHK-DELL.rak.local | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 3a8    Startzeit: 01ce67866ec1cebe    Endzeit: 16    Anwendungspfad: 
C:\Windows\Explorer.EXE    Berichts-ID: 0509ab4f-d37a-11e2-9882-028037ec0200  
 
Error - 12.06.2013 14:15:50 | Computer Name = NB-SHK-DELL.rak.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.06.2013 17:50:44 | Computer Name = NB-SHK-DELL.rak.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0x4000001f  Fehleroffset: 0x0005801d  ID des fehlerhaften
 Prozesses: 0x101c  Startzeit der fehlerhaften Anwendung: 0x01ce6798f70362b3  Pfad der
 fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.28\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 21bd2dc5-d3aa-11e2-9c46-eef7b172535a
 
Error - 13.06.2013 04:23:41 | Computer Name = NB-SHK-DELL.rak.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.06.2013 04:27:40 | Computer Name = NB-SHK-DELL.rak.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.06.2013 04:39:08 | Computer Name = NB-SHK-DELL.rak.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: zoek.exe, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x77c61221  ID des fehlerhaften Prozesses:
 0x1348  Startzeit der fehlerhaften Anwendung: 0x01ce68117810c781  Pfad der fehlerhaften
 Anwendung: C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFLX64XU\zoek.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: b603fa7b-d404-11e2-9369-028037ec0200
 
Error - 13.06.2013 05:07:08 | Computer Name = NB-SHK-DELL.rak.local | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 13.06.2013 08:23:29 | Computer Name = NB-SHK-DELL.rak.local | Source = SCardSvr | ID = 610
Description = 
 
Error - 13.06.2013 08:23:29 | Computer Name = NB-SHK-DELL.rak.local | Source = SCardSvr | ID = 610
Description = 
 
Error - 13.06.2013 08:23:29 | Computer Name = NB-SHK-DELL.rak.local | Source = SCardSvr | ID = 610
Description = 
 
Error - 13.06.2013 08:23:29 | Computer Name = NB-SHK-DELL.rak.local | Source = SCardSvr | ID = 610
Description = 
 
Error - 13.06.2013 08:23:29 | Computer Name = NB-SHK-DELL.rak.local | Source = SCardSvr | ID = 610
Description = 
 
Error - 13.06.2013 08:23:29 | Computer Name = NB-SHK-DELL.rak.local | Source = SCardSvr | ID = 610
Description = 
 
Error - 13.06.2013 08:23:29 | Computer Name = NB-SHK-DELL.rak.local | Source = SCardSvr | ID = 610
Description = 
 
Error - 13.06.2013 08:23:29 | Computer Name = NB-SHK-DELL.rak.local | Source = SCardSvr | ID = 610
Description = 
 
Error - 13.06.2013 08:23:29 | Computer Name = NB-SHK-DELL.rak.local | Source = SCardSvr | ID = 610
Description = 
 
Error - 13.06.2013 08:23:29 | Computer Name = NB-SHK-DELL.rak.local | Source = SCardSvr | ID = 610
Description = 
 
 
< End of report >
--- --- ---

mir ist aufgefallen, dass seid dem ich den tdsskiller drüber laufen lassen hab, avast keine neuen Meldungen bringt, obwohl ich gesagt habt, dass er nichts löschen oder reinigen soll.


Alt 13.06.2013, 15:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner! in System32/services.exe - Standard

Bundestrojaner! in System32/services.exe


Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.98.31 192.168.100.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = r**.local

Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
__________________
--> Bundestrojaner! in System32/services.exe

Alt 13.06.2013, 16:32   #7
Twen
 
Bundestrojaner! in System32/services.exe - Standard

Bundestrojaner! in System32/services.exe


Das das relevant ist, war mir nicht klar, da es es nur ein kleines Unternehmen ist, dass an verschiedenen Orten arbeitet. Und soweit ich weis, haben wir auch keinen richtigen IT Support, sondern nur jemanden, der sich mit Netzwerken ein wenig besser auskennt :S
Nun gut ich werde mal nachfragen, wie es in diesem Fall gehandhabt wird.
aber danke für die Schnelle Hilfe bis hier hin
MfG Stefan

Alt 13.06.2013, 21:02   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner! in System32/services.exe - Standard

Bundestrojaner! in System32/services.exe


Naja, bei kleinen Unternehmen geben wir schon Support, aber mein Hauptanliegen ist, dass evtl brisante Daten in den Logs stehen könnten, die du nicht öffentlich haben willst.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Bundestrojaner! in System32/services.exe
administrator, bingbar, browser, bundestrojaner eingefangen, computer, dxgkrnl, firewall, fontcache, internet, kaspersky, löschen, monitor, policyagent, rootkit.0access, services.exe, sigcheck, trojan.agent.ge, trojan.agent.gen, trojan.fakems, trustedinstaller, tunnel, wlansvc, wsearch


« avast meldet Trojanisches Pferd bei Ebay | Postbank Online Banking Trojaner »


Ähnliche Themen: Bundestrojaner! in System32/services.exe


  1. Virus in 'C:\Windows\System32\services.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (5)
  2. Virus Win64/Patched.A in c:\Windows\System32\services.exe
    Log-Analyse und Auswertung - 29.05.2013 (11)
  3. C:\Windows\System32\services.exe Infiziert!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (58)
  4. W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe
    Log-Analyse und Auswertung - 23.05.2013 (54)
  5. 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe'
    Log-Analyse und Auswertung - 15.05.2013 (24)
  6. Trojan Zeroaccess!inf4 C:\windows\system32\services.exe + Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (2)
  7. W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (23)
  8. Trojaner: Patched_c.LYU laut AVG in c:\Windows\System32\services.exe!
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (13)
  9. Avira findet W32/Patched.UC in C:\windows\system32\services.exe
    Log-Analyse und Auswertung - 08.01.2013 (19)
  10. W32/Patched.UB in c:\windows\system32\services.exe
    Log-Analyse und Auswertung - 02.08.2012 (7)
  11. Avast Fehler bei windows\System32\services.exe
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  12. Trojaner im System32 - Services.exe / Was tun?
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  13. C:\windows\system32\services.exe - SVC Host trojaner
    Log-Analyse und Auswertung - 04.07.2012 (3)
  14. Trojaner: PSW.Generic.RDX in c:\windows\system32\services.exe
    Log-Analyse und Auswertung - 09.01.2012 (29)
  15. system32\services.exe wurde unerwartet mit dem Statuscode 128 beendet
    Log-Analyse und Auswertung - 23.09.2009 (1)
  16. C:\\windows\system32\services.exe Problem
    Log-Analyse und Auswertung - 28.06.2007 (6)
  17. Systemprozess WINNT/system32/services.exe unerwartet abgebrochen
    Plagegeister aller Art und deren Bekämpfung - 18.12.2006 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundestrojaner! in System32/services.exe - Guten Tag liebes Trojaner-Board Team, Ich habe mir vor 2 Tagen anscheinend den Bundestrojaner eingefangen und habe seitdem schon ein wenig versucht mit Malwarebytes und meinem Antivirenporgramm Avast das Problem - Bundestrojaner! in System32/services.exe...
Archiv
Du betrachtest: Bundestrojaner! in System32/services.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19