| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.09.2012, 19:11
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigtCode:
ATTFilter NameServer = 10.111.81.129 10.129.32.1
Das ist NICHT das Netz der Fritz-Box Sieht aus, als wenn du mit diesem Rechner auch im Firmennetz unterwegs warst
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.09.2012, 19:58
| #17 |
 | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt Absolut keine Ahnung, woher das kommt und was das sein soll.
__________________Meine "Firma" (Schule) hat ja nicht mal genug Geld für ordentliches Klopapier oder ausreichend Kopierpapier. Die Uralt-Rechner in der "Firma" werden von Freiwilligen gewartet (die dürfen dann eine halbe Stunde in der Woche weniger arbeiten). Als ich dort anfing und nach einem Rechner fragte gabs erstmal einen Lachflash. Das einzige, das möglich ist, ist ein webmail-Zugriff auf mein email-Postfach. Auf diesem PC bin ich mein eigener Chef und sonst hat dort niemand drauf Zugriff. Weder Frau noch Kinder noch Hund (hab ich auch gar keinen). |
|
04.09.2012, 20:11
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - user.js - File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-4020697152-834944441-851474326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-4020697152-834944441-851474326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-4020697152-834944441-851474326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1d9a63b3-cc18-11e1-a002-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{1d9a63b3-cc18-11e1-a002-005056c00008}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{780c77a9-af9b-11e1-814e-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{780c77a9-af9b-11e1-814e-005056c00008}\Shell\AutoRun\command - "" = K:\Data\setup.exe
O33 - MountPoints2\{ca6f4753-fde6-11df-8f66-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ca6f4753-fde6-11df-8f66-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.bat
O33 - MountPoints2\{cbe1a509-ce47-11e1-b4b6-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{cbe1a509-ce47-11e1-b4b6-005056c00008}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{cbe1a523-ce47-11e1-b4b6-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{cbe1a523-ce47-11e1-b4b6-005056c00008}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{cbe1a54d-ce47-11e1-b4b6-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{cbe1a54d-ce47-11e1-b4b6-005056c00008}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{cbe1a56f-ce47-11e1-b4b6-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{cbe1a56f-ce47-11e1-b4b6-005056c00008}\Shell\AutoRun\command - "" = K:\AutoRun.exe
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5F64C164
:Files
C:\ProgramData\*.pad
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
04.09.2012, 20:58
| #19 |
| | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt Otl-Fix: Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\EnableShellExecuteHooks deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun not found.
Registry value HKEY_USERS\S-1-5-21-4020697152-834944441-851474326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4020697152-834944441-851474326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4020697152-834944441-851474326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9a63b3-cc18-11e1-a002-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9a63b3-cc18-11e1-a002-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9a63b3-cc18-11e1-a002-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9a63b3-cc18-11e1-a002-005056c00008}\ not found.
File K:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{780c77a9-af9b-11e1-814e-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{780c77a9-af9b-11e1-814e-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{780c77a9-af9b-11e1-814e-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{780c77a9-af9b-11e1-814e-005056c00008}\ not found.
File K:\Data\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca6f4753-fde6-11df-8f66-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca6f4753-fde6-11df-8f66-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca6f4753-fde6-11df-8f66-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca6f4753-fde6-11df-8f66-806e6f6e6963}\ not found.
File E:\autorun.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe1a509-ce47-11e1-b4b6-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbe1a509-ce47-11e1-b4b6-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe1a509-ce47-11e1-b4b6-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbe1a509-ce47-11e1-b4b6-005056c00008}\ not found.
File K:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe1a523-ce47-11e1-b4b6-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbe1a523-ce47-11e1-b4b6-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe1a523-ce47-11e1-b4b6-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbe1a523-ce47-11e1-b4b6-005056c00008}\ not found.
File K:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe1a54d-ce47-11e1-b4b6-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbe1a54d-ce47-11e1-b4b6-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe1a54d-ce47-11e1-b4b6-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbe1a54d-ce47-11e1-b4b6-005056c00008}\ not found.
File K:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe1a56f-ce47-11e1-b4b6-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbe1a56f-ce47-11e1-b4b6-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe1a56f-ce47-11e1-b4b6-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbe1a56f-ce47-11e1-b4b6-005056c00008}\ not found.
File K:\AutoRun.exe not found.
ADS C:\ProgramData\Temp:5F64C164 deleted successfully.
========== FILES ==========
C:\ProgramData\ism_0_llatsni.pad moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Stephan\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Stephan\Desktop\cmd.bat deleted successfully.
C:\Users\Stephan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Stephan
->Temp folder emptied: 363961324 bytes
->Temporary Internet Files folder emptied: 178557029 bytes
->FireFox cache emptied: 61598335 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59453605 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
RecycleBin emptied: 1257250183 bytes
Total Files Cleaned = 1.832,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Stephan
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.60.0 log created on 09042012_215219
Files\Folders moved on Reboot...
C:\Users\Stephan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2332.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
05.09.2012, 12:21
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.09.2012, 12:45
| #21 |
| | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt TDSS hat ein paar Sachen gefunden, Risk? Hier der Log dazu: Code:
ATTFilter 13:40:02.0653 3988 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:40:02.0779 3988 ============================================================
13:40:02.0779 3988 Current date / time: 2012/09/05 13:40:02.0779
13:40:02.0779 3988 SystemInfo:
13:40:02.0779 3988
13:40:02.0779 3988 OS Version: 6.1.7601 ServicePack: 1.0
13:40:02.0779 3988 Product type: Workstation
13:40:02.0779 3988 ComputerName: STEPHAN-HP
13:40:02.0779 3988 UserName: Stephan
13:40:02.0779 3988 Windows directory: C:\Windows
13:40:02.0779 3988 System windows directory: C:\Windows
13:40:02.0779 3988 Running under WOW64
13:40:02.0779 3988 Processor architecture: Intel x64
13:40:02.0779 3988 Number of processors: 4
13:40:02.0779 3988 Page size: 0x1000
13:40:02.0779 3988 Boot type: Normal boot
13:40:02.0779 3988 ============================================================
13:40:03.0512 3988 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:40:03.0512 3988 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:40:03.0521 3988 ============================================================
13:40:03.0521 3988 \Device\Harddisk0\DR0:
13:40:03.0521 3988 MBR partitions:
13:40:03.0521 3988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:40:03.0521 3988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x41E61800
13:40:03.0540 3988 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x41E94800, BlocksNum 0x30D3F800
13:40:03.0540 3988 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x72BD4000, BlocksNum 0x1B32000
13:40:03.0540 3988 \Device\Harddisk1\DR1:
13:40:03.0540 3988 MBR partitions:
13:40:03.0541 3988 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12C85800
13:40:03.0541 3988 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12C86000, BlocksNum 0x249F0000
13:40:03.0541 3988 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x37676000, BlocksNum 0x1E848000
13:40:03.0541 3988 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x55EBE800, BlocksNum 0x1E847800
13:40:03.0541 3988 ============================================================
13:40:03.0568 3988 C: <-> \Device\Harddisk0\DR0\Partition2
13:40:03.0620 3988 D: <-> \Device\Harddisk0\DR0\Partition4
13:40:03.0621 3988 G: <-> \Device\Harddisk1\DR1\Partition1
13:40:03.0622 3988 H: <-> \Device\Harddisk1\DR1\Partition2
13:40:03.0624 3988 I: <-> \Device\Harddisk1\DR1\Partition3
13:40:03.0625 3988 J: <-> \Device\Harddisk1\DR1\Partition4
13:40:03.0662 3988 L: <-> \Device\Harddisk0\DR0\Partition3
13:40:03.0662 3988 ============================================================
13:40:03.0662 3988 Initialize success
13:40:03.0662 3988 ============================================================
13:40:40.0475 5840 ============================================================
13:40:40.0475 5840 Scan started
13:40:40.0475 5840 Mode: Manual; SigCheck; TDLFS;
13:40:40.0475 5840 ============================================================
13:40:41.0219 5840 ================ Scan system memory ========================
13:40:41.0219 5840 System memory - ok
13:40:41.0220 5840 ================ Scan services =============================
13:40:41.0365 5840 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:40:41.0443 5840 1394ohci - ok
13:40:41.0462 5840 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:40:41.0475 5840 ACPI - ok
13:40:41.0493 5840 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:40:41.0533 5840 AcpiPmi - ok
13:40:41.0569 5840 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:40:41.0585 5840 adp94xx - ok
13:40:41.0614 5840 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:40:41.0627 5840 adpahci - ok
13:40:41.0645 5840 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:40:41.0655 5840 adpu320 - ok
13:40:41.0673 5840 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:40:41.0812 5840 AeLookupSvc - ok
13:40:41.0850 5840 [ 0517E1670A58213E3F206066CD209273 ] AF15BDA C:\Windows\system32\DRIVERS\AF15BDA.sys
13:40:41.0889 5840 AF15BDA - ok
13:40:41.0932 5840 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:40:42.0000 5840 AFD - ok
13:40:42.0026 5840 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:40:42.0041 5840 agp440 - ok
13:40:42.0064 5840 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:40:42.0113 5840 ALG - ok
13:40:42.0144 5840 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:40:42.0166 5840 aliide - ok
13:40:42.0193 5840 [ 42A94F482428421BD127EDBB14B79B14 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:40:42.0248 5840 AMD External Events Utility - ok
13:40:42.0263 5840 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:40:42.0271 5840 amdide - ok
13:40:42.0295 5840 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:40:42.0345 5840 AmdK8 - ok
13:40:42.0528 5840 [ D14695611858EE599155735D434CE42E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:40:42.0665 5840 amdkmdag - ok
13:40:42.0687 5840 [ EAB03312D7C9454FD4CCA152646A5E56 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:40:42.0714 5840 amdkmdap - ok
13:40:42.0733 5840 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:40:42.0750 5840 AmdPPM - ok
13:40:42.0787 5840 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:40:42.0813 5840 amdsata - ok
13:40:42.0839 5840 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:40:42.0856 5840 amdsbs - ok
13:40:42.0874 5840 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:40:42.0888 5840 amdxata - ok
13:40:42.0967 5840 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:40:42.0997 5840 AntiVirSchedulerService - ok
13:40:43.0030 5840 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:40:43.0056 5840 AntiVirService - ok
13:40:43.0094 5840 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:40:43.0206 5840 AppID - ok
13:40:43.0224 5840 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:40:43.0267 5840 AppIDSvc - ok
13:40:43.0294 5840 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:40:43.0321 5840 Appinfo - ok
13:40:43.0392 5840 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:40:43.0444 5840 AppMgmt - ok
13:40:43.0468 5840 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:40:43.0483 5840 arc - ok
13:40:43.0497 5840 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:40:43.0512 5840 arcsas - ok
13:40:43.0528 5840 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:40:43.0580 5840 AsyncMac - ok
13:40:43.0602 5840 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:40:43.0611 5840 atapi - ok
13:40:43.0635 5840 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
13:40:43.0644 5840 AtiHdmiService - ok
13:40:43.0681 5840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:40:43.0723 5840 AudioEndpointBuilder - ok
13:40:43.0732 5840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:40:43.0764 5840 AudioSrv - ok
13:40:43.0806 5840 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:40:43.0829 5840 avgntflt - ok
13:40:43.0873 5840 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:40:43.0902 5840 avipbb - ok
13:40:43.0922 5840 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:40:43.0936 5840 avkmgr - ok
13:40:43.0967 5840 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:40:44.0029 5840 AxInstSV - ok
13:40:44.0072 5840 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:40:44.0115 5840 b06bdrv - ok
13:40:44.0142 5840 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:40:44.0177 5840 b57nd60a - ok
13:40:44.0214 5840 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:40:44.0244 5840 BDESVC - ok
13:40:44.0279 5840 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:40:44.0339 5840 Beep - ok
13:40:44.0377 5840 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:40:44.0410 5840 BFE - ok
13:40:44.0433 5840 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:40:44.0485 5840 BITS - ok
13:40:44.0508 5840 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:40:44.0527 5840 blbdrive - ok
13:40:44.0550 5840 [ 057F482CFDB57E75202E2E37795F2D3B ] BMLoad C:\Windows\system32\drivers\BMLoad.sys
13:40:44.0567 5840 BMLoad ( UnsignedFile.Multi.Generic ) - warning
13:40:44.0568 5840 BMLoad - detected UnsignedFile.Multi.Generic (1)
13:40:44.0599 5840 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:40:44.0618 5840 bowser - ok
13:40:44.0637 5840 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:40:44.0696 5840 BrFiltLo - ok
13:40:44.0721 5840 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:40:44.0740 5840 BrFiltUp - ok
13:40:44.0753 5840 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:40:44.0790 5840 Browser - ok
13:40:44.0810 5840 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:40:44.0849 5840 Brserid - ok
13:40:44.0863 5840 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:40:44.0880 5840 BrSerWdm - ok
13:40:44.0903 5840 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:40:44.0924 5840 BrUsbMdm - ok
13:40:44.0934 5840 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:40:44.0944 5840 BrUsbSer - ok
13:40:44.0957 5840 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:40:44.0979 5840 BTHMODEM - ok
13:40:45.0009 5840 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:40:45.0044 5840 bthserv - ok
13:40:45.0107 5840 [ 1778EBA872274C1226D869CD9486847E ] Capture Device Service C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
13:40:45.0133 5840 Capture Device Service - ok
13:40:45.0155 5840 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:40:45.0212 5840 cdfs - ok
13:40:45.0244 5840 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:40:45.0272 5840 cdrom - ok
13:40:45.0299 5840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:40:45.0329 5840 CertPropSvc - ok
13:40:45.0344 5840 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:40:45.0365 5840 circlass - ok
13:40:45.0389 5840 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:40:45.0402 5840 CLFS - ok
13:40:45.0445 5840 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:40:45.0453 5840 clr_optimization_v2.0.50727_32 - ok
13:40:45.0487 5840 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:40:45.0508 5840 clr_optimization_v2.0.50727_64 - ok
13:40:45.0561 5840 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:40:45.0585 5840 clr_optimization_v4.0.30319_32 - ok
13:40:45.0614 5840 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:40:45.0627 5840 clr_optimization_v4.0.30319_64 - ok
13:40:45.0648 5840 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:40:45.0682 5840 CmBatt - ok
13:40:45.0703 5840 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:40:45.0717 5840 cmdide - ok
13:40:45.0752 5840 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:40:45.0785 5840 CNG - ok
13:40:45.0803 5840 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:40:45.0812 5840 Compbatt - ok
13:40:45.0833 5840 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:40:45.0878 5840 CompositeBus - ok
13:40:45.0895 5840 COMSysApp - ok
13:40:45.0906 5840 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:40:45.0917 5840 crcdisk - ok
13:40:45.0941 5840 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:40:45.0962 5840 CryptSvc - ok
13:40:46.0006 5840 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:40:46.0048 5840 CSC - ok
13:40:46.0068 5840 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:40:46.0097 5840 CscService - ok
13:40:46.0151 5840 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:40:46.0197 5840 dc3d - ok
13:40:46.0234 5840 [ B1C55A95006D621D04FE4A23F86C0A54 ] DCamUSBEMPIA C:\Windows\system32\DRIVERS\emDevice64.sys
13:40:46.0256 5840 DCamUSBEMPIA ( UnsignedFile.Multi.Generic ) - warning
13:40:46.0256 5840 DCamUSBEMPIA - detected UnsignedFile.Multi.Generic (1)
13:40:46.0309 5840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:40:46.0366 5840 DcomLaunch - ok
13:40:46.0392 5840 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:40:46.0430 5840 defragsvc - ok
13:40:46.0448 5840 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:40:46.0485 5840 DfsC - ok
13:40:46.0507 5840 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:40:46.0544 5840 Dhcp - ok
13:40:46.0566 5840 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:40:46.0593 5840 discache - ok
13:40:46.0617 5840 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:40:46.0627 5840 Disk - ok
13:40:46.0653 5840 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:40:46.0682 5840 Dnscache - ok
13:40:46.0705 5840 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:40:46.0743 5840 dot3svc - ok
13:40:46.0762 5840 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:40:46.0796 5840 DPS - ok
13:40:46.0814 5840 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:40:46.0826 5840 drmkaud - ok
13:40:46.0853 5840 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:40:46.0877 5840 DXGKrnl - ok
13:40:46.0896 5840 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:40:46.0938 5840 EapHost - ok
13:40:46.0986 5840 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:40:47.0046 5840 ebdrv - ok
13:40:47.0068 5840 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:40:47.0114 5840 EFS - ok
13:40:47.0159 5840 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:40:47.0205 5840 ehRecvr - ok
13:40:47.0230 5840 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:40:47.0260 5840 ehSched - ok
13:40:47.0300 5840 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:40:47.0334 5840 elxstor - ok
13:40:47.0344 5840 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:40:47.0367 5840 ErrDev - ok
13:40:47.0404 5840 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:40:47.0445 5840 EventSystem - ok
13:40:47.0497 5840 [ CA2E486FE6212FFD5FD171AC1A0B17BE ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
13:40:47.0543 5840 ewusbmbb - ok
13:40:47.0554 5840 ewusbnet - ok
13:40:47.0581 5840 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
13:40:47.0608 5840 ew_hwusbdev - ok
13:40:47.0621 5840 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:40:47.0678 5840 exfat - ok
13:40:47.0692 5840 ezSharedSvc - ok
13:40:47.0722 5840 Fabs - ok
13:40:47.0743 5840 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:40:47.0780 5840 fastfat - ok
13:40:47.0812 5840 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:40:47.0847 5840 Fax - ok
13:40:47.0860 5840 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:40:47.0881 5840 fdc - ok
13:40:47.0903 5840 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:40:47.0940 5840 fdPHost - ok
13:40:47.0952 5840 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:40:47.0979 5840 FDResPub - ok
13:40:47.0991 5840 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:40:48.0001 5840 FileInfo - ok
13:40:48.0013 5840 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:40:48.0050 5840 Filetrace - ok
13:40:48.0075 5840 [ 73FBB50C4D92ADC30A9D57A269489A0B ] FiltUSBEMPIA C:\Windows\system32\DRIVERS\emFilter64.sys
13:40:48.0092 5840 FiltUSBEMPIA ( UnsignedFile.Multi.Generic ) - warning
13:40:48.0092 5840 FiltUSBEMPIA - detected UnsignedFile.Multi.Generic (1)
13:40:48.0166 5840 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
13:40:48.0213 5840 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
13:40:48.0213 5840 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
13:40:48.0237 5840 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:40:48.0253 5840 flpydisk - ok
13:40:48.0276 5840 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:40:48.0290 5840 FltMgr - ok
13:40:48.0338 5840 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:40:48.0380 5840 FontCache - ok
13:40:48.0414 5840 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:40:48.0421 5840 FontCache3.0.0.0 - ok
13:40:48.0490 5840 [ B60DF5324D7EA0C8017F4C5331962D59 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
13:40:48.0525 5840 ForceWare Intelligent Application Manager (IAM) - ok
13:40:48.0534 5840 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:40:48.0546 5840 FsDepends - ok
13:40:48.0559 5840 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:40:48.0568 5840 Fs_Rec - ok
13:40:48.0599 5840 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:40:48.0613 5840 fvevol - ok
13:40:48.0636 5840 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:40:48.0645 5840 gagp30kx - ok
13:40:48.0671 5840 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:40:48.0721 5840 gpsvc - ok
13:40:48.0750 5840 [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
13:40:48.0758 5840 grmnusb - ok
13:40:48.0804 5840 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:40:48.0829 5840 gupdate - ok
13:40:48.0840 5840 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:40:48.0857 5840 gupdatem - ok
13:40:48.0896 5840 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon C:\Windows\system32\drivers\hcmon.sys
13:40:48.0909 5840 hcmon - ok
13:40:48.0937 5840 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:40:48.0974 5840 hcw85cir - ok
13:40:49.0009 5840 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:40:49.0032 5840 HdAudAddService - ok
13:40:49.0045 5840 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:40:49.0071 5840 HDAudBus - ok
13:40:49.0088 5840 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:40:49.0111 5840 HidBatt - ok
13:40:49.0125 5840 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:40:49.0149 5840 HidBth - ok
13:40:49.0163 5840 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:40:49.0186 5840 HidIr - ok
13:40:49.0206 5840 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:40:49.0242 5840 hidserv - ok
13:40:49.0288 5840 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:40:49.0298 5840 HidUsb - ok
13:40:49.0322 5840 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:40:49.0402 5840 hkmsvc - ok
13:40:49.0427 5840 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:40:49.0453 5840 HomeGroupListener - ok
13:40:49.0472 5840 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:40:49.0494 5840 HomeGroupProvider - ok
13:40:49.0509 5840 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:40:49.0521 5840 HpSAMD - ok
13:40:49.0542 5840 HSPADataCardusbmdm - ok
13:40:49.0547 5840 HSPADataCardusbnmea - ok
13:40:49.0558 5840 HSPADataCardusbser - ok
13:40:49.0601 5840 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:40:49.0666 5840 HTTP - ok
13:40:49.0686 5840 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
13:40:49.0700 5840 huawei_enumerator - ok
13:40:49.0724 5840 [ 4B80AF36EE9F31361C1DCB2EE563719A ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:40:49.0765 5840 hwdatacard - ok
13:40:49.0788 5840 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:40:49.0797 5840 hwpolicy - ok
13:40:49.0861 5840 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:40:49.0872 5840 i8042prt - ok
13:40:49.0900 5840 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:40:49.0914 5840 iaStorV - ok
13:40:49.0971 5840 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:40:49.0988 5840 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:40:49.0988 5840 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:40:50.0030 5840 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:40:50.0063 5840 idsvc - ok
13:40:50.0091 5840 [ AC9EBDE25DB39A35E1CEB0441BA7A464 ] IGDCTRL C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
13:40:50.0100 5840 IGDCTRL - ok
13:40:50.0118 5840 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:40:50.0130 5840 iirsp - ok
13:40:50.0159 5840 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:40:50.0210 5840 IKEEXT - ok
13:40:50.0325 5840 [ 91ED47813243B455E2D81115A8255F0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:40:50.0414 5840 IntcAzAudAddService - ok
13:40:50.0426 5840 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:40:50.0434 5840 intelide - ok
13:40:50.0450 5840 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:40:50.0465 5840 intelppm - ok
13:40:50.0482 5840 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:40:50.0522 5840 IPBusEnum - ok
13:40:50.0540 5840 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:40:50.0604 5840 IpFilterDriver - ok
13:40:50.0636 5840 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:40:50.0677 5840 iphlpsvc - ok
13:40:50.0693 5840 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:40:50.0703 5840 IPMIDRV - ok
13:40:50.0720 5840 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:40:50.0760 5840 IPNAT - ok
13:40:50.0775 5840 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:40:50.0845 5840 IRENUM - ok
13:40:50.0859 5840 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:40:50.0873 5840 isapnp - ok
13:40:50.0893 5840 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:40:50.0913 5840 iScsiPrt - ok
13:40:50.0933 5840 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:40:50.0947 5840 kbdclass - ok
13:40:50.0962 5840 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:40:50.0986 5840 kbdhid - ok
13:40:51.0001 5840 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:40:51.0011 5840 KeyIso - ok
13:40:51.0028 5840 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:40:51.0038 5840 KSecDD - ok
13:40:51.0053 5840 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:40:51.0064 5840 KSecPkg - ok
13:40:51.0088 5840 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:40:51.0148 5840 ksthunk - ok
13:40:51.0180 5840 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:40:51.0217 5840 KtmRm - ok
13:40:51.0248 5840 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:40:51.0325 5840 LanmanServer - ok
13:40:51.0352 5840 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:40:51.0394 5840 LanmanWorkstation - ok
13:40:51.0442 5840 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:40:51.0453 5840 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:40:51.0454 5840 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:40:51.0488 5840 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:40:51.0551 5840 lltdio - ok
13:40:51.0570 5840 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:40:51.0611 5840 lltdsvc - ok
13:40:51.0628 5840 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:40:51.0655 5840 lmhosts - ok
13:40:51.0676 5840 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:40:51.0686 5840 LSI_FC - ok
13:40:51.0699 5840 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:40:51.0709 5840 LSI_SAS - ok
13:40:51.0726 5840 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:40:51.0735 5840 LSI_SAS2 - ok
13:40:51.0744 5840 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:40:51.0754 5840 LSI_SCSI - ok
13:40:51.0769 5840 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:40:51.0810 5840 luafv - ok
13:40:51.0837 5840 massfilter - ok
13:40:51.0854 5840 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:40:51.0876 5840 Mcx2Svc - ok
13:40:51.0897 5840 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:40:51.0906 5840 megasas - ok
13:40:51.0930 5840 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:40:51.0942 5840 MegaSR - ok
13:40:52.0014 5840 Microsoft SharePoint Workspace Audit Service - ok
13:40:52.0036 5840 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:40:52.0107 5840 MMCSS - ok
13:40:52.0124 5840 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:40:52.0161 5840 Modem - ok
13:40:52.0176 5840 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:40:52.0199 5840 monitor - ok
13:40:52.0219 5840 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:40:52.0229 5840 mouclass - ok
13:40:52.0272 5840 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:40:52.0304 5840 mouhid - ok
13:40:52.0326 5840 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:40:52.0341 5840 mountmgr - ok
13:40:52.0403 5840 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:40:52.0426 5840 MozillaMaintenance - ok
13:40:52.0442 5840 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:40:52.0459 5840 mpio - ok
13:40:52.0478 5840 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:40:52.0518 5840 mpsdrv - ok
13:40:52.0545 5840 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:40:52.0594 5840 MpsSvc - ok
13:40:52.0621 5840 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:40:52.0661 5840 MRxDAV - ok
13:40:52.0681 5840 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:40:52.0715 5840 mrxsmb - ok
13:40:52.0738 5840 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:40:52.0767 5840 mrxsmb10 - ok
13:40:52.0798 5840 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:40:52.0811 5840 mrxsmb20 - ok
13:40:52.0822 5840 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:40:52.0833 5840 msahci - ok
13:40:52.0847 5840 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:40:52.0860 5840 msdsm - ok
13:40:52.0878 5840 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:40:52.0909 5840 MSDTC - ok
13:40:52.0940 5840 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:40:52.0973 5840 Msfs - ok
13:40:52.0989 5840 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:40:53.0026 5840 mshidkmdf - ok
13:40:53.0041 5840 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:40:53.0050 5840 msisadrv - ok
13:40:53.0080 5840 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:40:53.0110 5840 MSiSCSI - ok
13:40:53.0114 5840 msiserver - ok
13:40:53.0142 5840 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:40:53.0170 5840 MSKSSRV - ok
13:40:53.0183 5840 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:40:53.0222 5840 MSPCLOCK - ok
13:40:53.0235 5840 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:40:53.0275 5840 MSPQM - ok
13:40:53.0300 5840 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:40:53.0314 5840 MsRPC - ok
13:40:53.0327 5840 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:40:53.0336 5840 mssmbios - ok
13:40:53.0349 5840 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:40:53.0390 5840 MSTEE - ok
13:40:53.0394 5840 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:40:53.0403 5840 MTConfig - ok
13:40:53.0421 5840 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:40:53.0430 5840 Mup - ok
13:40:53.0450 5840 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:40:53.0489 5840 napagent - ok
13:40:53.0522 5840 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:40:53.0544 5840 NativeWifiP - ok
13:40:53.0573 5840 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:40:53.0596 5840 NDIS - ok
13:40:53.0613 5840 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:40:53.0641 5840 NdisCap - ok
13:40:53.0658 5840 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:40:53.0686 5840 NdisTapi - ok
13:40:53.0712 5840 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:40:53.0740 5840 Ndisuio - ok
13:40:53.0762 5840 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:53.0797 5840 NdisWan - ok
13:40:53.0818 5840 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:40:53.0898 5840 NDProxy - ok
13:40:53.0931 5840 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:40:53.0972 5840 NetBIOS - ok
13:40:53.0997 5840 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:40:54.0037 5840 NetBT - ok
13:40:54.0051 5840 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:40:54.0061 5840 Netlogon - ok
13:40:54.0087 5840 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:40:54.0133 5840 Netman - ok
13:40:54.0154 5840 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:40:54.0199 5840 netprofm - ok
13:40:54.0230 5840 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:40:54.0238 5840 NetTcpPortSharing - ok
13:40:54.0264 5840 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:40:54.0273 5840 nfrd960 - ok
13:40:54.0305 5840 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:40:54.0334 5840 NlaSvc - ok
13:40:54.0349 5840 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:40:54.0376 5840 Npfs - ok
13:40:54.0388 5840 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:40:54.0415 5840 nsi - ok
13:40:54.0419 5840 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:40:54.0457 5840 nsiproxy - ok
13:40:54.0484 5840 [ 6324EEF641C2B6D1B7EC423850B10F82 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
13:40:54.0494 5840 nSvcIp - ok
13:40:54.0535 5840 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:40:54.0570 5840 Ntfs - ok
13:40:54.0582 5840 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:40:54.0615 5840 Null - ok
13:40:54.0646 5840 [ BD25E03EAD63AC3365F25175B4DBD56A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
13:40:54.0659 5840 NVNET - ok
13:40:54.0683 5840 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:40:54.0693 5840 nvraid - ok
13:40:54.0712 5840 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:40:54.0723 5840 nvstor - ok
13:40:54.0742 5840 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
13:40:54.0752 5840 nvstor64 - ok
13:40:54.0775 5840 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:40:54.0785 5840 nv_agp - ok
13:40:54.0808 5840 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:40:54.0847 5840 ohci1394 - ok
13:40:54.0895 5840 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:40:54.0909 5840 ose - ok
13:40:55.0024 5840 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:40:55.0098 5840 osppsvc - ok
13:40:55.0128 5840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:40:55.0162 5840 p2pimsvc - ok
13:40:55.0180 5840 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:40:55.0196 5840 p2psvc - ok
13:40:55.0220 5840 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:40:55.0230 5840 Parport - ok
13:40:55.0255 5840 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:40:55.0265 5840 partmgr - ok
13:40:55.0278 5840 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:40:55.0302 5840 PcaSvc - ok
13:40:55.0324 5840 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:40:55.0335 5840 pci - ok
13:40:55.0357 5840 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:40:55.0366 5840 pciide - ok
13:40:55.0386 5840 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:40:55.0397 5840 pcmcia - ok
13:40:55.0408 5840 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:40:55.0417 5840 pcw - ok
13:40:55.0436 5840 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:40:55.0483 5840 PEAUTH - ok
13:40:55.0569 5840 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:40:55.0611 5840 PeerDistSvc - ok
13:40:55.0678 5840 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:40:55.0711 5840 PerfHost - ok
13:40:55.0765 5840 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:40:55.0830 5840 pla - ok
13:40:55.0856 5840 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:40:55.0878 5840 PlugPlay - ok
13:40:55.0903 5840 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:40:55.0922 5840 PNRPAutoReg - ok
13:40:55.0945 5840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:40:55.0957 5840 PNRPsvc - ok
13:40:55.0979 5840 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:40:56.0026 5840 PolicyAgent - ok
13:40:56.0053 5840 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:40:56.0089 5840 Power - ok
13:40:56.0116 5840 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:40:56.0144 5840 PptpMiniport - ok
13:40:56.0167 5840 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:40:56.0184 5840 Processor - ok
13:40:56.0211 5840 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:40:56.0236 5840 ProfSvc - ok
13:40:56.0243 5840 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:40:56.0252 5840 ProtectedStorage - ok
13:40:56.0279 5840 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:40:56.0315 5840 Psched - ok
13:40:56.0346 5840 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:40:56.0379 5840 ql2300 - ok
13:40:56.0394 5840 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:40:56.0404 5840 ql40xx - ok
13:40:56.0425 5840 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:40:56.0449 5840 QWAVE - ok
13:40:56.0467 5840 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:40:56.0480 5840 QWAVEdrv - ok
13:40:56.0627 5840 [ 138F7963118EC710C348819C08F72230 ] Radio.fx c:\Programme_2\SWR_Radio_Recorder\Server\rfx-server.exe
13:40:56.0681 5840 Radio.fx - ok
13:40:56.0728 5840 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
13:40:56.0739 5840 RapiMgr - ok
13:40:56.0762 5840 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:40:56.0829 5840 RasAcd - ok
13:40:56.0851 5840 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:40:56.0879 5840 RasAgileVpn - ok
13:40:56.0900 5840 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:40:56.0929 5840 RasAuto - ok
13:40:56.0944 5840 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:40:56.0984 5840 Rasl2tp - ok
13:40:57.0004 5840 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:40:57.0049 5840 RasMan - ok
13:40:57.0071 5840 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:40:57.0109 5840 RasPppoe - ok
13:40:57.0130 5840 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:40:57.0168 5840 RasSstp - ok
13:40:57.0189 5840 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:40:57.0233 5840 rdbss - ok
13:40:57.0247 5840 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:40:57.0259 5840 rdpbus - ok
13:40:57.0268 5840 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:40:57.0295 5840 RDPCDD - ok
13:40:57.0321 5840 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:40:57.0339 5840 RDPDR - ok
13:40:57.0358 5840 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:40:57.0425 5840 RDPENCDD - ok
13:40:57.0443 5840 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:40:57.0469 5840 RDPREFMP - ok
13:40:57.0510 5840 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:40:57.0538 5840 RdpVideoMiniport - ok
13:40:57.0563 5840 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:40:57.0599 5840 RDPWD - ok
13:40:57.0619 5840 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:40:57.0637 5840 rdyboost - ok
13:40:57.0655 5840 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:40:57.0693 5840 RemoteAccess - ok
13:40:57.0717 5840 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:40:57.0786 5840 RemoteRegistry - ok
13:40:57.0837 5840 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
13:40:57.0866 5840 rpcapd - ok
13:40:57.0903 5840 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:40:58.0013 5840 RpcEptMapper - ok
13:40:58.0024 5840 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:40:58.0043 5840 RpcLocator - ok
13:40:58.0071 5840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:40:58.0102 5840 RpcSs - ok
13:40:58.0131 5840 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:40:58.0165 5840 rspndr - ok
13:40:58.0176 5840 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:40:58.0185 5840 SamSs - ok
13:40:58.0205 5840 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:40:58.0214 5840 sbp2port - ok
13:40:58.0246 5840 [ EECBBF7D76300E5558D316983961FFC1 ] ScanUSBEMPIA C:\Windows\system32\DRIVERS\emScan64.sys
13:40:58.0257 5840 ScanUSBEMPIA ( UnsignedFile.Multi.Generic ) - warning
13:40:58.0257 5840 ScanUSBEMPIA - detected UnsignedFile.Multi.Generic (1)
13:40:58.0281 5840 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:40:58.0324 5840 SCardSvr - ok
13:40:58.0347 5840 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:40:58.0407 5840 scfilter - ok
13:40:58.0434 5840 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:40:58.0486 5840 Schedule - ok
13:40:58.0507 5840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:40:58.0533 5840 SCPolicySvc - ok
13:40:58.0550 5840 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:40:58.0581 5840 SDRSVC - ok
13:40:58.0601 5840 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:40:58.0639 5840 secdrv - ok
13:40:58.0655 5840 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:40:58.0682 5840 seclogon - ok
13:40:58.0690 5840 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:40:58.0719 5840 SENS - ok
13:40:58.0735 5840 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:40:58.0765 5840 SensrSvc - ok
13:40:58.0797 5840 [ 9F6490423AC3271E84A90A0DD9D30A3B ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
13:40:58.0823 5840 Ser2pl - ok
13:40:58.0852 5840 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:40:58.0888 5840 Serenum - ok
13:40:58.0906 5840 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:40:58.0929 5840 Serial - ok
13:40:58.0946 5840 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:40:58.0966 5840 sermouse - ok
13:40:58.0992 5840 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:40:59.0030 5840 SessionEnv - ok
13:40:59.0050 5840 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:40:59.0076 5840 sffdisk - ok
13:40:59.0084 5840 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:40:59.0105 5840 sffp_mmc - ok
13:40:59.0117 5840 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:40:59.0134 5840 sffp_sd - ok
13:40:59.0151 5840 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:40:59.0160 5840 sfloppy - ok
13:40:59.0180 5840 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:40:59.0220 5840 SharedAccess - ok
13:40:59.0242 5840 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:40:59.0279 5840 ShellHWDetection - ok
13:40:59.0293 5840 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:40:59.0302 5840 SiSRaid2 - ok
13:40:59.0312 5840 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:40:59.0322 5840 SiSRaid4 - ok
13:40:59.0346 5840 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:40:59.0374 5840 Smb - ok
13:40:59.0411 5840 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:40:59.0458 5840 SNMPTRAP - ok
13:40:59.0474 5840 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:40:59.0488 5840 spldr - ok
13:40:59.0514 5840 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:40:59.0555 5840 Spooler - ok
13:40:59.0652 5840 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:40:59.0737 5840 sppsvc - ok
13:40:59.0750 5840 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:40:59.0793 5840 sppuinotify - ok
13:40:59.0824 5840 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:40:59.0850 5840 srv - ok
13:40:59.0874 5840 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:40:59.0902 5840 srv2 - ok
13:40:59.0922 5840 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:40:59.0941 5840 srvnet - ok
13:40:59.0972 5840 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:41:00.0011 5840 SSDPSRV - ok
13:41:00.0025 5840 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:41:00.0053 5840 SstpSvc - ok
13:41:00.0069 5840 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:41:00.0078 5840 stexstor - ok
13:41:00.0110 5840 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:41:00.0139 5840 stisvc - ok
13:41:00.0159 5840 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:41:00.0168 5840 swenum - ok
13:41:00.0190 5840 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:41:00.0232 5840 swprv - ok
13:41:00.0252 5840 Synth3dVsc - ok
13:41:00.0290 5840 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:41:00.0337 5840 SysMain - ok
13:41:00.0357 5840 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:41:00.0372 5840 TabletInputService - ok
13:41:00.0387 5840 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:41:00.0424 5840 TapiSrv - ok
13:41:00.0444 5840 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:41:00.0509 5840 TBS - ok
13:41:00.0571 5840 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:41:00.0622 5840 Tcpip - ok
13:41:00.0644 5840 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:41:00.0675 5840 TCPIP6 - ok
13:41:00.0705 5840 [ 1A95043750E359F993154EF8559BE518 ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys
13:41:00.0718 5840 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
13:41:00.0718 5840 tcpipBM - detected UnsignedFile.Multi.Generic (1)
13:41:00.0736 5840 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:41:00.0770 5840 tcpipreg - ok
13:41:00.0797 5840 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:41:00.0819 5840 TDPIPE - ok
13:41:00.0837 5840 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:41:00.0873 5840 TDTCP - ok
13:41:00.0904 5840 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:41:00.0945 5840 tdx - ok
13:41:00.0967 5840 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:41:00.0976 5840 TermDD - ok
13:41:00.0994 5840 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:41:01.0043 5840 TermService - ok
13:41:01.0106 5840 [ 42A267904416DBEB1DA0295D9042BF0D ] TGCM_ImportWiFiSvc C:\Programme_3\Mobile Partner\Mobile Connection Manager\ImpWiFiSvc.exe
13:41:01.0136 5840 TGCM_ImportWiFiSvc - ok
13:41:01.0165 5840 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:41:01.0195 5840 Themes - ok
13:41:01.0218 5840 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:41:01.0254 5840 THREADORDER - ok
13:41:01.0261 5840 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:41:01.0300 5840 TrkWks - ok
13:41:01.0373 5840 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
13:41:01.0399 5840 truecrypt - ok
13:41:01.0445 5840 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:41:01.0500 5840 TrustedInstaller - ok
13:41:01.0531 5840 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:41:01.0557 5840 tssecsrv - ok
13:41:01.0578 5840 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:41:01.0598 5840 TsUsbFlt - ok
13:41:01.0601 5840 tsusbhub - ok
13:41:01.0633 5840 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:41:01.0673 5840 tunnel - ok
13:41:01.0694 5840 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:41:01.0703 5840 uagp35 - ok
13:41:01.0720 5840 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:41:01.0750 5840 udfs - ok
13:41:01.0763 5840 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:41:01.0786 5840 UI0Detect - ok
13:41:01.0802 5840 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:41:01.0811 5840 uliagpkx - ok
13:41:01.0838 5840 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:41:01.0856 5840 umbus - ok
13:41:01.0870 5840 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:41:01.0889 5840 UmPass - ok
13:41:01.0914 5840 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:41:01.0936 5840 UmRdpService - ok
13:41:01.0957 5840 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:41:01.0995 5840 upnphost - ok
13:41:02.0056 5840 [ D4531B9B73B990DC53B4A765E3BD070A ] UPnPService C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
13:41:02.0080 5840 UPnPService ( UnsignedFile.Multi.Generic ) - warning
13:41:02.0080 5840 UPnPService - detected UnsignedFile.Multi.Generic (1)
13:41:02.0104 5840 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:41:02.0135 5840 usbccgp - ok
13:41:02.0161 5840 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:41:02.0182 5840 usbcir - ok
13:41:02.0208 5840 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:41:02.0233 5840 usbehci - ok
13:41:02.0269 5840 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:41:02.0295 5840 usbhub - ok
13:41:02.0312 5840 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:41:02.0334 5840 usbohci - ok
13:41:02.0366 5840 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:41:02.0380 5840 usbprint - ok
13:41:02.0412 5840 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:41:02.0426 5840 usbscan - ok
13:41:02.0444 5840 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:41:02.0488 5840 USBSTOR - ok
13:41:02.0509 5840 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:41:02.0534 5840 usbuhci - ok
13:41:02.0559 5840 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
13:41:02.0577 5840 usb_rndisx - ok
13:41:02.0592 5840 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:41:02.0649 5840 UxSms - ok
13:41:02.0659 5840 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:41:02.0669 5840 VaultSvc - ok
13:41:02.0698 5840 [ 81952471021F6A6F56DDA6ED6B5DD638 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
13:41:02.0709 5840 VBoxDrv - ok
13:41:02.0736 5840 [ C9F86AEB504355541EC9820E3155E253 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:41:02.0746 5840 VBoxNetAdp - ok
13:41:02.0763 5840 [ 64715CE639D05D753BCD86F5ABF4D82A ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
13:41:02.0773 5840 VBoxNetFlt - ok
13:41:02.0792 5840 [ EDEB78B6A969107A66A5AF145AC0A43F ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
13:41:02.0801 5840 VBoxUSBMon - ok
13:41:02.0822 5840 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:41:02.0832 5840 vdrvroot - ok
13:41:02.0859 5840 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:41:02.0892 5840 vds - ok
13:41:02.0911 5840 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:41:02.0922 5840 vga - ok
13:41:02.0935 5840 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:41:02.0968 5840 VgaSave - ok
13:41:02.0971 5840 VGPU - ok
13:41:03.0012 5840 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:41:03.0043 5840 vhdmp - ok
13:41:03.0055 5840 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:41:03.0065 5840 viaide - ok
13:41:03.0128 5840 [ 3ACCF0C817A2BB34EFBFB72B57B00252 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
13:41:03.0138 5840 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
13:41:03.0138 5840 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
13:41:03.0176 5840 [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci C:\Windows\system32\DRIVERS\vmci.sys
13:41:03.0203 5840 vmci - ok
13:41:03.0234 5840 [ ED82D26B5E26542615483B8BED77D826 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
13:41:03.0257 5840 vmkbd - ok
13:41:03.0285 5840 [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
13:41:03.0308 5840 VMnetAdapter - ok
13:41:03.0317 5840 [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
13:41:03.0329 5840 VMnetBridge - ok
13:41:03.0334 5840 VMnetDHCP - ok
13:41:03.0340 5840 [ 94DD802DA1A3BBF7402246CB48CFEA83 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
13:41:03.0348 5840 VMnetuserif - ok
13:41:03.0379 5840 [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
13:41:03.0396 5840 VMUSBArbService - ok
13:41:03.0409 5840 VMware NAT Service - ok
13:41:03.0435 5840 [ 06EB22EA8E451654346EA0F9C56DD795 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
13:41:03.0443 5840 vmx86 - ok
13:41:03.0459 5840 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:41:03.0469 5840 volmgr - ok
13:41:03.0490 5840 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:41:03.0504 5840 volmgrx - ok
13:41:03.0516 5840 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:41:03.0528 5840 volsnap - ok
13:41:03.0547 5840 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:41:03.0559 5840 vsmraid - ok
13:41:03.0597 5840 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:41:03.0654 5840 VSS - ok
13:41:03.0664 5840 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:41:03.0685 5840 vwifibus - ok
13:41:03.0712 5840 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:41:03.0744 5840 W32Time - ok
13:41:03.0755 5840 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:41:03.0765 5840 WacomPen - ok
13:41:03.0797 5840 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:41:03.0838 5840 WANARP - ok
13:41:03.0841 5840 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:41:03.0868 5840 Wanarpv6 - ok
13:41:03.0904 5840 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:41:03.0939 5840 wbengine - ok
13:41:03.0953 5840 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:41:03.0969 5840 WbioSrvc - ok
13:41:04.0001 5840 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
13:41:04.0014 5840 WcesComm - ok
13:41:04.0040 5840 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:41:04.0072 5840 wcncsvc - ok
13:41:04.0094 5840 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:41:04.0110 5840 WcsPlugInService - ok
13:41:04.0129 5840 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:41:04.0137 5840 Wd - ok
13:41:04.0161 5840 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:41:04.0180 5840 Wdf01000 - ok
13:41:04.0194 5840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:41:04.0246 5840 WdiServiceHost - ok
13:41:04.0249 5840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:41:04.0263 5840 WdiSystemHost - ok
13:41:04.0278 5840 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:41:04.0308 5840 WebClient - ok
13:41:04.0334 5840 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:41:04.0379 5840 Wecsvc - ok
13:41:04.0390 5840 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:41:04.0419 5840 wercplsupport - ok
13:41:04.0438 5840 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:41:04.0478 5840 WerSvc - ok
13:41:04.0504 5840 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:41:04.0530 5840 WfpLwf - ok
13:41:04.0567 5840 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
13:41:04.0600 5840 WimFltr - ok
13:41:04.0610 5840 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:41:04.0621 5840 WIMMount - ok
13:41:04.0640 5840 WinDefend - ok
13:41:04.0645 5840 WinHttpAutoProxySvc - ok
13:41:04.0680 5840 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:41:04.0716 5840 Winmgmt - ok
13:41:04.0761 5840 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:41:04.0826 5840 WinRM - ok
13:41:04.0860 5840 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:41:04.0872 5840 WinUsb - ok
13:41:04.0897 5840 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:41:04.0935 5840 Wlansvc - ok
13:41:04.0987 5840 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:41:05.0005 5840 wlcrasvc - ok
13:41:05.0100 5840 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:41:05.0147 5840 wlidsvc - ok
13:41:05.0165 5840 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:41:05.0185 5840 WmiAcpi - ok
13:41:05.0213 5840 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:41:05.0236 5840 wmiApSrv - ok
13:41:05.0255 5840 WMPNetworkSvc - ok
13:41:05.0273 5840 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:41:05.0309 5840 WPCSvc - ok
13:41:05.0335 5840 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:41:05.0354 5840 WPDBusEnum - ok
13:41:05.0368 5840 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:41:05.0416 5840 ws2ifsl - ok
13:41:05.0431 5840 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:41:05.0455 5840 wscsvc - ok
13:41:05.0458 5840 WSearch - ok
13:41:05.0526 5840 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:41:05.0579 5840 wuauserv - ok
13:41:05.0585 5840 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:41:05.0621 5840 WudfPf - ok
13:41:05.0649 5840 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:41:05.0677 5840 WUDFRd - ok
13:41:05.0700 5840 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:41:05.0728 5840 wudfsvc - ok
13:41:05.0747 5840 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:41:05.0771 5840 WwanSvc - ok
13:41:05.0806 5840 ================ Scan global ===============================
13:41:05.0823 5840 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:41:05.0848 5840 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:41:05.0854 5840 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:41:05.0877 5840 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:41:05.0890 5840 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:41:05.0893 5840 [Global] - ok
13:41:05.0893 5840 ================ Scan MBR ==================================
13:41:05.0902 5840 [ 9C21F523E72C7EDF0A4D5F9DDDCC5E3C ] \Device\Harddisk0\DR0
13:41:06.0323 5840 \Device\Harddisk0\DR0 - ok
13:41:06.0329 5840 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:41:06.0394 5840 \Device\Harddisk1\DR1 - ok
13:41:06.0395 5840 ================ Scan VBR ==================================
13:41:06.0401 5840 [ B204E7587E111E1E76D2BF621282A78E ] \Device\Harddisk0\DR0\Partition1
13:41:06.0404 5840 \Device\Harddisk0\DR0\Partition1 - ok
13:41:06.0434 5840 [ 42E14FB7A415F5592A5E44542A41C82F ] \Device\Harddisk0\DR0\Partition2
13:41:06.0436 5840 \Device\Harddisk0\DR0\Partition2 - ok
13:41:06.0440 5840 [ 38866739674B484280F7886D7B8089BD ] \Device\Harddisk0\DR0\Partition3
13:41:06.0442 5840 \Device\Harddisk0\DR0\Partition3 - ok
13:41:06.0475 5840 [ 6778F1A5888ACEED9A4BB741FA58BCEE ] \Device\Harddisk0\DR0\Partition4
13:41:06.0477 5840 \Device\Harddisk0\DR0\Partition4 - ok
13:41:06.0481 5840 [ 85110CB5024EB33D3E7E4C01E34E30C1 ] \Device\Harddisk1\DR1\Partition1
13:41:06.0482 5840 \Device\Harddisk1\DR1\Partition1 - ok
13:41:06.0485 5840 [ A3C595FA7BBDBB179B52029EE1DB0F34 ] \Device\Harddisk1\DR1\Partition2
13:41:06.0486 5840 \Device\Harddisk1\DR1\Partition2 - ok
13:41:06.0491 5840 [ D5AC47FE62C84BECFC83744781E08A54 ] \Device\Harddisk1\DR1\Partition3
13:41:06.0493 5840 \Device\Harddisk1\DR1\Partition3 - ok
13:41:06.0498 5840 [ B8EA249288B2D3F75D867AAF63B31980 ] \Device\Harddisk1\DR1\Partition4
13:41:06.0499 5840 \Device\Harddisk1\DR1\Partition4 - ok
13:41:06.0501 5840 ============================================================
13:41:06.0501 5840 Scan finished
13:41:06.0501 5840 ============================================================
13:41:06.0517 0436 Detected object count: 10
13:41:06.0517 0436 Actual detected object count: 10
13:42:20.0090 0436 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
13:42:20.0090 0436 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:42:20.0094 0436 DCamUSBEMPIA ( UnsignedFile.Multi.Generic ) - skipped by user
13:42:20.0094 0436 DCamUSBEMPIA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:42:20.0101 0436 FiltUSBEMPIA ( UnsignedFile.Multi.Generic ) - skipped by user
13:42:20.0101 0436 FiltUSBEMPIA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:42:20.0105 0436 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
13:42:20.0105 0436 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:42:20.0108 0436 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:42:20.0109 0436 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:42:20.0111 0436 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:42:20.0111 0436 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:42:20.0113 0436 ScanUSBEMPIA ( UnsignedFile.Multi.Generic ) - skipped by user
13:42:20.0113 0436 ScanUSBEMPIA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:42:20.0115 0436 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
13:42:20.0115 0436 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:42:20.0117 0436 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
13:42:20.0117 0436 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:42:20.0118 0436 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
13:42:20.0118 0436 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:42:46.0162 3160 Deinitialize success
|
|
05.09.2012, 15:05
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt Nein diese Dinger sind ok Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.09.2012, 15:58
| #23 |
| | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt Combo-Fix hat geschafft, hier das log: Code:
ATTFilter ComboFix 12-09-05.01 - Stephan 05.09.2012 16:38:13.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.6143.4707 [GMT 2:00]
ausgeführt von:: c:\users\Stephan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
c:\users\Stephan\AppData\Local\assembly\tmp
c:\users\Stephan\AppData\Local\Temp\_MEI37242\_ctypes.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\_elementtree.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\_hashlib.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\_socket.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\_ssl.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\pyexpat.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\pysqlite2._sqlite.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\python26.dll
c:\users\Stephan\AppData\Local\Temp\_MEI37242\pythoncom26.dll
c:\users\Stephan\AppData\Local\Temp\_MEI37242\PyWinTypes26.dll
c:\users\Stephan\AppData\Local\Temp\_MEI37242\select.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\unicodedata.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\win32api.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\win32com.shell.shell.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\win32crypt.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\win32event.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\win32file.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\win32inet.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\win32pdh.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\win32process.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\windows._cacheinvalidation.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wx._controls_.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wx._core_.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wx._gdi_.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wx._html2.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wx._misc_.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wx._windows_.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wx._wizard.pyd
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wxbase293u_net_vc.dll
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wxbase293u_vc.dll
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wxmsw293u_adv_vc.dll
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wxmsw293u_core_vc.dll
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wxmsw293u_html_vc.dll
c:\users\Stephan\AppData\Local\Temp\_MEI37242\wxmsw293u_webview_vc.dll
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-05 bis 2012-09-05 ))))))))))))))))))))))))))))))
.
.
2012-09-05 14:42 . 2012-09-05 14:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-05 06:45 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD6B33FD-B322-417A-BDFC-F34143B7FFFD}\mpengine.dll
2012-09-04 19:52 . 2012-09-04 19:52 -------- d-----w- C:\_OTL
2012-09-01 18:07 . 2012-09-01 18:07 -------- d-----w- c:\program files (x86)\ESET
2012-08-31 19:58 . 2012-08-31 19:58 -------- d-----w- c:\users\Stephan\AppData\Roaming\Malwarebytes
2012-08-31 19:58 . 2012-08-31 19:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-31 19:58 . 2012-08-31 19:58 -------- d-----w- c:\programdata\Malwarebytes
2012-08-31 19:58 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 12:15 . 2012-08-30 12:15 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-30 12:15 . 2012-08-30 12:15 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-30 12:15 . 2012-08-30 12:15 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-26 10:12 . 2012-08-26 10:12 -------- d-----w- c:\users\Stephan\.MakeMKV
2012-08-26 09:58 . 2012-08-30 12:22 -------- d-----w- c:\users\Stephan\AppData\Roaming\vlc
2012-08-26 09:13 . 2012-08-26 09:13 -------- d-----w- c:\programdata\DVD Shrink
2012-08-26 08:18 . 2012-08-26 10:01 -------- d-----w- c:\users\Stephan\AppData\Roaming\dvdcss
2012-08-16 11:18 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-16 11:12 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-16 11:12 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 11:12 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-16 11:12 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-16 11:12 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-16 11:12 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 11:12 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-16 11:12 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-16 11:11 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-16 11:11 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-16 11:11 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 20:19 . 2012-08-15 20:19 -------- d-----w- c:\users\Default\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 12:11 . 2012-04-09 15:52 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 12:11 . 2011-05-16 07:28 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 11:19 . 2011-02-01 18:21 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-09 05:43 . 2012-07-14 12:14 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-05-08 18:21 208096 ----a-w- c:\users\Stephan\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-05-08 18:21 208096 ----a-w- c:\users\Stephan\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-05-08 18:21 208096 ----a-w- c:\users\Stephan\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\programme_3\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-16 348664]
"DataCardMonitor"="c:\programme_3\T-Mobile Internet Manager\DataCardMonitor.exe" [2012-07-15 253952]
"UVS11 Preload"="c:\programme_3\Ulead VideoStudio 11 SE DVD\uvPL.exe" [2007-04-12 341488]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
.
c:\users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
OUTLOOK.EXE - Verknüpfung.lnk - c:\program files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2012-2-17 15963936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 116648]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2011-05-31 415744]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 116648]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-30 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2009-12-15 16512]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-14 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-14 130864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-22 203776]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 88888]
S2 Radio.fx;Radio.fx Server;c:\programme_2\SWR_Radio_Recorder\Server\rfx-server.exe [2011-11-18 3673944]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\programme_3\Mobile Partner\Mobile Connection Manager\ImpWiFiSvc.exe [2012-01-10 201344]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-22 9319424]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-22 303616]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 86016]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-14 147248]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-14 166192]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 17:03]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-15 17:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-05-08 18:21 232672 ----a-w- c:\users\Stephan\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-05-08 18:21 232672 ----a-w- c:\users\Stephan\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-05-08 18:21 232672 ----a-w- c:\users\Stephan\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.parkettschleicher.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Stephan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{0CE0C407-89DD-4652-B1A5-AF523B859E17}: NameServer = 10.111.81.129 10.129.32.1
TCP: Interfaces\{57D3B3ED-876C-491D-907B-817BAF551868}: NameServer = 10.74.210.210 10.74.210.211
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\yd8ecxu8.default\
FF - prefs.js: browser.startup.homepage - parkettschleicher.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-vspdfprsrv.exe - c:\program files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
Wow6432Node-HKLM-Run-VMware hqtray - c:\program files (x86)\VMware\VMware Player\hqtray.exe
Wow6432Node-HKLM-Run-Microsoft Default Manager - c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
Wow6432Node-HKLM-Run-eXPertPDF OLR - c:\progra~2\BVRPSO~1\EXPERT~1\BVRPOlr.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-RouteConverter - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-05 16:48:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-05 14:48
.
Vor Suchlauf: 15 Verzeichnis(se), 459.411.382.272 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 459.249.074.176 Bytes frei
.
- - End Of File - - 486AD1C0A216F579518685F10E104243
|
|
06.09.2012, 10:16
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.09.2012, 12:51
| #25 |
| | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt 1) GMER - habe ich zweimal durchlaufen lassen, laut Anzeige ohne Fund; ein log war jedoch nicht kopierbar oder speicherbar 2) OSAM hat ein log erbracht: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:08:34 on 06.09.2012 OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLCFG32.CPL "QuickTime" - "Apple Computer, Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys (File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys "Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "HSPADataCard Diagnostic Port" (HSPADataCardusbser) - ? - C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys (File not found) "HSPADataCard NMEA Port" (HSPADataCardusbnmea) - ? - C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys (File not found) "HSPADataCard Proprietary USB Driver" (HSPADataCardusbmdm) - ? - C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys (File not found) "HUAWEI USB-NDIS miniport" (ewusbnet) - ? - C:\Windows\System32\DRIVERS\ewusbnet.sys (File not found) "Mass Storage Filter Driver" (massfilter) - ? - C:\Windows\System32\drivers\massfilter.sys (File not found) "Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys (File not found) "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys "USB 2820 Video" (DCamUSBEMPIA) - "eMPIA Technology, Inc." - C:\Windows\System32\DRIVERS\emDevice64.sys "USB Device Lower Filter" (FiltUSBEMPIA) - "eMPIA Technology, Inc." - C:\Windows\System32\DRIVERS\emFilter64.sys "USB Still Image Capture Device" (ScanUSBEMPIA) - "eMPIA Technology, Inc." - C:\Windows\System32\DRIVERS\emScan64.sys "VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys (File not found) "VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\drivers\hcmon.sys "VMware kbd" (vmkbd) - "VMware, Inc." - C:\Windows\system32\drivers\VMkbd.sys "VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys "VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\drivers\vmx86.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {E54729E8-BB3D-4270-9D49-7389EA579090} "EasyBits ShellExecute Hook" - "EasyBits Software Corp." - C:\Windows\SysWow64\EZUPBH~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL {DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\USIShex.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout64" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- Garmin Communicator Plug-In "Garmin Communicator Plug-In" - ? - (File not found | COM-object registry key not found) / https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_25" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_25.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab {74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\Windows\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {23249465-AA46-4DED-BD4B-8EFB20F968FE} "Do Not Track Plus (c) Abine" - "Abine" - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {6E45F3E8-2683-4824-A6BE-08108022FB36} "Do Not Track Plus" - "Abine" - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OUTLOOK.EXE - Verknüpfung.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Google Calendar Sync.lnk" - "Google" - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Shortcut exists | File exists) "Microsoft Office.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk (Shortcut exists | File not found) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "GoogleDriveSync" - "Google" - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart "HW_OPENEYE_OUC_T-Mobile Internet Manager" - "Huawei Technologies Co., Ltd." - "C:\Programme_3\T-Mobile Internet Manager\UpdateDog\ouc.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "DataCardMonitor" - "Huawei Technologies Co., Ltd." - C:\Programme_3\T-Mobile Internet Manager\DataCardMonitor.exe "Nikon Message Center 2" - "Nikon Corporation" - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "UVS11 Preload" - "InterVideo Digital Technology Corporation" - C:\Programme_3\Ulead VideoStudio 11 SE DVD\uvPL.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "VSP1:" - "Visagesoft" - C:\Windows\system32\vsmon1.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE "Capture Device Service" (Capture Device Service) - "InterVideo Inc." - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe "Easybits Services for Windows" (ezSharedSvc) - ? - C:\Windows\System32\ezSharedSvcHost.exe (File not found) "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe "ForceWare Intelligent Application Manager (IAM)" (ForceWare Intelligent Application Manager (IAM)) - ? - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe "ForceWare IP service" (nSvcIp) - ? - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Radio.fx Server" (Radio.fx) - ? - c:\Programme_2\SWR_Radio_Recorder\Server\rfx-server.exe "Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files (x86)\WinPcap\rpcapd.exe "TGCM_ImportWiFiSvc" (TGCM_ImportWiFiSvc) - "Telefónica" - C:\Programme_3\Mobile Partner\Mobile Connection Manager\ImpWiFiSvc.exe "UPnPService" (UPnPService) - "Magix AG" - C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe "VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe "VMware DHCP Service" (VMnetDHCP) - ? - C:\Windows\system32\vmnetdhcp.exe (File not found) "VMware NAT Service" (VMware NAT Service) - ? - C:\Windows\system32\vmnat.exe (File not found) "VMware USB Arbitration Service" (VMUSBArbService) - "VMware, Inc." - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "VMCI sockets DGRAM" - "VMware, Inc." - C:\Windows\system32\vsocklib.dll "VMCI sockets STREAM" - "VMware, Inc." - C:\Windows\system32\vsocklib.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-06 13:43:26
-----------------------------
13:43:26.183 OS Version: Windows x64 6.1.7601 Service Pack 1
13:43:26.183 Number of processors: 4 586 0x503
13:43:26.183 ComputerName: STEPHAN-HP UserName: Stephan
13:43:27.384 Initialize success
13:43:34.217 AVAST engine defs: 12090600
13:43:35.917 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
13:43:35.933 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
13:43:35.933 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006f
13:43:35.949 Disk 1 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
13:43:35.964 Disk 0 MBR read successfully
13:43:35.964 Disk 0 MBR scan
13:43:35.980 Disk 0 unknown MBR code
13:43:35.980 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:43:35.995 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 539843 MB offset 206848
13:43:35.995 Disk 0 Partition - 00 0F Extended LBA 400000 MB offset 1105805312
13:43:36.027 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13924 MB offset 1925005312
13:43:36.073 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 399999 MB offset 1105807360
13:43:36.120 Disk 0 scanning C:\Windows\system32\drivers
13:43:45.933 Service scanning
13:44:09.426 Modules scanning
13:44:09.426 Disk 0 trace - called modules:
13:44:09.457 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
13:44:09.473 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f7c060]
13:44:09.489 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8005ce5190]
13:44:09.489 5 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa8005ce6060]
13:44:11.127 AVAST engine scan C:\Windows
13:44:14.933 AVAST engine scan C:\Windows\system32
13:44:37.038 Disk 0 MBR has been saved successfully to "C:\Users\Stephan\Desktop\MBR.dat"
13:44:37.038 The log file has been saved successfully to "C:\Users\Stephan\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-06 13:43:26
-----------------------------
13:43:26.183 OS Version: Windows x64 6.1.7601 Service Pack 1
13:43:26.183 Number of processors: 4 586 0x503
13:43:26.183 ComputerName: STEPHAN-HP UserName: Stephan
13:43:27.384 Initialize success
13:43:34.217 AVAST engine defs: 12090600
13:43:35.917 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
13:43:35.933 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
13:43:35.933 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006f
13:43:35.949 Disk 1 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
13:43:35.964 Disk 0 MBR read successfully
13:43:35.964 Disk 0 MBR scan
13:43:35.980 Disk 0 unknown MBR code
13:43:35.980 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:43:35.995 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 539843 MB offset 206848
13:43:35.995 Disk 0 Partition - 00 0F Extended LBA 400000 MB offset 1105805312
13:43:36.027 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13924 MB offset 1925005312
13:43:36.073 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 399999 MB offset 1105807360
13:43:36.120 Disk 0 scanning C:\Windows\system32\drivers
13:43:45.933 Service scanning
13:44:09.426 Modules scanning
13:44:09.426 Disk 0 trace - called modules:
13:44:09.457 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
13:44:09.473 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f7c060]
13:44:09.489 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8005ce5190]
13:44:09.489 5 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa8005ce6060]
13:44:11.127 AVAST engine scan C:\Windows
13:44:14.933 AVAST engine scan C:\Windows\system32
13:44:37.038 Scanning: C:\Windows\system32\FXSRESM.dll sktop\MBR.dat"
13:44:37.038 The log file has been saved successfully to "C:\Users\Stephan\Desktop\aswMBR.txt"
13:45:42.503 Disk 0 MBR has been saved successfully to "C:\Users\Stephan\Desktop\MBR.dat"
13:45:42.519 The log file has been saved successfully to "C:\Users\Stephan\Desktop\aswMBR.txt"
|
|
06.09.2012, 15:25
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.09.2012, 12:58
| #27 |
| | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt Funktioniert leider nicht :-( Habe die Datensicherung gemacht und gefixt, System ist neu gestartet - ohne Probleme. aswMBR ist wieder gestartet und hat abgebrochen mit Problembehandlungsinformation. beim zweiten Durchlauf (dort habe ich nur die Auswahl C: gewählt) ist ein blue screen passiert. Hast du noch was in deiner Trick-Kiste? Als letzten Ausweg müsste ich sonst meine letzte Komplett-Datensicherung vom Systemlaufwerk zurückspielen. Die liegt ca. 8 Wochen zurück. Würde eine Windows-Rücksicherung den Trojaner eliminieren? |
|
09.09.2012, 20:47
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt Hinweise lesen Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.09.2012, 17:46
| #29 |
| | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt Ah jetzt ja! Hier das <none> - log: (nur der neueste Eintrag) Code:
ATTFilter -----------------------------
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-10 18:34:19
-----------------------------
18:34:19.140 OS Version: Windows x64 6.1.7601 Service Pack 1
18:34:19.140 Number of processors: 4 586 0x503
18:34:19.140 ComputerName: STEPHAN-HP UserName: Stephan
18:34:21.308 Initialize success
18:39:33.673 AVAST engine defs: 12091000
18:40:21.299 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
18:40:21.315 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
18:40:21.315 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006f
18:40:21.315 Disk 1 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
18:40:21.331 Disk 0 MBR read successfully
18:40:21.346 Disk 0 MBR scan
18:40:21.362 Disk 0 Windows 7 default MBR code
18:40:21.377 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:40:21.393 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 539843 MB offset 206848
18:40:21.409 Disk 0 Partition - 00 0F Extended LBA 400000 MB offset 1105805312
18:40:21.455 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13924 MB offset 1925005312
18:40:21.502 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 399999 MB offset 1105807360
18:40:21.549 Disk 0 scanning C:\Windows\system32\drivers
18:40:33.998 Service scanning
18:41:01.204 Modules scanning
18:41:01.204 Disk 0 trace - called modules:
18:41:01.220 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
18:41:01.220 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f62060]
18:41:01.235 3 CLASSPNP.SYS[fffff880019b043f] -> nt!IofCallDriver -> [0xfffffa8005b73040]
18:41:01.235 5 ACPI.sys[fffff88000e2f7a1] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa8005b71190]
18:41:01.235 Scan finished successfully
18:43:22.868 Disk 0 MBR has been saved successfully to "C:\Users\Stephan\Desktop\MBR.dat"
18:43:22.883 The log file has been saved successfully to "C:\Users\Stephan\Desktop\aswMBR.txt"
|
|
10.09.2012, 20:40
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt |
| administrator, anti-malware, appdata, autostart, bildschirm, ccleaner, code, dateien, explorer, firefox, gelöscht, gen, gesperrt, gvu - trojaner, gvu; trojaner; ukash, install_0_msi.exe, log, löschen, malwarebytes, microsoft, pup.chromepasswordtool, pup.psw.passfox, pup.wirelessnetworktool, quarantäne, rechner, roaming, speicher, temp, trojaner, update, wireless, zahlung |
Linear-Darstellung
