| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner? oder echt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.03.2012, 18:15
| #1 |
 |  GVU Trojaner? oder echt? Hallo zusammen, ich habe sämtliche Seiten durchsucht doch leider zu meinem Fall nichts gefunden. Ich habe zwar ähnliche Trojanerbeschriebungen gelesen aber bin mir nicht sicher, ob es in meinem Fall doch eine echte Mahnung ist. Folgendes Problem: Sobald mein Windowssystem geladen wird erhalte ich ein Bildschirm mit der Meldung: Please wait while the connection is beeing established. Bitte warten Sie während die Verbindung hergestellt wird Anschließend erfolgt eine bereits bekannte Darstellung und nahezu in gleichem Wortlaut wie bei dem GEMA-Trojaner, allerdings mit der GVU als Ursachenträger. Ihr Computer wurde von der GVU gesperrt. Auf Ihrem Computer wurden illegal heruntergeladene Medien ("Raubkopien") gefunden. ....bestrafung mit Freiheitsstrafe...Mahngebühr von 50 € bezahlbar durch paysafecard.... Das Logo der GVU und Bundesamt für Sicherheit in der Informationstechnik schmücken das Ganze. Ich vermute (hoffe), dass es sich um ein Trojaner handelt. Kann mir das jemand bestätigen? Wenn ja, wäre es echt super wenn mir jemand über mein weiteres Vorgehen berichten könnte. Bzw. würde folgende Anleitung zielführend sein? http://www.trojaner-board.de/111836-...-trojaner.html Post 2. Mein Betriebssystem: Windows 7 Vielen Dank im Vorraus, ihr seid super. Adik |
|
20.03.2012, 18:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU Trojaner? oder echt? Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?
__________________Abgesicherter Modus zur Bereinigung
__________________ |
|
20.03.2012, 20:02
| #3 |
| | GVU Trojaner? oder echt? Hallo Arne,
__________________danke für die schnelle Antwort, leider hilft dein Tipp nicht. Immernoch der gleiche Screen. Kann man den schon sagen, ob es ein Virus ist, oder ob es doch "echt" ist? Anbei ein "Screenshot" Gruß, Adik  Geändert von adik4all (20.03.2012 um 20:49 Uhr) |
|
21.03.2012, 14:46
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner? oder echt? Liegt doch auf der Hand, dass das NICHT von der GVU ist! Hast du einen zweiten PC zur Verfügung? Dieser sollte sauber sein. Es geht auch ein nicht-Windows-Rechner mit Brenner. Wenn nicht evtl. mal Nachbar oder Kumpel fragen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.03.2012, 16:39
| #5 |
| | GVU Trojaner? oder echt? Hi, dann bin ich ja beruhigt. Ja ich habe hier ein zweitrechner mit Windows XP als Betriebssystem. Was rätst du mir als nächstes zu tun? Gruß, Adik |
|
21.03.2012, 17:09
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner? oder echt? Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
__________________ --> GVU Trojaner? oder echt? |
|
21.03.2012, 19:55
| #7 |
| | GVU Trojaner? oder echt? OK danke für die Anleitung, ich habe diese befolgt Der Inhalt lautet wir folgt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/21/2012 7:24:12 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 144.47 Gb Free Space | 62.04% Space Free | Partition Type: NTFS
Drive D: | 218.23 Gb Total Space | 124.13 Gb Free Space | 56.88% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/09/17 15:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto] -- C:\Windows\System32\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/04 08:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/10/13 11:25:32 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/11 08:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 08:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/31 11:08:14 | 000,080,896 | ---- | M] () [Auto] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/04/05 06:55:01 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/15 12:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/02/15 14:02:19 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/11/01 05:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 05:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 05:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/11/01 05:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 05:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/11/01 05:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/10/11 09:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/11 09:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2010/06/25 11:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009/11/01 14:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/04 21:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/04 01:39:08 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/08/21 02:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/20 05:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/26 16:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/20 04:11:06 | 001,799,680 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/12 21:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/23 21:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/03 10:05:18 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2007/07/03 10:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007/07/03 10:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2007/07/03 10:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 52 B2 05 81 F1 CB 01 [binary data]
IE - HKU\Adik_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Adik_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adik\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adik\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011/05/24 13:27:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/10 15:04:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/01/30 12:21:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/20 05:09:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/18 05:10:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/30 12:21:51 | 000,000,000 | ---D | M]
[2011/02/20 13:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adik\AppData\Roaming\Mozilla\Extensions
[2011/08/04 14:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adik\AppData\Roaming\Mozilla\Firefox\Profiles\gynvhsc1.default\extensions
[2012/03/18 19:05:57 | 000,001,056 | ---- | M] () -- C:\Users\Adik\AppData\Roaming\Mozilla\Firefox\Profiles\gynvhsc1.default\searchplugins\icqplugin.xml
[2011/02/20 15:34:57 | 000,002,057 | ---- | M] () -- C:\Users\Adik\AppData\Roaming\Mozilla\Firefox\Profiles\gynvhsc1.default\searchplugins\youtube-videosuche.xml
[2011/11/14 17:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2012/03/20 05:09:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/14 14:16:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/24 13:19:02 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/14 14:16:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/14 14:16:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/14 14:16:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/14 14:16:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/14 14:16:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Adik_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKU\Adik_ON_C..\Run: [] File not found
O4 - HKU\Adik_ON_C..\Run: [4rJHeEXlxs54kFa] C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: EXIF lesen - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: EXIF lesen - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Adik_ON_C Winlogon: Shell - (C:\Users\Adik\AppData\Roaming\gw45u45111.exe) - C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O20 - HKU\Adik_ON_C Winlogon: UserInit - (C:\Users\Adik\AppData\Roaming\gw45u45111.exe) - C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\Shell - "" = AutoRun
O33 - MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\Shell - "" = AutoRun
O33 - MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\Shell\AutoRun\command - "" = I:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/20 05:40:25 | 000,323,584 | ---- | C] (lpsjJ) -- C:\Users\Adik\AppData\Roaming\gw45u45111.exe
[2012/03/18 19:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/03/18 19:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012/03/18 19:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012/03/18 19:02:23 | 000,000,000 | ---D | C] -- C:\ruu_log
[2012/03/18 18:59:26 | 000,000,000 | ---D | C] -- C:\Users\Adik\Desktop\htc
[2012/03/14 18:23:42 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/03/14 18:23:41 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 18:23:40 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 09:41:42 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 09:41:42 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2012/03/14 09:41:41 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 09:41:41 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2012/03/14 09:41:41 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 09:41:41 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2012/03/14 09:41:41 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 09:41:41 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2012/03/14 09:41:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/14 09:41:41 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2012/03/13 17:41:04 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/03/13 17:41:04 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/13 17:41:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/03/13 17:41:02 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/03/13 17:41:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/03/11 07:25:31 | 000,000,000 | ---D | C] -- C:\Users\Adik\AppData\Local\ElevatedDiagnostics
[2012/03/01 10:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe
[2012/03/01 10:00:19 | 000,000,000 | ---D | C] -- C:\Users\Adik\AppData\Roaming\ultrastardx
[2012/03/01 10:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraStar Deluxe
[2012/03/01 09:00:32 | 000,000,000 | ---D | C] -- C:\Users\Adik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraStar
[2012/03/01 09:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar
[2012/03/01 09:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraStar
[1 C:\Users\Adik\Desktop\*.tmp files -> C:\Users\Adik\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/21 13:03:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/21 13:03:22 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/20 15:10:52 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 15:10:52 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 12:50:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2616729836-2362613055-2871255851-1001UA.job
[2012/03/20 05:42:51 | 000,001,950 | ---- | M] () -- C:\Windows\System32\AutoRunFilter.ini
[2012/03/20 05:40:24 | 000,323,584 | ---- | M] (lpsjJ) -- C:\Users\Adik\AppData\Roaming\gw45u45111.exe
[2012/03/19 13:33:51 | 000,697,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/03/19 13:33:51 | 000,652,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/19 13:33:51 | 000,148,346 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/03/19 13:33:51 | 000,121,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/19 09:57:14 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2616729836-2362613055-2871255851-1001Core.job
[2012/03/19 08:42:23 | 000,001,349 | ---- | M] () -- C:\Windows\System32\ServiceFilter.ini
[2012/03/18 19:09:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/03/15 12:53:24 | 000,434,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/14 18:09:49 | 000,226,231 | ---- | M] () -- C:\Users\Adik\Desktop\Fehlerhafte Bauteile.png
[2012/03/14 18:07:37 | 007,193,250 | ---- | M] () -- C:\Users\Adik\Desktop\Fehlerhafte Bauteile.pdf
[2012/03/14 17:51:19 | 000,007,771 | ---- | M] () -- C:\Users\Adik\Desktop\Rechnung_358281.pdf
[2012/03/14 14:51:33 | 000,002,399 | ---- | M] () -- C:\Users\Adik\Desktop\Google Chrome.lnk
[2012/03/01 15:52:41 | 000,000,996 | ---- | M] () -- C:\Users\Adik\Desktop\WBFS Manager 3.0.lnk
[2012/03/01 10:44:13 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\UltraStar Deluxe spielen.lnk
[2012/03/01 10:00:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe
[2012/03/01 09:00:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar
[1 C:\Users\Adik\Desktop\*.tmp files -> C:\Users\Adik\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/03/14 18:09:49 | 000,226,231 | ---- | C] () -- C:\Users\Adik\Desktop\Fehlerhafte Bauteile.png
[2012/03/14 17:51:18 | 000,007,771 | ---- | C] () -- C:\Users\Adik\Desktop\Rechnung_358281.pdf
[2012/03/11 15:47:19 | 007,193,250 | ---- | C] () -- C:\Users\Adik\Desktop\Fehlerhafte Bauteile.pdf
[2012/03/01 16:53:28 | 000,000,919 | ---- | C] () -- C:\Users\Adik\Desktop\Steam.lnk
[2012/03/01 10:44:13 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\UltraStar Deluxe spielen.lnk
[2011/05/01 15:59:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/02 20:06:22 | 000,003,584 | ---- | C] () -- C:\Users\Adik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 17:10:26 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/19 19:02:29 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011/02/19 11:47:43 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/07/29 01:21:06 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetWallpaper.exe
[2009/07/29 01:21:06 | 000,000,223 | ---- | C] () -- C:\ProgramData\setwallpaper.cmd
[2009/07/29 01:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/08/30 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\.minecraft
[2011/04/02 16:34:24 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Audacity
[2011/04/02 17:59:43 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Banamalon
[2012/02/15 13:49:36 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\calibre
[2012/02/12 11:31:39 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Canon
[2011/12/06 10:51:33 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\CD-LabelPrint
[2011/02/27 15:44:53 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\DAEMON Tools Lite
[2011/10/12 13:01:11 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Dropbox
[2011/03/19 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\GrabPro
[2011/03/24 13:35:10 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\ImgBurn
[2012/01/30 12:23:24 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Nokia
[2011/11/29 09:16:14 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Notepad++
[2011/03/28 14:02:44 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\OpenOffice.org
[2011/03/19 17:46:27 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Orbit
[2011/04/02 14:49:13 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\PACE Anti-Piracy
[2012/01/30 12:24:34 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\PC Suite
[2011/03/19 17:33:56 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\ProgSense
[2011/02/19 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\TS3Client
[2012/03/10 15:29:53 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\ultrastardx
[2011/02/19 18:25:37 | 000,000,000 | ---D | M] -- C:\ProgramData\AmUStor
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/08/04 07:27:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Banamalon
[2011/12/06 10:49:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Canon IJ Network Tool
[2011/12/06 10:42:49 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/12/06 10:51:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonEPP
[2012/02/12 11:32:11 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJ
[2011/12/06 10:51:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX2
[2011/12/06 10:48:52 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJMSetup
[2011/12/06 12:00:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJMyPrinter
[2012/03/07 07:02:09 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2012/02/12 11:31:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2011/12/06 12:00:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenuEX
[2011/12/06 10:48:11 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt
[2011/02/27 15:41:16 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/04/05 16:02:14 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2011/04/03 15:49:51 | 000,000,000 | ---D | M] -- C:\ProgramData\KONAMI
[2011/02/19 20:08:54 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/11/19 19:19:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2011/11/19 19:17:31 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011/02/19 18:26:04 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2011/04/02 14:49:13 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2011/11/19 19:21:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/02/19 13:14:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/14 08:22:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 1133 bytes -> C:\Users\Adik\AppData\Local\Anwendungsdaten:RuTpLbKOMDrSwp1WkPpu
@Alternate Data Stream - 1133 bytes -> C:\Users\Adik\AppData\Local:RuTpLbKOMDrSwp1WkPpu
@Alternate Data Stream - 1112 bytes -> C:\Users\Adik\AppData\Local\V9L4g7qjRByoI:l3xN3eeoTwxtmFtrIn6xu6
@Alternate Data Stream - 1080 bytes -> C:\Users\Adik\AppData\Local\Temp:rYv3Jet8zmyRh6bYz44tJd
< End of report >
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 3/21/2012 9:08:39 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 144.47 Gb Free Space | 62.04% Space Free | Partition Type: NTFS
Drive D: | 218.23 Gb Total Space | 124.13 Gb Free Space | 56.88% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
< End of report >
[/QUOTE] Geändert von adik4all (21.03.2012 um 20:18 Uhr) |
|
22.03.2012, 11:38
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner? oder echt? Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 52 B2 05 81 F1 CB 01 [binary data]
IE - HKU\Adik_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
[2011/05/24 13:19:02 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Adik_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKU\Adik_ON_C..\Run: [] File not found
O4 - HKU\Adik_ON_C..\Run: [4rJHeEXlxs54kFa] C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\Adik_ON_C Winlogon: Shell - (C:\Users\Adik\AppData\Roaming\gw45u45111.exe) - C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O20 - HKU\Adik_ON_C Winlogon: UserInit - (C:\Users\Adik\AppData\Roaming\gw45u45111.exe) - C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\Shell - "" = AutoRun
O33 - MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\Shell - "" = AutoRun
O33 - MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\Shell\AutoRun\command - "" = I:\autorun.exe
@Alternate Data Stream - 1133 bytes -> C:\Users\Adik\AppData\Local\Anwendungsdaten:RuTpLbKOMDrSwp1WkPpu
@Alternate Data Stream - 1133 bytes -> C:\Users\Adik\AppData\Local:RuTpLbKOMDrSwp1WkPpu
@Alternate Data Stream - 1112 bytes -> C:\Users\Adik\AppData\Local\V9L4g7qjRByoI:l3xN3eeoTwxtmFtrIn6xu6
@Alternate Data Stream - 1080 bytes -> C:\Users\Adik\AppData\Local\Temp:rYv3Jet8zmyRh6bYz44tJd
:Files
C:\Users\Adik\AppData\Roaming\gw45u45111.exe
:Commands
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.03.2012, 15:16
| #9 |
| | GVU Trojaner? oder echt? Hallo Arne vielen vielen Dank für deine Hilfe, ich habe deine Anweisung befolgt und das Zip hochgeladen. Ist mein Rechner jetzt wieder "sauber" oder gibt es noch etwas zu tun? Soll ich den Rechner sicherheitshalber formatieren? Zuletzt stelle ich mir die Frage, mein Antiviren-Programm zu wechseln, da ich zuvor Antivir benutzt habe und dieses den Virus ja nicht entdeckt hat. Kennst du eine gute Preiswerte Alternative? Riesen Dank!!! Hier noch die FIX-Log: Code:
ATTFilter :OTL
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 52 B2 05 81 F1 CB 01 [binary data]
IE - HKU\Adik_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
[2011/05/24 13:19:02 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Adik_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKU\Adik_ON_C..\Run: [] File not found
O4 - HKU\Adik_ON_C..\Run: [4rJHeEXlxs54kFa] C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\Adik_ON_C Winlogon: Shell - (C:\Users\Adik\AppData\Roaming\gw45u45111.exe) - C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O20 - HKU\Adik_ON_C Winlogon: UserInit - (C:\Users\Adik\AppData\Roaming\gw45u45111.exe) - C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\Shell - "" = AutoRun
O33 - MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\Shell - "" = AutoRun
O33 - MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\Shell\AutoRun\command - "" = I:\autorun.exe
@Alternate Data Stream - 1133 bytes -> C:\Users\Adik\AppData\Local\Anwendungsdaten:RuTpLbKOMDrSwp1WkPpu
@Alternate Data Stream - 1133 bytes -> C:\Users\Adik\AppData\Local:RuTpLbKOMDrSwp1WkPpu
@Alternate Data Stream - 1112 bytes -> C:\Users\Adik\AppData\Local\V9L4g7qjRByoI:l3xN3eeoTwxtmFtrIn6xu6
@Alternate Data Stream - 1080 bytes -> C:\Users\Adik\AppData\Local\Temp:rYv3Jet8zmyRh6bYz44tJd
:Files
C:\Users\Adik\AppData\Roaming\gw45u45111.exe
:Commands
[resethosts]
|
|
23.03.2012, 21:40
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner? oder echt?Zitat:
Und du hast kein Fixlog gepostet, sondern mein Fixscript!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.03.2012, 12:22
| #11 |
| | GVU Trojaner? oder echt? Hi Arne, klingt logisch. Es ist in meinem Interesse, den PC nicht zu formatieren. Ich kenne mich in diesem Bereich nicht aus, deshalb frage ich hier ja um Hilfe. Sorry für das falsche File, hatte wohl einen Kopierfehler. Anbei das fix-log. Wie geht's jetzt weiter? Code:
ATTFilter ========== OTL ==========
HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\Adik_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "YouTube-Videosuche" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
File C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
File C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\Adik_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
File WebPrint EX\ewpexhlp.dll not found.
Registry key HKEY_USERS\Adik_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Adik_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
C:\Users\Adik\AppData\Roaming\gw45u45111.exe moved successfully.
Registry key HKEY_USERS\LocalService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\Adik_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Adik\AppData\Roaming\gw45u45111.exe deleted successfully.
File C:\Users\Adik\AppData\Roaming\gw45u45111.exe not found.
Registry value HKEY_USERS\Adik_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Adik\AppData\Roaming\gw45u45111.exe deleted successfully.
File C:\Users\Adik\AppData\Roaming\gw45u45111.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\ not found.
File "F:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\ not found.
File I:\autorun.exe not found.
Unable to delete ADS C:\Users\Adik\AppData\Local\Anwendungsdaten:RuTpLbKOMDrSwp1WkPpu .
ADS C:\Users\Adik\AppData\Local:RuTpLbKOMDrSwp1WkPpu deleted successfully.
ADS C:\Users\Adik\AppData\Local\V9L4g7qjRByoI:l3xN3eeoTwxtmFtrIn6xu6 deleted successfully.
ADS C:\Users\Adik\AppData\Local\Temp:rYv3Jet8zmyRh6bYz44tJd deleted successfully.
========== FILES ==========
File\Folder C:\Users\Adik\AppData\Roaming\gw45u45111.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTLPE by OldTimer - Version 3.1.48.0 log created on 03232012_164717
|
|
24.03.2012, 18:44
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner? oder echt? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2012, 12:25
| #13 |
| | GVU Trojaner? oder echt? Hallo Arne, anbei der Report von Kaspersky Code:
ATTFilter 13:21:00.0710 2944 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
13:21:00.0813 2944 ============================================================
13:21:00.0813 2944 Current date / time: 2012/03/25 13:21:00.0813
13:21:00.0813 2944 SystemInfo:
13:21:00.0813 2944
13:21:00.0813 2944 OS Version: 6.1.7600 ServicePack: 0.0
13:21:00.0813 2944 Product type: Workstation
13:21:00.0814 2944 ComputerName: ADIK-PC
13:21:00.0814 2944 UserName: Adik
13:21:00.0814 2944 Windows directory: C:\Windows
13:21:00.0814 2944 System windows directory: C:\Windows
13:21:00.0814 2944 Running under WOW64
13:21:00.0814 2944 Processor architecture: Intel x64
13:21:00.0814 2944 Number of processors: 2
13:21:00.0814 2944 Page size: 0x1000
13:21:00.0814 2944 Boot type: Normal boot
13:21:00.0814 2944 ============================================================
13:21:01.0392 2944 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:21:01.0396 2944 \Device\Harddisk0\DR0:
13:21:01.0397 2944 MBR used
13:21:01.0397 2944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x1D1C3000
13:21:01.0412 2944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1EF0F000, BlocksNum 0x1B476800
13:21:01.0496 2944 Initialize success
13:21:01.0496 2944 ============================================================
13:21:49.0883 3924 ============================================================
13:21:49.0883 3924 Scan started
13:21:49.0883 3924 Mode: Manual;
13:21:49.0883 3924 ============================================================
13:21:50.0282 3924 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:21:50.0287 3924 1394ohci - ok
13:21:50.0419 3924 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:21:50.0420 3924 ACDaemon - ok
13:21:50.0513 3924 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:21:50.0517 3924 ACPI - ok
13:21:50.0544 3924 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:21:50.0546 3924 AcpiPmi - ok
13:21:50.0581 3924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:21:50.0588 3924 adp94xx - ok
13:21:50.0623 3924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:21:50.0628 3924 adpahci - ok
13:21:50.0649 3924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:21:50.0653 3924 adpu320 - ok
13:21:50.0689 3924 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:21:50.0690 3924 AeLookupSvc - ok
13:21:50.0732 3924 AFBAgent (fb2be0bae9b3f248080cdbf91ef16c7f) C:\Windows\system32\FBAgent.exe
13:21:50.0735 3924 AFBAgent - ok
13:21:50.0790 3924 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:21:50.0795 3924 AFD - ok
13:21:50.0839 3924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:21:50.0842 3924 agp440 - ok
13:21:50.0914 3924 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:21:50.0915 3924 ALG - ok
13:21:50.0960 3924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:21:50.0963 3924 aliide - ok
13:21:50.0995 3924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:21:50.0997 3924 amdide - ok
13:21:51.0030 3924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:21:51.0032 3924 AmdK8 - ok
13:21:51.0053 3924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:21:51.0056 3924 AmdPPM - ok
13:21:51.0100 3924 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:21:51.0103 3924 amdsata - ok
13:21:51.0139 3924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:21:51.0143 3924 amdsbs - ok
13:21:51.0172 3924 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:21:51.0172 3924 amdxata - ok
13:21:51.0226 3924 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
13:21:51.0228 3924 AmUStor - ok
13:21:51.0318 3924 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:21:51.0319 3924 AntiVirSchedulerService - ok
13:21:51.0357 3924 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:21:51.0358 3924 AntiVirService - ok
13:21:51.0460 3924 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:21:51.0462 3924 AppID - ok
13:21:51.0463 3924 Scan interrupted by user!
13:21:51.0463 3924 Scan interrupted by user!
13:21:51.0463 3924 Scan interrupted by user!
13:21:51.0463 3924 ============================================================
13:21:51.0464 3924 Scan finished
13:21:51.0464 3924 ============================================================
13:21:51.0472 2268 Detected object count: 0
13:21:51.0472 2268 Actual detected object count: 0
13:22:36.0267 2684 ============================================================
13:22:36.0267 2684 Scan started
13:22:36.0267 2684 Mode: Manual; SigCheck; TDLFS;
13:22:36.0267 2684 ============================================================
13:22:36.0540 2684 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:22:36.0612 2684 1394ohci - ok
13:22:36.0721 2684 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:22:37.0376 2684 ACDaemon - ok
13:22:37.0465 2684 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:22:37.0480 2684 ACPI - ok
13:22:37.0496 2684 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:22:37.0531 2684 AcpiPmi - ok
13:22:37.0588 2684 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:22:37.0606 2684 adp94xx - ok
13:22:37.0636 2684 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:22:37.0651 2684 adpahci - ok
13:22:37.0733 2684 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:22:37.0746 2684 adpu320 - ok
13:22:37.0795 2684 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:22:37.0844 2684 AeLookupSvc - ok
13:22:37.0915 2684 AFBAgent (fb2be0bae9b3f248080cdbf91ef16c7f) C:\Windows\system32\FBAgent.exe
13:22:37.0929 2684 AFBAgent - ok
13:22:37.0984 2684 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:22:38.0016 2684 AFD - ok
13:22:38.0099 2684 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:22:38.0110 2684 agp440 - ok
13:22:38.0163 2684 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:22:38.0190 2684 ALG - ok
13:22:38.0253 2684 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:22:38.0264 2684 aliide - ok
13:22:38.0275 2684 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:22:38.0285 2684 amdide - ok
13:22:38.0297 2684 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:22:38.0339 2684 AmdK8 - ok
13:22:38.0380 2684 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:22:38.0414 2684 AmdPPM - ok
13:22:38.0470 2684 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:22:38.0481 2684 amdsata - ok
13:22:38.0520 2684 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:22:38.0533 2684 amdsbs - ok
13:22:38.0564 2684 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:22:38.0574 2684 amdxata - ok
13:22:38.0640 2684 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
13:22:38.0683 2684 AmUStor - ok
13:22:38.0754 2684 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:22:38.0777 2684 AntiVirSchedulerService - ok
13:22:38.0793 2684 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:22:38.0802 2684 AntiVirService - ok
13:22:38.0874 2684 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:22:38.0919 2684 AppID - ok
13:22:38.0962 2684 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:22:39.0006 2684 AppIDSvc - ok
13:22:39.0081 2684 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
13:22:39.0122 2684 Appinfo - ok
13:22:39.0185 2684 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:22:39.0198 2684 arc - ok
13:22:39.0231 2684 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:22:39.0244 2684 arcsas - ok
13:22:39.0357 2684 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
13:22:39.0366 2684 ASLDRService - ok
13:22:39.0477 2684 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:22:39.0486 2684 aspnet_state - ok
13:22:39.0540 2684 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:22:39.0588 2684 AsyncMac - ok
13:22:39.0613 2684 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:22:39.0623 2684 atapi - ok
13:22:39.0678 2684 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
13:22:39.0752 2684 athr - ok
13:22:39.0859 2684 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:22:39.0904 2684 AudioEndpointBuilder - ok
13:22:39.0916 2684 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:22:39.0960 2684 AudioSrv - ok
13:22:40.0092 2684 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
13:22:40.0101 2684 avgntflt - ok
13:22:40.0175 2684 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
13:22:40.0184 2684 avipbb - ok
13:22:40.0265 2684 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:22:40.0273 2684 avkmgr - ok
13:22:40.0355 2684 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
13:22:40.0388 2684 AxInstSV - ok
13:22:40.0448 2684 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:22:40.0486 2684 b06bdrv - ok
13:22:40.0580 2684 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:22:40.0614 2684 b57nd60a - ok
13:22:40.0669 2684 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:22:40.0701 2684 BDESVC - ok
13:22:40.0797 2684 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:22:40.0852 2684 Beep - ok
13:22:40.0949 2684 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
13:22:41.0015 2684 BFE - ok
13:22:41.0073 2684 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
13:22:41.0145 2684 BITS - ok
13:22:41.0237 2684 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:22:41.0289 2684 blbdrive - ok
13:22:41.0370 2684 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:22:41.0399 2684 bowser - ok
13:22:41.0452 2684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:22:41.0480 2684 BrFiltLo - ok
13:22:41.0505 2684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:22:41.0521 2684 BrFiltUp - ok
13:22:41.0560 2684 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:22:41.0612 2684 Browser - ok
13:22:41.0662 2684 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:22:41.0687 2684 Brserid - ok
13:22:41.0697 2684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:22:41.0722 2684 BrSerWdm - ok
13:22:41.0816 2684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:22:41.0853 2684 BrUsbMdm - ok
13:22:41.0863 2684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:22:41.0890 2684 BrUsbSer - ok
13:22:42.0150 2684 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:22:42.0199 2684 BTHMODEM - ok
13:22:42.0311 2684 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:22:42.0412 2684 bthserv - ok
13:22:42.0543 2684 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:22:42.0595 2684 cdfs - ok
13:22:42.0708 2684 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:22:42.0741 2684 cdrom - ok
13:22:42.0810 2684 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:22:42.0864 2684 CertPropSvc - ok
13:22:42.0951 2684 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:22:42.0967 2684 circlass - ok
13:22:43.0024 2684 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:22:43.0043 2684 CLFS - ok
13:22:43.0111 2684 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:22:43.0121 2684 clr_optimization_v2.0.50727_32 - ok
13:22:43.0173 2684 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:22:43.0182 2684 clr_optimization_v2.0.50727_64 - ok
13:22:43.0305 2684 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:22:43.0315 2684 clr_optimization_v4.0.30319_32 - ok
13:22:43.0362 2684 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:22:43.0372 2684 clr_optimization_v4.0.30319_64 - ok
13:22:43.0470 2684 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:22:43.0496 2684 CmBatt - ok
13:22:43.0515 2684 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:22:43.0527 2684 cmdide - ok
13:22:43.0574 2684 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
13:22:43.0612 2684 CNG - ok
13:22:43.0681 2684 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:22:43.0692 2684 Compbatt - ok
13:22:43.0740 2684 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:22:43.0771 2684 CompositeBus - ok
13:22:43.0819 2684 COMSysApp - ok
13:22:43.0861 2684 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:22:43.0873 2684 crcdisk - ok
13:22:43.0920 2684 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
13:22:43.0970 2684 CryptSvc - ok
13:22:44.0071 2684 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:22:44.0123 2684 DcomLaunch - ok
13:22:44.0238 2684 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:22:44.0293 2684 defragsvc - ok
13:22:44.0331 2684 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:22:44.0356 2684 DfsC - ok
13:22:44.0408 2684 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:22:44.0442 2684 Dhcp - ok
13:22:44.0483 2684 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:22:44.0531 2684 discache - ok
13:22:44.0620 2684 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:22:44.0632 2684 Disk - ok
13:22:44.0682 2684 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
13:22:44.0717 2684 Dnscache - ok
13:22:44.0749 2684 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:22:44.0807 2684 dot3svc - ok
13:22:44.0859 2684 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:22:44.0909 2684 DPS - ok
13:22:44.0992 2684 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:22:45.0015 2684 drmkaud - ok
13:22:45.0081 2684 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:22:45.0105 2684 DXGKrnl - ok
13:22:45.0132 2684 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:22:45.0183 2684 EapHost - ok
13:22:45.0298 2684 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:22:45.0416 2684 ebdrv - ok
13:22:45.0505 2684 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
13:22:45.0527 2684 EFS - ok
13:22:45.0584 2684 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
13:22:45.0619 2684 ehRecvr - ok
13:22:45.0644 2684 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:22:45.0675 2684 ehSched - ok
13:22:45.0792 2684 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:22:45.0814 2684 elxstor - ok
13:22:45.0825 2684 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:22:45.0858 2684 ErrDev - ok
13:22:45.0981 2684 ETD (1299d1ea00b7a4bf69c5869dca31e0f6) C:\Windows\system32\DRIVERS\ETD.sys
13:22:45.0994 2684 ETD - ok
13:22:46.0037 2684 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:22:46.0091 2684 EventSystem - ok
13:22:46.0190 2684 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:22:46.0245 2684 exfat - ok
13:22:46.0276 2684 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:22:46.0332 2684 fastfat - ok
13:22:46.0432 2684 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:22:46.0475 2684 Fax - ok
13:22:46.0557 2684 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:22:46.0586 2684 fdc - ok
13:22:46.0624 2684 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:22:46.0661 2684 fdPHost - ok
13:22:46.0678 2684 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:22:46.0731 2684 FDResPub - ok
13:22:46.0802 2684 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:22:46.0814 2684 FileInfo - ok
13:22:46.0831 2684 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:22:46.0878 2684 Filetrace - ok
13:22:46.0912 2684 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:22:46.0938 2684 flpydisk - ok
13:22:46.0969 2684 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:22:46.0985 2684 FltMgr - ok
13:22:47.0032 2684 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
13:22:47.0096 2684 FontCache - ok
13:22:47.0157 2684 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:22:47.0165 2684 FontCache3.0.0.0 - ok
13:22:47.0212 2684 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:22:47.0224 2684 FsDepends - ok
13:22:47.0236 2684 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:22:47.0247 2684 Fs_Rec - ok
13:22:47.0305 2684 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:22:47.0322 2684 fvevol - ok
13:22:47.0352 2684 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:22:47.0364 2684 gagp30kx - ok
13:22:47.0406 2684 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:22:47.0453 2684 gpsvc - ok
13:22:47.0495 2684 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:22:47.0517 2684 hcw85cir - ok
13:22:47.0619 2684 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:22:47.0650 2684 HdAudAddService - ok
13:22:47.0752 2684 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:22:47.0783 2684 HDAudBus - ok
13:22:47.0805 2684 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:22:47.0825 2684 HidBatt - ok
13:22:47.0853 2684 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:22:47.0884 2684 HidBth - ok
13:22:47.0911 2684 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:22:47.0937 2684 HidIr - ok
13:22:47.0967 2684 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:22:48.0020 2684 hidserv - ok
13:22:48.0119 2684 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:22:48.0157 2684 HidUsb - ok
13:22:48.0184 2684 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:22:48.0233 2684 hkmsvc - ok
13:22:48.0317 2684 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:22:48.0333 2684 HomeGroupListener - ok
13:22:48.0366 2684 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:22:48.0399 2684 HomeGroupProvider - ok
13:22:48.0498 2684 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:22:48.0511 2684 HpSAMD - ok
13:22:48.0544 2684 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
13:22:48.0568 2684 HTCAND64 - ok
13:22:48.0673 2684 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
13:22:48.0684 2684 htcnprot - ok
13:22:48.0728 2684 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:22:48.0786 2684 HTTP - ok
13:22:48.0885 2684 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:22:48.0895 2684 hwpolicy - ok
13:22:48.0934 2684 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:22:48.0949 2684 i8042prt - ok
13:22:48.0997 2684 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
13:22:49.0009 2684 iaStor - ok
13:22:49.0060 2684 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:22:49.0080 2684 iaStorV - ok
13:22:49.0181 2684 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:22:49.0217 2684 idsvc - ok
13:22:49.0304 2684 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:22:49.0315 2684 iirsp - ok
13:22:49.0392 2684 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
13:22:49.0400 2684 IJPLMSVC - ok
13:22:49.0501 2684 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:22:49.0585 2684 IKEEXT - ok
13:22:49.0719 2684 IntcAzAudAddService (9c1d5314d42b7f1bd6ad6fb1ba8870a8) C:\Windows\system32\drivers\RTKVHD64.sys
13:22:49.0765 2684 IntcAzAudAddService - ok
13:22:49.0799 2684 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:22:49.0811 2684 intelide - ok
13:22:49.0840 2684 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:22:49.0868 2684 intelppm - ok
13:22:49.0958 2684 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:22:50.0007 2684 IPBusEnum - ok
13:22:50.0044 2684 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:22:50.0098 2684 IpFilterDriver - ok
13:22:50.0166 2684 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
13:22:50.0219 2684 iphlpsvc - ok
13:22:50.0256 2684 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:22:50.0280 2684 IPMIDRV - ok
13:22:50.0302 2684 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:22:50.0354 2684 IPNAT - ok
13:22:50.0454 2684 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:22:50.0484 2684 IRENUM - ok
13:22:50.0502 2684 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:22:50.0513 2684 isapnp - ok
13:22:50.0543 2684 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:22:50.0559 2684 iScsiPrt - ok
13:22:50.0581 2684 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:22:50.0592 2684 kbdclass - ok
13:22:50.0625 2684 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:22:50.0646 2684 kbdhid - ok
13:22:50.0742 2684 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
13:22:50.0749 2684 kbfiltr - ok
13:22:50.0787 2684 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:22:50.0800 2684 KeyIso - ok
13:22:50.0850 2684 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
13:22:50.0863 2684 KSecDD - ok
13:22:50.0891 2684 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
13:22:50.0905 2684 KSecPkg - ok
13:22:50.0941 2684 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:22:50.0987 2684 ksthunk - ok
13:22:51.0026 2684 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:22:51.0079 2684 KtmRm - ok
13:22:51.0170 2684 L1C (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
13:22:51.0181 2684 L1C - ok
13:22:51.0222 2684 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
13:22:51.0246 2684 LanmanServer - ok
13:22:51.0312 2684 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:22:51.0362 2684 LanmanWorkstation - ok
13:22:51.0429 2684 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:22:51.0461 2684 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:22:51.0461 2684 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:22:51.0563 2684 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:22:51.0614 2684 lltdio - ok
13:22:51.0650 2684 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:22:51.0707 2684 lltdsvc - ok
13:22:51.0768 2684 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:22:51.0815 2684 lmhosts - ok
13:22:51.0896 2684 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:22:51.0910 2684 LSI_FC - ok
13:22:51.0955 2684 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:22:51.0968 2684 LSI_SAS - ok
13:22:51.0990 2684 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:22:52.0002 2684 LSI_SAS2 - ok
13:22:52.0025 2684 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:22:52.0039 2684 LSI_SCSI - ok
13:22:52.0081 2684 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:22:52.0133 2684 luafv - ok
13:22:52.0232 2684 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:22:52.0247 2684 Mcx2Svc - ok
13:22:52.0293 2684 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:22:52.0305 2684 megasas - ok
13:22:52.0324 2684 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:22:52.0341 2684 MegaSR - ok
13:22:52.0424 2684 Microsoft SharePoint Workspace Audit Service - ok
13:22:52.0498 2684 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:22:52.0545 2684 MMCSS - ok
13:22:52.0586 2684 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:22:52.0634 2684 Modem - ok
13:22:52.0717 2684 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:22:52.0739 2684 monitor - ok
13:22:52.0821 2684 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:22:52.0832 2684 mouclass - ok
13:22:52.0917 2684 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:22:52.0947 2684 mouhid - ok
13:22:53.0001 2684 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:22:53.0013 2684 mountmgr - ok
13:22:53.0050 2684 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:22:53.0064 2684 mpio - ok
13:22:53.0083 2684 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:22:53.0121 2684 mpsdrv - ok
13:22:53.0167 2684 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
13:22:53.0245 2684 MpsSvc - ok
13:22:53.0295 2684 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:22:53.0330 2684 MRxDAV - ok
13:22:53.0410 2684 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:22:53.0437 2684 mrxsmb - ok
13:22:53.0471 2684 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:22:53.0501 2684 mrxsmb10 - ok
13:22:53.0580 2684 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:22:53.0607 2684 mrxsmb20 - ok
13:22:53.0633 2684 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:22:53.0644 2684 msahci - ok
13:22:53.0672 2684 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:22:53.0686 2684 msdsm - ok
13:22:53.0722 2684 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:22:53.0762 2684 MSDTC - ok
13:22:53.0808 2684 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:22:53.0853 2684 Msfs - ok
13:22:53.0873 2684 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:22:53.0922 2684 mshidkmdf - ok
13:22:53.0943 2684 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:22:53.0954 2684 msisadrv - ok
13:22:54.0058 2684 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:22:54.0113 2684 MSiSCSI - ok
13:22:54.0122 2684 msiserver - ok
13:22:54.0174 2684 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:22:54.0211 2684 MSKSSRV - ok
13:22:54.0221 2684 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:22:54.0266 2684 MSPCLOCK - ok
13:22:54.0290 2684 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:22:54.0337 2684 MSPQM - ok
13:22:54.0369 2684 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:22:54.0387 2684 MsRPC - ok
13:22:54.0410 2684 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:22:54.0421 2684 mssmbios - ok
13:22:54.0462 2684 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:22:54.0509 2684 MSTEE - ok
13:22:54.0519 2684 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:22:54.0544 2684 MTConfig - ok
13:22:54.0641 2684 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
13:22:54.0648 2684 MTsensor - ok
13:22:54.0679 2684 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:22:54.0691 2684 Mup - ok
13:22:54.0729 2684 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:22:54.0781 2684 napagent - ok
13:22:54.0896 2684 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:22:54.0934 2684 NativeWifiP - ok
13:22:54.0979 2684 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:22:55.0016 2684 NDIS - ok
13:22:55.0115 2684 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:22:55.0159 2684 NdisCap - ok
13:22:55.0189 2684 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:22:55.0236 2684 NdisTapi - ok
13:22:55.0256 2684 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:22:55.0300 2684 Ndisuio - ok
13:22:55.0330 2684 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:22:55.0369 2684 NdisWan - ok
13:22:55.0386 2684 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:22:55.0431 2684 NDProxy - ok
13:22:55.0456 2684 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:22:55.0500 2684 NetBIOS - ok
13:22:55.0528 2684 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:22:55.0576 2684 NetBT - ok
13:22:55.0674 2684 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:22:55.0688 2684 Netlogon - ok
13:22:55.0732 2684 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:22:55.0784 2684 Netman - ok
13:22:55.0883 2684 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:55.0892 2684 NetMsmqActivator - ok
13:22:55.0905 2684 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:55.0914 2684 NetPipeActivator - ok
13:22:55.0981 2684 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:22:56.0034 2684 netprofm - ok
13:22:56.0147 2684 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:56.0156 2684 NetTcpActivator - ok
13:22:56.0169 2684 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:56.0178 2684 NetTcpPortSharing - ok
13:22:56.0252 2684 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:22:56.0265 2684 nfrd960 - ok
13:22:56.0306 2684 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:22:56.0354 2684 NlaSvc - ok
13:22:56.0448 2684 nmwcd (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
13:22:56.0475 2684 nmwcd - ok
13:22:56.0527 2684 nmwcdc (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
13:22:56.0561 2684 nmwcdc - ok
13:22:56.0622 2684 nmwcdnsucx64 (697ca586209e022d15dd0c838b235d6a) C:\Windows\system32\drivers\nmwcdnsucx64.sys
13:22:56.0658 2684 nmwcdnsucx64 - ok
13:22:56.0696 2684 nmwcdnsux64 (292ddf13f91f2cb2482b57aacd6aeb9b) C:\Windows\system32\drivers\nmwcdnsux64.sys
13:22:56.0726 2684 nmwcdnsux64 - ok
13:22:56.0763 2684 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:22:56.0807 2684 Npfs - ok
13:22:56.0832 2684 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:22:56.0881 2684 nsi - ok
13:22:56.0931 2684 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:22:56.0984 2684 nsiproxy - ok
13:22:57.0088 2684 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:22:57.0145 2684 Ntfs - ok
13:22:57.0186 2684 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:22:57.0234 2684 Null - ok
13:22:57.0319 2684 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
13:22:57.0328 2684 NVHDA - ok
13:22:57.0579 2684 nvlddmkm (0d3f6e25c658530a2ad4b648849f1483) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:22:57.0755 2684 nvlddmkm - ok
13:22:57.0852 2684 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:22:57.0867 2684 nvraid - ok
13:22:57.0899 2684 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:22:57.0913 2684 nvstor - ok
13:22:57.0970 2684 nvsvc (7dd5a1a53bb2d1b1b85c9c543d05e222) C:\Windows\system32\nvvsvc.exe
13:22:57.0983 2684 nvsvc - ok
13:22:58.0035 2684 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:22:58.0049 2684 nv_agp - ok
13:22:58.0064 2684 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:22:58.0089 2684 ohci1394 - ok
13:22:58.0152 2684 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:22:58.0162 2684 ose - ok
13:22:58.0308 2684 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:22:58.0477 2684 osppsvc - ok
13:22:58.0570 2684 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:22:58.0588 2684 p2pimsvc - ok
13:22:58.0618 2684 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:22:58.0652 2684 p2psvc - ok
13:22:58.0697 2684 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:22:58.0721 2684 Parport - ok
13:22:58.0773 2684 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:22:58.0785 2684 partmgr - ok
13:22:58.0851 2684 PassThru Service (a1e779a0cf7a21b42e8fd3e8856d8481) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
13:22:58.0871 2684 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
13:22:58.0871 2684 PassThru Service - detected UnsignedFile.Multi.Generic (1)
13:22:58.0949 2684 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:22:58.0979 2684 PcaSvc - ok
13:22:59.0086 2684 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
13:22:59.0105 2684 pccsmcfd - ok
13:22:59.0138 2684 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:22:59.0152 2684 pci - ok
13:22:59.0177 2684 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:22:59.0189 2684 pciide - ok
13:22:59.0234 2684 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:22:59.0250 2684 pcmcia - ok
13:22:59.0274 2684 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:22:59.0284 2684 pcw - ok
13:22:59.0314 2684 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:22:59.0374 2684 PEAUTH - ok
13:22:59.0420 2684 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:22:59.0446 2684 PerfHost - ok
13:22:59.0530 2684 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:22:59.0606 2684 pla - ok
13:22:59.0678 2684 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
13:22:59.0717 2684 PlugPlay - ok
13:22:59.0743 2684 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:22:59.0768 2684 PNRPAutoReg - ok
13:22:59.0792 2684 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:22:59.0808 2684 PNRPsvc - ok
13:22:59.0847 2684 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:22:59.0904 2684 PolicyAgent - ok
13:22:59.0986 2684 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:23:00.0033 2684 Power - ok
13:23:00.0123 2684 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:23:00.0176 2684 PptpMiniport - ok
13:23:00.0203 2684 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:23:00.0229 2684 Processor - ok
13:23:00.0268 2684 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
13:23:00.0323 2684 ProfSvc - ok
13:23:00.0406 2684 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:23:00.0419 2684 ProtectedStorage - ok
13:23:00.0473 2684 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:23:00.0524 2684 Psched - ok
13:23:00.0589 2684 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:23:00.0656 2684 ql2300 - ok
13:23:00.0688 2684 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:23:00.0701 2684 ql40xx - ok
13:23:00.0744 2684 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:23:00.0767 2684 QWAVE - ok
13:23:00.0812 2684 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:23:00.0839 2684 QWAVEdrv - ok
13:23:00.0861 2684 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:23:00.0909 2684 RasAcd - ok
13:23:00.0995 2684 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:23:01.0031 2684 RasAgileVpn - ok
13:23:01.0061 2684 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:23:01.0113 2684 RasAuto - ok
13:23:01.0212 2684 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:23:01.0250 2684 Rasl2tp - ok
13:23:01.0289 2684 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
13:23:01.0343 2684 RasMan - ok
13:23:01.0444 2684 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:23:01.0496 2684 RasPppoe - ok
13:23:01.0592 2684 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:23:01.0638 2684 RasSstp - ok
13:23:01.0670 2684 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:23:01.0720 2684 rdbss - ok
13:23:01.0805 2684 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:23:01.0830 2684 rdpbus - ok
13:23:01.0853 2684 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:23:01.0901 2684 RDPCDD - ok
13:23:01.0996 2684 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:23:02.0046 2684 RDPENCDD - ok
13:23:02.0071 2684 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:23:02.0121 2684 RDPREFMP - ok
13:23:02.0221 2684 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
13:23:02.0247 2684 RDPWD - ok
13:23:02.0346 2684 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:23:02.0361 2684 rdyboost - ok
13:23:02.0383 2684 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:23:02.0438 2684 RemoteAccess - ok
13:23:02.0479 2684 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:23:02.0520 2684 RemoteRegistry - ok
13:23:02.0545 2684 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:23:02.0597 2684 RpcEptMapper - ok
13:23:02.0628 2684 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:23:02.0654 2684 RpcLocator - ok
13:23:02.0735 2684 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:23:02.0777 2684 RpcSs - ok
13:23:02.0840 2684 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:23:02.0891 2684 rspndr - ok
13:23:02.0981 2684 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:23:02.0994 2684 SamSs - ok
13:23:03.0041 2684 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:23:03.0054 2684 sbp2port - ok
13:23:03.0099 2684 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:23:03.0154 2684 SCardSvr - ok
13:23:03.0194 2684 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:23:03.0240 2684 scfilter - ok
13:23:03.0291 2684 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
13:23:03.0351 2684 Schedule - ok
13:23:03.0389 2684 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:23:03.0425 2684 SCPolicySvc - ok
13:23:03.0452 2684 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:23:03.0478 2684 SDRSVC - ok
13:23:03.0570 2684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:23:03.0616 2684 secdrv - ok
13:23:03.0653 2684 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:23:03.0700 2684 seclogon - ok
13:23:03.0762 2684 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:23:03.0799 2684 SENS - ok
13:23:03.0820 2684 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:23:03.0855 2684 SensrSvc - ok
13:23:03.0950 2684 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:23:03.0970 2684 Serenum - ok
13:23:03.0996 2684 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:23:04.0020 2684 Serial - ok
13:23:04.0031 2684 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:23:04.0058 2684 sermouse - ok
13:23:04.0167 2684 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
13:23:04.0188 2684 ServiceLayer - ok
13:23:04.0271 2684 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
13:23:04.0309 2684 SessionEnv - ok
13:23:04.0342 2684 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:23:04.0369 2684 sffdisk - ok
13:23:04.0399 2684 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:23:04.0432 2684 sffp_mmc - ok
13:23:04.0486 2684 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
13:23:04.0511 2684 sffp_sd - ok
13:23:04.0549 2684 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:23:04.0576 2684 sfloppy - ok
13:23:04.0621 2684 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:23:04.0679 2684 SharedAccess - ok
13:23:04.0720 2684 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:23:04.0751 2684 ShellHWDetection - ok
13:23:04.0847 2684 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
13:23:04.0868 2684 SiSGbeLH - ok
13:23:04.0903 2684 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:23:04.0915 2684 SiSRaid2 - ok
13:23:04.0938 2684 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:23:04.0951 2684 SiSRaid4 - ok
13:23:04.0975 2684 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:23:05.0033 2684 Smb - ok
13:23:05.0123 2684 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:23:05.0156 2684 SNMPTRAP - ok
13:23:05.0233 2684 SNP2UVC (2d280b5799f9c143fa7d49e032fbce46) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:23:05.0305 2684 SNP2UVC - ok
13:23:05.0383 2684 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:23:05.0393 2684 spldr - ok
13:23:05.0435 2684 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
13:23:05.0464 2684 Spooler - ok
13:23:05.0614 2684 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:23:05.0722 2684 sppsvc - ok
13:23:05.0751 2684 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:23:05.0805 2684 sppuinotify - ok
13:23:05.0856 2684 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:23:05.0892 2684 srv - ok
13:23:05.0942 2684 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:23:05.0975 2684 srv2 - ok
13:23:06.0025 2684 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:23:06.0048 2684 srvnet - ok
13:23:06.0137 2684 sscdbus (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
13:23:06.0157 2684 sscdbus - ok
13:23:06.0196 2684 sscdmdfl (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
13:23:06.0223 2684 sscdmdfl - ok
13:23:06.0247 2684 sscdmdm (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
13:23:06.0261 2684 sscdmdm - ok
13:23:06.0284 2684 sscdserd (23ebb395609d9cdb8b1074a12254119b) C:\Windows\system32\DRIVERS\sscdserd.sys
13:23:06.0313 2684 sscdserd - ok
13:23:06.0349 2684 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:23:06.0402 2684 SSDPSRV - ok
13:23:06.0424 2684 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:23:06.0475 2684 SstpSvc - ok
13:23:06.0508 2684 Steam Client Service - ok
13:23:06.0585 2684 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:23:06.0596 2684 stexstor - ok
13:23:06.0635 2684 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:23:06.0672 2684 stisvc - ok
13:23:06.0715 2684 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:23:06.0725 2684 swenum - ok
13:23:06.0760 2684 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:23:06.0805 2684 swprv - ok
13:23:06.0852 2684 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
13:23:06.0932 2684 SysMain - ok
13:23:06.0983 2684 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:23:07.0004 2684 TabletInputService - ok
13:23:07.0024 2684 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:23:07.0067 2684 TapiSrv - ok
13:23:07.0082 2684 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:23:07.0121 2684 TBS - ok
13:23:07.0195 2684 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
13:23:07.0265 2684 Tcpip - ok
13:23:07.0339 2684 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
13:23:07.0376 2684 TCPIP6 - ok
13:23:07.0414 2684 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:23:07.0451 2684 tcpipreg - ok
13:23:07.0486 2684 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:23:07.0506 2684 TDPIPE - ok
13:23:07.0542 2684 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
13:23:07.0567 2684 TDTCP - ok
13:23:07.0604 2684 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:23:07.0649 2684 tdx - ok
13:23:07.0677 2684 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:23:07.0688 2684 TermDD - ok
13:23:07.0725 2684 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:23:07.0785 2684 TermService - ok
13:23:07.0813 2684 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:23:07.0844 2684 Themes - ok
13:23:07.0883 2684 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:23:07.0921 2684 THREADORDER - ok
13:23:07.0972 2684 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:23:08.0027 2684 TrkWks - ok
13:23:08.0074 2684 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:23:08.0096 2684 TrustedInstaller - ok
13:23:08.0156 2684 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:23:08.0202 2684 tssecsrv - ok
13:23:08.0271 2684 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:23:08.0309 2684 tunnel - ok
13:23:08.0333 2684 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:23:08.0346 2684 uagp35 - ok
13:23:08.0398 2684 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:23:08.0448 2684 udfs - ok
13:23:08.0502 2684 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:23:08.0527 2684 UI0Detect - ok
13:23:08.0585 2684 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:23:08.0598 2684 uliagpkx - ok
13:23:08.0632 2684 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:23:08.0655 2684 umbus - ok
13:23:08.0675 2684 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:23:08.0688 2684 UmPass - ok
13:23:08.0720 2684 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:23:08.0770 2684 upnphost - ok
13:23:08.0879 2684 upperdev (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
13:23:08.0905 2684 upperdev - ok
13:23:08.0963 2684 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
13:23:08.0998 2684 usbaudio - ok
13:23:09.0088 2684 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:23:09.0112 2684 usbccgp - ok
13:23:09.0154 2684 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:23:09.0177 2684 usbcir - ok
13:23:09.0206 2684 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
13:23:09.0219 2684 usbehci - ok
13:23:09.0257 2684 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:23:09.0292 2684 usbhub - ok
13:23:09.0318 2684 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
13:23:09.0339 2684 usbohci - ok
13:23:09.0372 2684 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:23:09.0395 2684 usbprint - ok
13:23:09.0423 2684 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
13:23:09.0438 2684 usbser - ok
13:23:09.0474 2684 UsbserFilt (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
13:23:09.0500 2684 UsbserFilt - ok
13:23:09.0531 2684 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:23:09.0552 2684 USBSTOR - ok
13:23:09.0575 2684 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:23:09.0603 2684 usbuhci - ok
13:23:09.0686 2684 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
13:23:09.0708 2684 usbvideo - ok
13:23:09.0744 2684 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:23:09.0782 2684 UxSms - ok
13:23:09.0815 2684 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:23:09.0828 2684 VaultSvc - ok
13:23:09.0883 2684 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:23:09.0894 2684 vdrvroot - ok
13:23:09.0943 2684 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:23:09.0965 2684 vds - ok
13:23:10.0022 2684 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:23:10.0038 2684 vga - ok
13:23:10.0056 2684 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:23:10.0108 2684 VgaSave - ok
13:23:10.0149 2684 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:23:10.0165 2684 vhdmp - ok
13:23:10.0176 2684 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:23:10.0187 2684 viaide - ok
13:23:10.0207 2684 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:23:10.0219 2684 volmgr - ok
13:23:10.0250 2684 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:23:10.0267 2684 volmgrx - ok
13:23:10.0296 2684 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:23:10.0313 2684 volsnap - ok
13:23:10.0351 2684 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:23:10.0366 2684 vsmraid - ok
13:23:10.0422 2684 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:23:10.0481 2684 VSS - ok
13:23:10.0532 2684 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:23:10.0560 2684 vwifibus - ok
13:23:10.0587 2684 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:23:10.0605 2684 vwififlt - ok
13:23:10.0643 2684 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:23:10.0661 2684 vwifimp - ok
13:23:10.0697 2684 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:23:10.0740 2684 W32Time - ok
13:23:10.0783 2684 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:23:10.0810 2684 WacomPen - ok
13:23:10.0855 2684 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:23:10.0904 2684 WANARP - ok
13:23:10.0915 2684 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:23:10.0952 2684 Wanarpv6 - ok
13:23:11.0062 2684 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:23:11.0127 2684 wbengine - ok
13:23:11.0168 2684 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:23:11.0201 2684 WbioSrvc - ok
13:23:11.0246 2684 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
13:23:11.0275 2684 wcncsvc - ok
13:23:11.0305 2684 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:23:11.0332 2684 WcsPlugInService - ok
13:23:11.0381 2684 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:23:11.0392 2684 Wd - ok
13:23:11.0423 2684 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:23:11.0446 2684 Wdf01000 - ok
13:23:11.0477 2684 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:23:11.0508 2684 WdiServiceHost - ok
13:23:11.0512 2684 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:23:11.0531 2684 WdiSystemHost - ok
13:23:11.0569 2684 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
13:23:11.0601 2684 WebClient - ok
13:23:11.0639 2684 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:23:11.0694 2684 Wecsvc - ok
13:23:11.0768 2684 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:23:11.0816 2684 wercplsupport - ok
13:23:11.0900 2684 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:23:11.0956 2684 WerSvc - ok
13:23:12.0035 2684 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:23:12.0072 2684 WfpLwf - ok
13:23:12.0117 2684 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
13:23:12.0131 2684 WimFltr - ok
13:23:12.0151 2684 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:23:12.0163 2684 WIMMount - ok
13:23:12.0212 2684 WinDefend - ok
13:23:12.0223 2684 WinHttpAutoProxySvc - ok
13:23:12.0290 2684 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:23:12.0329 2684 Winmgmt - ok
13:23:12.0395 2684 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:23:12.0517 2684 WinRM - ok
13:23:12.0624 2684 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
13:23:12.0641 2684 WinUSB - ok
13:23:12.0692 2684 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:23:12.0733 2684 Wlansvc - ok
13:23:12.0858 2684 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:23:12.0938 2684 wlidsvc - ok
13:23:13.0031 2684 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:23:13.0055 2684 WmiAcpi - ok
13:23:13.0119 2684 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:23:13.0144 2684 wmiApSrv - ok
13:23:13.0205 2684 WMPNetworkSvc - ok
13:23:13.0273 2684 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:23:13.0303 2684 WPCSvc - ok
13:23:13.0332 2684 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
13:23:13.0362 2684 WPDBusEnum - ok
13:23:13.0401 2684 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:23:13.0450 2684 ws2ifsl - ok
13:23:13.0486 2684 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
13:23:13.0513 2684 wscsvc - ok
13:23:13.0609 2684 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:23:13.0633 2684 WSDPrintDevice - ok
13:23:13.0649 2684 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
13:23:13.0666 2684 WSDScan - ok
13:23:13.0674 2684 WSearch - ok
13:23:13.0760 2684 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
13:23:13.0870 2684 wuauserv - ok
13:23:13.0915 2684 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:23:13.0955 2684 WudfPf - ok
13:23:14.0032 2684 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:23:14.0078 2684 WUDFRd - ok
13:23:14.0115 2684 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
13:23:14.0169 2684 wudfsvc - ok
13:23:14.0193 2684 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:23:14.0227 2684 WwanSvc - ok
13:23:14.0266 2684 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:23:14.0503 2684 \Device\Harddisk0\DR0 - ok
13:23:14.0514 2684 Boot (0x1200) (5e95d734f2ee255cf18cc62115ae5b1d) \Device\Harddisk0\DR0\Partition0
13:23:14.0515 2684 \Device\Harddisk0\DR0\Partition0 - ok
13:23:14.0544 2684 Boot (0x1200) (5071c243f6804197c01ba5ee2314ea08) \Device\Harddisk0\DR0\Partition1
13:23:14.0546 2684 \Device\Harddisk0\DR0\Partition1 - ok
13:23:14.0546 2684 ============================================================
13:23:14.0546 2684 Scan finished
13:23:14.0546 2684 ============================================================
13:23:14.0613 2972 Detected object count: 2
13:23:14.0613 2972 Actual detected object count: 2
13:23:29.0821 2972 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:29.0821 2972 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:29.0823 2972 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:29.0823 2972 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
25.03.2012, 15:32
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner? oder echt? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2012, 23:23
| #15 |
| | GVU Trojaner? oder echt? ok erledigt, hier das log: Combofix Logfile: Code:
ATTFilter ComboFix 12-03-22.01 - Adik 25.03.2012 23:36:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4095.2743 [GMT 2:00]
ausgeführt von:: c:\users\Adik\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetWallpaper.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-25 bis 2012-03-25 ))))))))))))))))))))))))))))))
.
.
2012-03-25 21:42 . 2012-03-25 21:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-23 20:47 . 2012-03-23 16:09 -------- d-----w- C:\_OTL
2012-03-23 16:09 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9BBDAE6-554E-47F7-803A-E0E0EE856F6A}\mpengine.dll
2012-03-20 09:09 . 2012-03-20 09:09 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 09:09 . 2012-03-20 09:09 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 23:09 . 2012-03-18 23:09 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-03-18 23:08 . 2012-03-18 23:09 -------- d-----w- c:\program files (x86)\HTC
2012-03-18 23:02 . 2012-03-18 23:20 -------- d-----w- C:\ruu_log
2012-03-14 22:23 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 22:23 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:23 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 13:41 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:41 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:41 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 13:41 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 13:41 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 13:41 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 13:41 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 13:41 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 13:41 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-14 13:41 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-14 13:41 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-13 21:41 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 21:41 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 21:41 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:41 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 21:41 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 21:41 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:41 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 11:25 . 2012-03-11 11:25 -------- d-----w- c:\users\Adik\AppData\Local\ElevatedDiagnostics
2012-03-07 11:07 . 2012-03-07 11:07 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-01 14:00 . 2012-03-10 19:29 -------- d-----w- c:\users\Adik\AppData\Roaming\ultrastardx
2012-03-01 14:00 . 2012-03-02 13:42 -------- d-----w- c:\program files (x86)\UltraStar Deluxe
2012-03-01 13:00 . 2012-03-01 13:03 -------- d-----w- c:\program files (x86)\UltraStar
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2011-02-19 15:08 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 18:02 . 2011-10-17 16:29 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-14 23:03 . 2012-02-14 23:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-14 23:03 . 2012-02-14 23:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-14 23:03 . 2012-02-14 23:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-14 23:03 . 2012-02-14 23:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-14 23:03 . 2012-02-14 23:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-14 23:03 . 2012-02-14 23:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-14 23:03 . 2012-02-14 23:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-14 23:03 . 2012-02-14 23:03 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-14 23:03 . 2012-02-14 23:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-14 23:03 . 2012-02-14 23:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-14 23:03 . 2012-02-14 23:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-14 23:03 . 2012-02-14 23:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-14 23:03 . 2012-02-14 23:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-14 23:03 . 2012-02-14 23:03 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-14 23:03 . 2012-02-14 23:03 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-14 23:03 . 2012-02-14 23:03 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-14 23:03 . 2012-02-14 23:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-14 23:03 . 2012-02-14 23:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-14 23:03 . 2012-02-14 23:03 448512 ----a-w- c:\windows\system32\html.iec
2012-02-14 23:03 . 2012-02-14 23:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-14 23:03 . 2012-02-14 23:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-14 23:03 . 2012-02-14 23:03 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-14 23:03 . 2012-02-14 23:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-14 23:03 . 2012-02-14 23:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-14 23:03 . 2012-02-14 23:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-14 23:03 . 2012-02-14 23:03 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-14 23:03 . 2012-02-14 23:03 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-14 23:03 . 2012-02-14 23:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-14 23:03 . 2012-02-14 23:03 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-14 23:03 . 2012-02-14 23:03 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-14 23:03 . 2012-02-14 23:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-14 23:03 . 2012-02-14 23:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-14 23:03 . 2012-02-14 23:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-14 23:03 . 2012-02-14 23:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-14 23:03 . 2012-02-14 23:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-14 23:03 . 2012-02-14 23:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-14 23:03 . 2012-02-14 23:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-14 23:03 . 2012-02-14 23:03 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-14 23:03 . 2012-02-14 23:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-14 23:03 . 2012-02-14 23:03 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-14 23:03 . 2012-02-14 23:03 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-14 23:03 . 2012-02-14 23:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-04 09:58 . 2012-02-15 17:21 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 17:21 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-15 17:20 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-15 17:20 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 17:20 499200 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-2-20 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2616729836-2362613055-2871255851-1001Core.job
- c:\users\Adik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 22:38]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2616729836-2362613055-2871255851-1001UA.job
- c:\users\Adik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 22:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 16330272]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&ss=1&affID=17395
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: EXIF lesen - c:\program files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Adik\AppData\Roaming\Mozilla\Firefox\Profiles\gynvhsc1.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-4rJHeEXlxs54kFa - c:\users\Adik\AppData\Roaming\gw45u45111.exe
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2616729836-2362613055-2871255851-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:2b,7e,9e,be,04,ae,ee,dd,c6,c5,df,65,82,5a,45,20,ab,94,e1,98,55,
1a,aa,8c,73,32,19,d4,7c,b5,84,7b,79,d3,ee,9d,db,2d,7a,4c,04,0f,fa,63,62,a4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\AsScrPro.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-25 23:50:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-25 21:50
.
Vor Suchlauf: 12 Verzeichnis(se), 162.411.061.248 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 163.363.983.360 Bytes frei
.
- - End Of File - - C0274C59BF976AB53EF94B8178795C39
[/QUOTE] |
|
| Themen zu GVU Trojaner? oder echt? |
| anleitung, betriebssystem, bildschirm, bundesamt, computer, geladen, gvu trojaner, ihr computer wurde von der gvu gesperrt, mahnung, meldung, nicht sicher, problem, raubkopien, schließe, seiten, sicherheit, super, sämtliche, trojaner, trojaner?, verbindung, würde, zusammen |
Linear-Darstellung
