| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fund nach Wiederherstellung wegen GVU TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.12.2012, 18:56
| #1 |
 |  Fund nach Wiederherstellung wegen GVU Trojaner Moin, nachdem ich heute plötzlich den GVU Trojaner hatte, habe ich das System drei Tage zurückgesetzt und der Sperrbildschirm war wieder weg. Nach einem Scan mit Antimalwarebytes zeigte es mir allerdings einen Fund an. Ich habe alle vorher geforderten Programme ausgeführt...kann mir bitte jemand helfen, was nun entfernt werden muss? PS: Ich habe die GMER Log Datei auf dem Desktop. Die ist aber leider viel zu groß, um sie als CODE zu posten. Danke und Gruß defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:03 on 20/12/2012 (XXX)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 20.12.2012 16:05:24 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXX\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,28% Memory free 5,99 Gb Paging File | 4,51 Gb Available in Paging File | 75,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 150,70 Gb Free Space | 64,71% Space Free | Partition Type: NTFS Computer Name: PC | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.20 16:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 09:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.10.15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2011.08.03 14:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Programme\TightVNC\tvnserver.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.22 12:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFService.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.03.23 14:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2010.03.23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe PRC - [2009.03.02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2007.10.28 10:35:48 | 000,425,984 | ---- | M] (Bao_Nguyen) -- C:\Programme\Switcher\Switcher.exe ========== Modules (No Company Name) ========== MOD - [2012.11.15 16:04:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.15 16:04:23 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.15 16:03:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.15 16:03:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.15 16:03:50 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.15 16:03:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.01.09 19:44:20 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.08.20 12:35:48 | 007,745,536 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2009.08.20 12:35:46 | 002,121,728 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll MOD - [2009.08.20 12:35:46 | 000,135,168 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ========== Services (SafeList) ========== SRV - [2012.12.12 13:05:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.01 22:56:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2012.04.05 17:03:00 | 003,969,336 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.08.03 14:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Programme\TightVNC\tvnserver.exe -- (tvnserver) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.02.22 12:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.08.09 03:04:02 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service) SRV - [2010.03.23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\CHRIST~1\AppData\Local\Temp\pxldapow.sys -- (pxldapow) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.02.19 22:05:41 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.10.15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.09.07 10:18:26 | 000,059,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K) DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.07.08 00:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2011.02.22 12:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon) DRV - [2011.02.22 12:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon) DRV - [2011.02.22 12:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.03.23 14:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2010.01.13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.06.16 13:00:16 | 000,013,312 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\swsetup\sp45138\iscflash.sys -- (iscFlash) DRV - [2009.04.29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2008.10.22 17:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.09.04 17:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 A3 2C CE E7 EC CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.01 15:21:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.01 22:56:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.20 15:55:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.01 22:56:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.20 15:55:39 | 000,000,000 | ---D | M] [2012.02.16 22:34:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2012.12.01 22:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\nlsgw1ek.default\extensions [2012.10.04 11:22:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\nlsgw1ek.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.02.18 22:41:39 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\nlsgw1ek.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012.09.15 12:15:18 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\nlsgw1ek.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2012.12.01 22:56:58 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\nlsgw1ek.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.12.01 22:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.01 15:21:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.12.01 22:56:11 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.15 16:26:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Programme\WOT\WOT.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Programme\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Programme\WOT\WOT.dll () O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Switcher] C:\Program Files\Switcher\Switcher.exe (Bao_Nguyen) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB8CA8A4-A4E3-407F-AA8B-851639DBD9EF}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Programme\WOT\WOT.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.20 16:00:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2012.12.13 00:23:35 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2012.12.01 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.02.28 14:40:50 | 000,317,200 | ---- | C] (AVAST Software) -- C:\Users\XXX\aswclear5.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.20 16:05:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.20 16:03:01 | 000,000,000 | ---- | M] () -- C:\Users\XXX\defogger_reenable [2012.12.20 16:02:28 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.20 16:02:28 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.20 16:01:18 | 000,302,592 | ---- | M] () -- C:\Users\XXX\Desktop\ggxisn62.exe [2012.12.20 16:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2012.12.20 16:00:21 | 000,050,477 | ---- | M] () -- C:\Users\XXX\Desktop\Defogger.exe [2012.12.20 15:58:57 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.12.20 15:58:57 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.12.20 15:57:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.20 15:56:34 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys [2012.12.20 15:49:46 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.13 08:43:09 | 003,846,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.12 21:13:11 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.12 21:13:11 | 000,653,540 | ---- | M] () -- C:\Windows\System32\perfh01D.dat [2012.12.12 21:13:11 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.12 21:13:11 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.12 21:13:11 | 000,141,360 | ---- | M] () -- C:\Windows\System32\perfc01D.dat [2012.12.12 21:13:11 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.20 16:03:01 | 000,000,000 | ---- | C] () -- C:\Users\XXX\defogger_reenable [2012.12.20 16:01:17 | 000,302,592 | ---- | C] () -- C:\Users\XXX\Desktop\ggxisn62.exe [2012.12.20 16:00:20 | 000,050,477 | ---- | C] () -- C:\Users\XXX\Desktop\Defogger.exe [2012.12.20 15:58:57 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.12.20 15:46:49 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.12 21:20:38 | 000,004,148 | ---- | C] () -- C:\Windows\System32\psmodulediscoveryprovider.mof [2012.12.12 21:20:31 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2012.12.12 21:20:08 | 000,204,105 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2012.10.10 21:24:16 | 1448,655,544 | ---- | C] () -- C:\Users\XXX\FIFA+2013-v1.0.2-tang15111_2.ipa [2012.07.10 19:11:25 | 1186,380,194 | ---- | C] () -- C:\Users\XXX\Asphalt-7-Heat-v1.0.0-most_uniQue.ipa [2012.03.27 12:32:25 | 000,406,528 | ---- | C] () -- C:\Users\XXX\Switcher-2.0.0.2705.msi [2012.03.08 09:58:05 | 000,000,492 | RHS- | C] () -- C:\Users\XXX\ntuser.pol [2012.03.07 20:55:48 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\winscp.rnd [2012.02.20 20:13:59 | 000,210,518 | ---- | C] () -- C:\Users\XXX\Winamp.m3u [2012.02.19 20:25:32 | 000,002,306 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.02.19 20:08:26 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.02.18 21:48:15 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll [2012.02.18 21:48:13 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll [2012.02.18 21:48:13 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe [2012.02.18 21:48:13 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe [2012.02.17 19:37:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012.02.17 19:35:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.02.16 22:28:58 | 000,653,540 | ---- | C] () -- C:\Windows\System32\perfh01D.dat [2012.02.16 22:28:58 | 000,294,764 | ---- | C] () -- C:\Windows\System32\perfi01D.dat [2012.02.16 22:28:58 | 000,141,360 | ---- | C] () -- C:\Windows\System32\perfc01D.dat [2012.02.16 22:28:58 | 000,037,052 | ---- | C] () -- C:\Windows\System32\perfd01D.dat [2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2012.08.21 14:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.03.27 12:37:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Bao_Nguyen [2012.06.14 18:55:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.07.15 12:24:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite [2012.07.15 11:26:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DiskAid [2012.03.21 10:13:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox [2012.07.15 11:58:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\GHISLER [2012.12.20 15:47:55 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ [2012.07.30 21:14:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\iFunbox_UserCache [2012.07.15 15:46:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\redsn0w [2012.03.07 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Software4u [2012.02.29 21:01:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.09.09 13:43:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TestApp [2012.03.17 21:32:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TightVNC ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 164 bytes -> C:\Users\XXX\Documents\Bild.jpg: 3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 164 bytes -> C:\Users\XXX\Documents\Bild (2).jpg: 3or4kl4x13tuuug3Byamue2s4b < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.12.2012 16:05:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXX\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,28% Memory free
5,99 Gb Paging File | 4,51 Gb Available in Paging File | 75,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 150,70 Gb Free Space | 64,71% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C7210B7-28B0-4F73-AF12-DBEF14FEE561}" = lport=56137 | protocol=6 | dir=in | name=pando media booster |
"{31F3D821-9DB8-4EEB-98B1-034EF0188C59}" = lport=56137 | protocol=6 | dir=in | name=pando media booster |
"{3A8D47CD-4F2A-4F58-91C4-6A8E09254AA3}" = lport=56137 | protocol=17 | dir=in | name=pando media booster |
"{533F409D-F560-4320-8FED-502724FCA3A6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A96C97AD-E575-472D-BD0B-3EB7C136EF30}" = lport=56137 | protocol=17 | dir=in | name=pando media booster |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B5005B4-5A74-4092-BD5E-33B94B41E208}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2D63840C-5095-41E0-8737-EAE5AF8083F4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{412317DD-9A3E-4AB6-A32D-B969220F8960}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{45E7011E-62E8-45FD-A6CF-221A3914621F}" = protocol=6 | dir=in | app=c:\program files\tightvnc\vncviewer.exe |
"{45EC8BD8-63EB-449C-AC5E-DD898E8131B9}" = protocol=6 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe |
"{5461B2A1-2663-4A23-9AF6-4A0AA08B59F5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{563086BF-09C1-4E6B-AB34-B59332CB23B7}" = protocol=6 | dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"{7C16F315-811E-4F1F-BAFD-5B8907E75FC3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7E6B67C5-BDF0-40E9-9832-23E92698E348}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8A0E16B6-7592-40B3-8B37-5EC259329445}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9956C2BD-A59B-492C-B94B-101BD25309CC}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{9C7704AE-0B9E-4A44-8F3F-F2144A30AE46}" = protocol=17 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe |
"{A5C61A67-FF8B-4729-BBF8-B034643B8D33}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{A6219168-D0E9-4037-BF0C-F24B2CE7DE81}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{AB8F456B-F097-4399-B381-D4E4F160B3B9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B6BE606C-3554-4E24-8E65-31594A8DC537}" = protocol=17 | dir=in | app=c:\program files\tightvnc\vncviewer.exe |
"{BA215A7F-96F1-4745-8C97-2D9695F3F03B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BBA9658B-D60B-4F12-85A0-7BA39A075667}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CC76B77B-E3FE-48A0-AB96-1A3CEC1447AD}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{D3CE5ED7-6BED-4CD3-A183-20B403D752C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D61D96B5-8BAC-43A7-85E7-3FFBE60DF131}" = protocol=17 | dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"{E52393A1-DA10-4992-94E8-86C948900F3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E5F25619-0131-4E51-8481-485D84E71D57}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F1ADC190-4846-4E51-A8AE-702CD95ECE35}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{F5235BC3-C0AD-4DB0-80DC-316E2461FEDC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{333F8223-92C0-40AC-A49A-D21C54DBAB5B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{532E7AAC-D69B-4E43-8709-3CF55154278B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{75835CA5-9EE1-485B-B711-39A521FF0696}C:\program files\i-funbox devteam\ifunbox.exe" = protocol=6 | dir=in | app=c:\program files\i-funbox devteam\ifunbox.exe |
"TCP Query User{8F8053E4-801E-46B0-8F48-2024A0B8E91A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{ECACF773-42C9-43AF-B29B-0A313FAD7D31}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F5875758-B6FC-45A3-938A-F320287E0589}C:\program files\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"UDP Query User{519B92AC-A44F-406E-A6EC-744524EB8031}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{5A034B1D-0C08-4C77-9EDC-6ADD3AF09FA9}C:\program files\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"UDP Query User{63EBA34D-59D8-4DF4-B26A-F18BC1647FFA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{70D7A3B0-1483-4F8F-98AD-F5072C9FAF05}C:\program files\i-funbox devteam\ifunbox.exe" = protocol=17 | dir=in | app=c:\program files\i-funbox devteam\ifunbox.exe |
"UDP Query User{9C255F86-CE6E-4981-999B-BCEF5205A96B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{FE4CA65D-F047-4709-AB7D-AD4F971F22CC}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{438134D3-0BD4-4C52-8575-5B2B63AD01C2}" = RUBICon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT für Internet Explorer
"{C3CF41F1-0373-4DD7-BE99-F33B00E51031}" = Nero 7 Essentials
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7DB6677-661D-4835-AAD8-1B7F4C98D7CE}" = Switcher 2.0.0
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.90
"iFunbox_is1" = iFunbox (v1.98.948.666), iFunbox DevTeam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"ShotOnline" = ShotOnline
"SopCast" = SopCast 3.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TightVNC" = TightVNC 2.0.4
"Universal Extractor_is1" = Universal Extractor 1.6.1
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"winscp3_is1" = WinSCP 4.3.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.10.2012 14:59:33 | Computer Name = PC | Source = Windows Search Service | ID = 3038
Description =
Error - 05.10.2012 14:59:33 | Computer Name = PC | Source = Windows Search Service | ID = 3028
Description =
Error - 05.10.2012 14:59:33 | Computer Name = PC | Source = Windows Search Service | ID = 3058
Description =
Error - 05.10.2012 14:59:33 | Computer Name = PC | Source = Windows Search Service | ID = 7010
Description =
Error - 09.10.2012 10:13:55 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.10.2012 10:13:55 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2940182
Error - 09.10.2012 10:13:55 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2940182
Error - 18.10.2012 13:24:31 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 15.0.1.4631,
Zeitstempel: 0x5047f9c5 Name des fehlerhaften Moduls: xul.dll, Version: 15.0.1.4631,
Zeitstempel: 0x5047f93b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0010e567 ID des fehlerhaften
Prozesses: 0xd28 Startzeit der fehlerhaften Anwendung: 0x01cdaca4f12c6931 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: ad18fba1-1948-11e2-a460-ab3e589a9fab
Error - 20.10.2012 07:33:40 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: af8 Startzeit: 01cdaeb69d979b7b Endzeit: 32 Anwendungspfad:
C:\Windows\system32\NOTEPAD.EXE Berichts-ID: f627cc6b-1aa9-11e2-a460-ab3e589a9fab
Error - 14.11.2012 09:57:28 | Computer Name = PC | Source = Windows Search Service | ID = 3007
Description =
Error - 12.12.2012 16:19:00 | Computer Name = PC | Source = Windows Search Service | ID = 3007
Description =
[ OSession Events ]
Error - 01.07.2012 11:02:53 | Computer Name = PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15813
seconds with 3780 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 02.07.2012 04:10:17 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
LightScribeService Direct Disc Labeling Service erreicht.
Error - 02.07.2012 10:49:09 | Computer Name = PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst iphlpsvc erreicht.
Error - 05.07.2012 10:35:02 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
Error - 06.07.2012 09:34:16 | Computer Name = PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 06.07.2012 09:55:20 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
Error - 08.07.2012 04:50:45 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
LightScribeService Direct Disc Labeling Service erreicht.
Error - 09.07.2012 03:36:59 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
LightScribeService Direct Disc Labeling Service erreicht.
Error - 10.07.2012 11:01:17 | Computer Name = PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 11.07.2012 16:18:34 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.07.2012 16:28:38 | Computer Name = PC | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.20.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 XXX : PC [Administrator] 20.12.2012 17:38:12 mbam-log-2012-12-20 (17-47-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 223413 Laufzeit: 5 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. (Ende) Geändert von eckenecke (20.12.2012 um 19:02 Uhr) |
|
20.12.2012, 19:12
| #2 |
| /// Malware-holic   | Fund nach Wiederherstellung wegen GVU Trojaner Hi
__________________bei Malware niemals mehr die Systemwiederherstellung nutzen, du weist nie, was für malware auf dem PC ist und kannst mit der SWH mehr Schaden anrichten. Gmer Log als Datei anhängen bitte
__________________ |
|
20.12.2012, 21:03
| #3 |
| | Fund nach Wiederherstellung wegen GVU Trojaner Die Wiederherstellung hab ich eigtl. quasi automatisch gemacht, da dies ja mögliche Option von Windows angeboten wird, wenn man auf das System nicht mehr zugreifen kann. Mir war nicht klar, dass das schädlich sein kann.
__________________Gruß |
|
21.12.2012, 14:04
| #4 |
| /// Malware-holic | Fund nach Wiederherstellung wegen GVU Trojaner Hi, aso ok. Dann war das ein Missverständniss, sorry. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.12.2012, 14:49
| #5 |
| | Fund nach Wiederherstellung wegen GVU Trojaner TDSS: Code:
ATTFilter 14:46:36.0845 4536 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:46:38.0858 4536 ============================================================
14:46:38.0858 4536 Current date / time: 2012/12/21 14:46:38.0858
14:46:38.0858 4536 SystemInfo:
14:46:38.0858 4536
14:46:38.0858 4536 OS Version: 6.1.7601 ServicePack: 1.0
14:46:38.0858 4536 Product type: Workstation
14:46:38.0858 4536 ComputerName: PC
14:46:38.0858 4536 UserName: XXX
14:46:38.0858 4536 Windows directory: C:\Windows
14:46:38.0858 4536 System windows directory: C:\Windows
14:46:38.0858 4536 Processor architecture: Intel x86
14:46:38.0858 4536 Number of processors: 2
14:46:38.0858 4536 Page size: 0x1000
14:46:38.0858 4536 Boot type: Normal boot
14:46:38.0858 4536 ============================================================
14:46:41.0091 4536 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:46:41.0184 4536 ============================================================
14:46:41.0184 4536 \Device\Harddisk0\DR0:
14:46:41.0184 4536 MBR partitions:
14:46:41.0184 4536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C47C0
14:46:41.0184 4536 ============================================================
14:46:41.0309 4536 C: <-> \Device\Harddisk0\DR0\Partition1
14:46:41.0309 4536 ============================================================
14:46:41.0309 4536 Initialize success
14:46:41.0309 4536 ============================================================
14:46:48.0657 3604 ============================================================
14:46:48.0657 3604 Scan started
14:46:48.0657 3604 Mode: Manual; SigCheck; TDLFS;
14:46:48.0657 3604 ============================================================
14:46:49.0967 3604 ================ Scan system memory ========================
14:46:49.0967 3604 System memory - ok
14:46:49.0967 3604 ================ Scan services =============================
14:46:50.0139 3604 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:46:50.0326 3604 !SASCORE - ok
14:46:50.0607 3604 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:46:50.0700 3604 1394ohci - ok
14:46:50.0778 3604 [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
14:46:50.0825 3604 Accelerometer - ok
14:46:50.0872 3604 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:46:50.0919 3604 ACPI - ok
14:46:50.0950 3604 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:46:51.0012 3604 AcpiPmi - ok
14:46:51.0200 3604 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:46:51.0262 3604 AdobeARMservice - ok
14:46:51.0558 3604 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:46:51.0605 3604 AdobeFlashPlayerUpdateSvc - ok
14:46:51.0746 3604 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:46:51.0808 3604 adp94xx - ok
14:46:51.0839 3604 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:46:51.0870 3604 adpahci - ok
14:46:51.0886 3604 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:46:51.0902 3604 adpu320 - ok
14:46:51.0948 3604 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:46:52.0011 3604 AeLookupSvc - ok
14:46:52.0198 3604 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
14:46:52.0292 3604 AESTFilters - ok
14:46:52.0510 3604 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
14:46:52.0604 3604 AFD - ok
14:46:52.0650 3604 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:46:52.0697 3604 agp440 - ok
14:46:52.0744 3604 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
14:46:52.0775 3604 aic78xx - ok
14:46:52.0853 3604 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
14:46:52.0916 3604 ALG - ok
14:46:52.0931 3604 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
14:46:52.0978 3604 aliide - ok
14:46:52.0978 3604 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:46:52.0994 3604 amdagp - ok
14:46:53.0009 3604 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
14:46:53.0040 3604 amdide - ok
14:46:53.0087 3604 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:46:53.0150 3604 AmdK8 - ok
14:46:53.0181 3604 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:46:53.0243 3604 AmdPPM - ok
14:46:53.0306 3604 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:46:53.0352 3604 amdsata - ok
14:46:53.0368 3604 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:46:53.0399 3604 amdsbs - ok
14:46:53.0415 3604 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:46:53.0430 3604 amdxata - ok
14:46:53.0477 3604 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
14:46:53.0540 3604 AppID - ok
14:46:53.0586 3604 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:46:53.0680 3604 AppIDSvc - ok
14:46:53.0711 3604 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
14:46:53.0820 3604 Appinfo - ok
14:46:53.0914 3604 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:46:53.0961 3604 Apple Mobile Device - ok
14:46:54.0023 3604 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
14:46:54.0086 3604 AppMgmt - ok
14:46:54.0132 3604 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:46:54.0179 3604 arc - ok
14:46:54.0195 3604 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:46:54.0210 3604 arcsas - ok
14:46:54.0335 3604 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:46:54.0366 3604 aspnet_state - ok
14:46:54.0429 3604 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
14:46:54.0476 3604 aswFsBlk - ok
14:46:54.0554 3604 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
14:46:54.0585 3604 aswMonFlt - ok
14:46:54.0632 3604 [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
14:46:54.0663 3604 aswRdr - ok
14:46:54.0741 3604 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
14:46:54.0819 3604 aswSnx - ok
14:46:54.0850 3604 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
14:46:54.0866 3604 aswSP - ok
14:46:54.0881 3604 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
14:46:54.0897 3604 aswTdi - ok
14:46:54.0912 3604 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:46:54.0990 3604 AsyncMac - ok
14:46:55.0037 3604 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
14:46:55.0053 3604 atapi - ok
14:46:55.0131 3604 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:46:55.0240 3604 AudioEndpointBuilder - ok
14:46:55.0271 3604 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:46:55.0318 3604 Audiosrv - ok
14:46:55.0365 3604 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:46:55.0396 3604 avast! Antivirus - ok
14:46:55.0458 3604 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:46:55.0521 3604 AxInstSV - ok
14:46:55.0583 3604 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
14:46:55.0677 3604 b06bdrv - ok
14:46:55.0739 3604 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:46:55.0802 3604 b57nd60x - ok
14:46:55.0864 3604 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
14:46:55.0926 3604 BDESVC - ok
14:46:55.0958 3604 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
14:46:56.0051 3604 Beep - ok
14:46:56.0098 3604 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
14:46:56.0238 3604 BFE - ok
14:46:56.0285 3604 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
14:46:56.0394 3604 BITS - ok
14:46:56.0410 3604 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:46:56.0472 3604 blbdrive - ok
14:46:56.0582 3604 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:46:56.0644 3604 Bonjour Service - ok
14:46:56.0691 3604 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:46:56.0753 3604 bowser - ok
14:46:56.0800 3604 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:46:56.0862 3604 BrFiltLo - ok
14:46:56.0894 3604 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:46:56.0956 3604 BrFiltUp - ok
14:46:57.0003 3604 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
14:46:57.0065 3604 Browser - ok
14:46:57.0112 3604 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:46:57.0190 3604 Brserid - ok
14:46:57.0221 3604 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:46:57.0284 3604 BrSerWdm - ok
14:46:57.0315 3604 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:46:57.0377 3604 BrUsbMdm - ok
14:46:57.0408 3604 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:46:57.0471 3604 BrUsbSer - ok
14:46:57.0502 3604 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:46:57.0564 3604 BTHMODEM - ok
14:46:57.0627 3604 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:46:57.0736 3604 bthserv - ok
14:46:57.0767 3604 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:46:57.0861 3604 cdfs - ok
14:46:57.0923 3604 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:46:57.0970 3604 cdrom - ok
14:46:58.0032 3604 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
14:46:58.0110 3604 CertPropSvc - ok
14:46:58.0157 3604 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:46:58.0235 3604 circlass - ok
14:46:58.0282 3604 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:46:58.0313 3604 CLFS - ok
14:46:58.0438 3604 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:46:58.0485 3604 clr_optimization_v2.0.50727_32 - ok
14:46:58.0563 3604 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:46:58.0594 3604 clr_optimization_v4.0.30319_32 - ok
14:46:58.0610 3604 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:46:58.0641 3604 CmBatt - ok
14:46:58.0672 3604 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:46:58.0703 3604 cmdide - ok
14:46:58.0750 3604 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
14:46:58.0781 3604 CNG - ok
14:46:58.0875 3604 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:46:58.0906 3604 Com4QLBEx - ok
14:46:58.0968 3604 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:46:59.0000 3604 Compbatt - ok
14:46:59.0062 3604 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:46:59.0140 3604 CompositeBus - ok
14:46:59.0156 3604 COMSysApp - ok
14:46:59.0187 3604 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:46:59.0202 3604 crcdisk - ok
14:46:59.0234 3604 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:46:59.0280 3604 CryptSvc - ok
14:46:59.0327 3604 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
14:46:59.0452 3604 CSC - ok
14:46:59.0483 3604 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
14:46:59.0592 3604 CscService - ok
14:46:59.0639 3604 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:46:59.0764 3604 DcomLaunch - ok
14:46:59.0795 3604 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:46:59.0920 3604 defragsvc - ok
14:46:59.0982 3604 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:47:00.0076 3604 DfsC - ok
14:47:00.0123 3604 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:47:00.0185 3604 Dhcp - ok
14:47:00.0216 3604 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:47:00.0279 3604 discache - ok
14:47:00.0326 3604 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:47:00.0357 3604 Disk - ok
14:47:00.0404 3604 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:47:00.0466 3604 Dnscache - ok
14:47:00.0513 3604 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
14:47:00.0606 3604 dot3svc - ok
14:47:00.0653 3604 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
14:47:00.0731 3604 DPS - ok
14:47:00.0778 3604 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:47:00.0856 3604 drmkaud - ok
14:47:00.0918 3604 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:47:00.0965 3604 dtsoftbus01 - ok
14:47:01.0012 3604 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:47:01.0090 3604 DXGKrnl - ok
14:47:01.0152 3604 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:47:01.0215 3604 E1G60 - ok
14:47:01.0262 3604 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:47:01.0340 3604 EapHost - ok
14:47:01.0464 3604 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
14:47:01.0698 3604 ebdrv - ok
14:47:01.0745 3604 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
14:47:01.0870 3604 EFS - ok
14:47:01.0964 3604 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:47:02.0057 3604 ehRecvr - ok
14:47:02.0104 3604 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
14:47:02.0166 3604 ehSched - ok
14:47:02.0229 3604 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:47:02.0291 3604 elxstor - ok
14:47:02.0354 3604 [ 004B2EA6CC2598EC5F0552E43CE29CEF ] enecir C:\Windows\system32\DRIVERS\enecir.sys
14:47:02.0400 3604 enecir - ok
14:47:02.0432 3604 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:47:02.0510 3604 ErrDev - ok
14:47:02.0588 3604 esgiguard - ok
14:47:02.0634 3604 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:47:02.0728 3604 EventSystem - ok
14:47:02.0759 3604 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:47:02.0853 3604 exfat - ok
14:47:02.0884 3604 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:47:02.0978 3604 fastfat - ok
14:47:03.0056 3604 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
14:47:03.0165 3604 Fax - ok
14:47:03.0165 3604 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:47:03.0196 3604 fdc - ok
14:47:03.0227 3604 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:47:03.0321 3604 fdPHost - ok
14:47:03.0336 3604 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:47:03.0430 3604 FDResPub - ok
14:47:03.0477 3604 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:47:03.0508 3604 FileInfo - ok
14:47:03.0524 3604 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:47:03.0617 3604 Filetrace - ok
14:47:03.0633 3604 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:47:03.0664 3604 flpydisk - ok
14:47:03.0711 3604 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:47:03.0758 3604 FltMgr - ok
14:47:03.0804 3604 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
14:47:03.0898 3604 FontCache - ok
14:47:03.0976 3604 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:47:04.0007 3604 FontCache3.0.0.0 - ok
14:47:04.0038 3604 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:47:04.0070 3604 FsDepends - ok
14:47:04.0101 3604 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:47:04.0148 3604 Fs_Rec - ok
14:47:04.0210 3604 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:47:04.0272 3604 fvevol - ok
14:47:04.0335 3604 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:47:04.0366 3604 gagp30kx - ok
14:47:04.0428 3604 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:47:04.0460 3604 GEARAspiWDM - ok
14:47:04.0506 3604 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
14:47:04.0631 3604 gpsvc - ok
14:47:04.0648 3604 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:47:04.0710 3604 hcw85cir - ok
14:47:04.0773 3604 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:47:04.0851 3604 HdAudAddService - ok
14:47:04.0882 3604 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:47:04.0960 3604 HDAudBus - ok
14:47:04.0991 3604 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:47:05.0053 3604 HidBatt - ok
14:47:05.0085 3604 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:47:05.0147 3604 HidBth - ok
14:47:05.0194 3604 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:47:05.0256 3604 HidIr - ok
14:47:05.0287 3604 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
14:47:05.0350 3604 hidserv - ok
14:47:05.0397 3604 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:47:05.0459 3604 HidUsb - ok
14:47:05.0490 3604 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:47:05.0615 3604 hkmsvc - ok
14:47:05.0646 3604 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:47:05.0694 3604 HomeGroupListener - ok
14:47:05.0725 3604 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:47:05.0788 3604 HomeGroupProvider - ok
14:47:05.0819 3604 [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
14:47:05.0850 3604 hpdskflt - ok
14:47:05.0912 3604 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:47:05.0959 3604 HpqKbFiltr - ok
14:47:06.0037 3604 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
14:47:06.0084 3604 hpqwmiex - ok
14:47:06.0131 3604 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:47:06.0178 3604 HpSAMD - ok
14:47:06.0178 3604 [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv C:\Windows\system32\Hpservice.exe
14:47:06.0193 3604 hpsrv - ok
14:47:06.0256 3604 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:47:06.0365 3604 HTTP - ok
14:47:06.0380 3604 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:47:06.0412 3604 hwpolicy - ok
14:47:06.0458 3604 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:47:06.0521 3604 i8042prt - ok
14:47:06.0552 3604 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:47:06.0630 3604 iaStorV - ok
14:47:06.0708 3604 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:47:06.0770 3604 idsvc - ok
14:47:06.0833 3604 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:47:06.0895 3604 iirsp - ok
14:47:06.0973 3604 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
14:47:07.0114 3604 IKEEXT - ok
14:47:07.0145 3604 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
14:47:07.0176 3604 intelide - ok
14:47:07.0207 3604 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:47:07.0254 3604 intelppm - ok
14:47:07.0301 3604 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:47:07.0394 3604 IPBusEnum - ok
14:47:07.0410 3604 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:47:07.0504 3604 IpFilterDriver - ok
14:47:07.0550 3604 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:47:07.0660 3604 iphlpsvc - ok
14:47:07.0691 3604 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:47:07.0753 3604 IPMIDRV - ok
14:47:07.0784 3604 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:47:07.0862 3604 IPNAT - ok
14:47:07.0940 3604 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:47:08.0034 3604 iPod Service - ok
14:47:08.0096 3604 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:47:08.0159 3604 IRENUM - ok
14:47:08.0174 3604 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:47:08.0190 3604 isapnp - ok
14:47:08.0284 3604 [ 5F481C5493164163076F09A0B6AC2C00 ] iscFlash C:\SwSetup\sp45138\iscflash.sys
14:47:08.0299 3604 iscFlash ( UnsignedFile.Multi.Generic ) - warning
14:47:08.0299 3604 iscFlash - detected UnsignedFile.Multi.Generic (1)
14:47:08.0346 3604 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:47:08.0377 3604 iScsiPrt - ok
14:47:08.0440 3604 [ AB772E9CC29C29F59CB4B75F9D6F3F96 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
14:47:08.0502 3604 JMCR - ok
14:47:08.0549 3604 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:47:08.0580 3604 kbdclass - ok
14:47:08.0642 3604 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:47:08.0705 3604 kbdhid - ok
14:47:08.0720 3604 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
14:47:08.0767 3604 KeyIso - ok
14:47:08.0783 3604 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:47:08.0798 3604 KSecDD - ok
14:47:08.0830 3604 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:47:08.0876 3604 KSecPkg - ok
14:47:08.0923 3604 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:47:09.0032 3604 KtmRm - ok
14:47:09.0064 3604 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
14:47:09.0142 3604 LanmanServer - ok
14:47:09.0157 3604 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:47:09.0220 3604 LanmanWorkstation - ok
14:47:09.0298 3604 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:47:09.0329 3604 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:47:09.0329 3604 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:47:09.0391 3604 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:47:09.0485 3604 lltdio - ok
14:47:09.0532 3604 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:47:09.0594 3604 lltdsvc - ok
14:47:09.0610 3604 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:47:09.0719 3604 lmhosts - ok
14:47:09.0750 3604 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:47:09.0781 3604 LSI_FC - ok
14:47:09.0781 3604 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:47:09.0812 3604 LSI_SAS - ok
14:47:09.0828 3604 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:47:09.0844 3604 LSI_SAS2 - ok
14:47:09.0844 3604 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:47:09.0875 3604 LSI_SCSI - ok
14:47:09.0922 3604 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:47:10.0000 3604 luafv - ok
14:47:10.0062 3604 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:47:10.0109 3604 Mcx2Svc - ok
14:47:10.0156 3604 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:47:10.0187 3604 megasas - ok
14:47:10.0202 3604 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:47:10.0249 3604 MegaSR - ok
14:47:10.0343 3604 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:47:10.0374 3604 Microsoft Office Groove Audit Service - ok
14:47:10.0405 3604 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:47:10.0499 3604 MMCSS - ok
14:47:10.0499 3604 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:47:10.0546 3604 Modem - ok
14:47:10.0592 3604 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:47:10.0639 3604 monitor - ok
14:47:10.0686 3604 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:47:10.0717 3604 mouclass - ok
14:47:10.0780 3604 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:47:10.0858 3604 mouhid - ok
14:47:10.0889 3604 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:47:10.0936 3604 mountmgr - ok
14:47:11.0014 3604 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:47:11.0060 3604 MozillaMaintenance - ok
14:47:11.0076 3604 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
14:47:11.0123 3604 mpio - ok
14:47:11.0138 3604 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:47:11.0185 3604 mpsdrv - ok
14:47:11.0248 3604 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:47:11.0341 3604 MpsSvc - ok
14:47:11.0372 3604 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:47:11.0450 3604 MRxDAV - ok
14:47:11.0497 3604 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:47:11.0575 3604 mrxsmb - ok
14:47:11.0606 3604 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:47:11.0684 3604 mrxsmb10 - ok
14:47:11.0716 3604 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:47:11.0778 3604 mrxsmb20 - ok
14:47:11.0825 3604 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
14:47:11.0856 3604 msahci - ok
14:47:11.0887 3604 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:47:11.0934 3604 msdsm - ok
14:47:11.0965 3604 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:47:12.0012 3604 MSDTC - ok
14:47:12.0043 3604 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:47:12.0090 3604 Msfs - ok
14:47:12.0090 3604 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:47:12.0137 3604 mshidkmdf - ok
14:47:12.0184 3604 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:47:12.0215 3604 msisadrv - ok
14:47:12.0277 3604 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:47:12.0371 3604 MSiSCSI - ok
14:47:12.0371 3604 msiserver - ok
14:47:12.0418 3604 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:47:12.0511 3604 MSKSSRV - ok
14:47:12.0542 3604 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:47:12.0636 3604 MSPCLOCK - ok
14:47:12.0667 3604 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:47:12.0745 3604 MSPQM - ok
14:47:12.0776 3604 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:47:12.0808 3604 MsRPC - ok
14:47:12.0839 3604 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:47:12.0854 3604 mssmbios - ok
14:47:12.0870 3604 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:47:12.0901 3604 MSTEE - ok
14:47:12.0917 3604 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:47:12.0948 3604 MTConfig - ok
14:47:12.0979 3604 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:47:12.0995 3604 Mup - ok
14:47:13.0026 3604 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
14:47:13.0104 3604 napagent - ok
14:47:13.0135 3604 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:47:13.0198 3604 NativeWifiP - ok
14:47:13.0244 3604 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:47:13.0338 3604 NDIS - ok
14:47:13.0385 3604 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:47:13.0447 3604 NdisCap - ok
14:47:13.0494 3604 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:47:13.0588 3604 NdisTapi - ok
14:47:13.0634 3604 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:47:13.0744 3604 Ndisuio - ok
14:47:13.0775 3604 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:47:13.0868 3604 NdisWan - ok
14:47:13.0915 3604 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:47:14.0009 3604 NDProxy - ok
14:47:14.0024 3604 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:47:14.0087 3604 NetBIOS - ok
14:47:14.0118 3604 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:47:14.0196 3604 NetBT - ok
14:47:14.0243 3604 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
14:47:14.0258 3604 Netlogon - ok
14:47:14.0352 3604 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:47:14.0461 3604 Netman - ok
14:47:14.0508 3604 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:47:14.0524 3604 NetMsmqActivator - ok
14:47:14.0524 3604 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:47:14.0555 3604 NetPipeActivator - ok
14:47:14.0570 3604 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:47:14.0664 3604 netprofm - ok
14:47:14.0680 3604 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:47:14.0695 3604 NetTcpActivator - ok
14:47:14.0711 3604 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:47:14.0726 3604 NetTcpPortSharing - ok
14:47:14.0976 3604 [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
14:47:15.0226 3604 NETw5s32 - ok
14:47:15.0366 3604 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
14:47:15.0600 3604 netw5v32 - ok
14:47:15.0631 3604 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:47:15.0662 3604 nfrd960 - ok
14:47:15.0678 3604 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
14:47:15.0740 3604 NlaSvc - ok
14:47:15.0865 3604 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
14:47:15.0928 3604 NMIndexingService - ok
14:47:15.0928 3604 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:47:15.0990 3604 Npfs - ok
14:47:16.0021 3604 npggsvc - ok
14:47:16.0052 3604 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:47:16.0099 3604 nsi - ok
14:47:16.0115 3604 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:47:16.0208 3604 nsiproxy - ok
14:47:16.0302 3604 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:47:16.0396 3604 Ntfs - ok
14:47:16.0411 3604 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:47:16.0505 3604 Null - ok
14:47:16.0552 3604 [ 93C0F383B39B1F5FE7203E3270D4CF52 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
14:47:16.0598 3604 NVHDA - ok
14:47:16.0926 3604 [ 66B4BF606FCC7F0622D4A21BB1461089 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:47:17.0316 3604 nvlddmkm - ok
14:47:17.0363 3604 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:47:17.0378 3604 nvraid - ok
14:47:17.0425 3604 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:47:17.0472 3604 nvstor - ok
14:47:17.0534 3604 [ D122F7C5F79C68868F5DC28CEFEB2ECF ] nvsvc C:\Windows\system32\nvvsvc.exe
14:47:17.0644 3604 nvsvc - ok
14:47:17.0753 3604 [ 003CB0A155568B4A53A301F07C734233 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:47:17.0893 3604 nvUpdatusService - ok
14:47:17.0924 3604 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:47:17.0940 3604 nv_agp - ok
14:47:18.0018 3604 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:47:18.0080 3604 odserv - ok
14:47:18.0112 3604 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:47:18.0174 3604 ohci1394 - ok
14:47:18.0236 3604 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:47:18.0283 3604 ose - ok
14:47:18.0314 3604 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:47:18.0377 3604 p2pimsvc - ok
14:47:18.0408 3604 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:47:18.0486 3604 p2psvc - ok
14:47:18.0533 3604 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:47:18.0580 3604 Parport - ok
14:47:18.0611 3604 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:47:18.0642 3604 partmgr - ok
14:47:18.0673 3604 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:47:18.0704 3604 Parvdm - ok
14:47:18.0736 3604 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:47:18.0767 3604 PcaSvc - ok
14:47:18.0798 3604 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
14:47:18.0845 3604 pci - ok
14:47:18.0845 3604 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
14:47:18.0876 3604 pciide - ok
14:47:18.0892 3604 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:47:18.0907 3604 pcmcia - ok
14:47:18.0923 3604 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:47:18.0954 3604 pcw - ok
14:47:19.0032 3604 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:47:19.0172 3604 PEAUTH - ok
14:47:19.0250 3604 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:47:19.0375 3604 PeerDistSvc - ok
14:47:19.0469 3604 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
14:47:19.0703 3604 pla - ok
14:47:19.0765 3604 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:47:19.0859 3604 PlugPlay - ok
14:47:19.0890 3604 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:47:19.0968 3604 PNRPAutoReg - ok
14:47:19.0999 3604 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:47:20.0046 3604 PNRPsvc - ok
14:47:20.0062 3604 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:47:20.0124 3604 PolicyAgent - ok
14:47:20.0171 3604 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
14:47:20.0233 3604 Power - ok
14:47:20.0280 3604 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:47:20.0342 3604 PptpMiniport - ok
14:47:20.0358 3604 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:47:20.0405 3604 Processor - ok
14:47:20.0452 3604 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
14:47:20.0483 3604 ProfSvc - ok
14:47:20.0498 3604 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:47:20.0514 3604 ProtectedStorage - ok
14:47:20.0576 3604 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:47:20.0670 3604 Psched - ok
14:47:20.0717 3604 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
14:47:20.0748 3604 PSI - ok
14:47:20.0795 3604 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:47:20.0904 3604 ql2300 - ok
14:47:20.0920 3604 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:47:20.0966 3604 ql40xx - ok
14:47:20.0998 3604 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:47:21.0060 3604 QWAVE - ok
14:47:21.0091 3604 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:47:21.0138 3604 QWAVEdrv - ok
14:47:21.0169 3604 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:47:21.0247 3604 RasAcd - ok
14:47:21.0310 3604 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:47:21.0372 3604 RasAgileVpn - ok
14:47:21.0403 3604 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:47:21.0434 3604 RasAuto - ok
14:47:21.0450 3604 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:47:21.0497 3604 Rasl2tp - ok
14:47:21.0559 3604 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
14:47:21.0653 3604 RasMan - ok
14:47:21.0668 3604 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:47:21.0746 3604 RasPppoe - ok
14:47:21.0793 3604 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:47:21.0840 3604 RasSstp - ok
14:47:21.0871 3604 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:47:21.0934 3604 rdbss - ok
14:47:21.0949 3604 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:47:21.0996 3604 rdpbus - ok
14:47:22.0058 3604 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:47:22.0105 3604 RDPCDD - ok
14:47:22.0136 3604 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:47:22.0183 3604 RDPDR - ok
14:47:22.0230 3604 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:47:22.0324 3604 RDPENCDD - ok
14:47:22.0355 3604 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:47:22.0433 3604 RDPREFMP - ok
14:47:22.0511 3604 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:47:22.0573 3604 RdpVideoMiniport - ok
14:47:22.0604 3604 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:47:22.0667 3604 RDPWD - ok
14:47:22.0729 3604 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:47:22.0776 3604 rdyboost - ok
14:47:22.0807 3604 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:47:22.0870 3604 RemoteAccess - ok
14:47:22.0916 3604 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:47:23.0010 3604 RemoteRegistry - ok
14:47:23.0088 3604 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:47:23.0197 3604 RpcEptMapper - ok
14:47:23.0228 3604 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:47:23.0260 3604 RpcLocator - ok
14:47:23.0275 3604 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
14:47:23.0322 3604 RpcSs - ok
14:47:23.0384 3604 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:47:23.0447 3604 rspndr - ok
14:47:23.0494 3604 [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
14:47:23.0540 3604 RTL8167 - ok
14:47:23.0572 3604 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:47:23.0618 3604 s3cap - ok
14:47:23.0650 3604 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
14:47:23.0665 3604 SamSs - ok
14:47:23.0728 3604 [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
14:47:23.0759 3604 Samsung UPD Service - ok
14:47:23.0853 3604 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:47:23.0884 3604 SASDIFSV - ok
14:47:23.0931 3604 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:47:23.0977 3604 SASKUTIL - ok
14:47:24.0024 3604 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:47:24.0055 3604 sbp2port - ok
14:47:24.0087 3604 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:47:24.0149 3604 SCardSvr - ok
14:47:24.0180 3604 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:47:24.0227 3604 scfilter - ok
14:47:24.0289 3604 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
14:47:24.0430 3604 Schedule - ok
14:47:24.0477 3604 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:47:24.0508 3604 SCPolicySvc - ok
14:47:24.0539 3604 [ 624795DF1993B955B0C0A03A4612F2EC ] SCR3XX2K C:\Windows\system32\DRIVERS\SCR3XX2K.sys
14:47:24.0601 3604 SCR3XX2K - ok
14:47:24.0648 3604 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
14:47:24.0711 3604 sdbus - ok
14:47:24.0757 3604 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:47:24.0835 3604 SDRSVC - ok
14:47:24.0867 3604 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:47:24.0960 3604 secdrv - ok
14:47:24.0991 3604 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:47:25.0116 3604 seclogon - ok
14:47:25.0210 3604 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
14:47:25.0288 3604 Secunia PSI Agent - ok
14:47:25.0319 3604 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
14:47:25.0397 3604 Secunia Update Agent - ok
14:47:25.0444 3604 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
14:47:25.0553 3604 SENS - ok
14:47:25.0584 3604 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:47:25.0631 3604 SensrSvc - ok
14:47:25.0678 3604 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:47:25.0756 3604 Serenum - ok
14:47:25.0787 3604 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:47:25.0865 3604 Serial - ok
14:47:25.0896 3604 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:47:25.0974 3604 sermouse - ok
14:47:26.0021 3604 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
14:47:26.0068 3604 SessionEnv - ok
14:47:26.0099 3604 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:47:26.0115 3604 sffdisk - ok
14:47:26.0115 3604 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:47:26.0130 3604 sffp_mmc - ok
14:47:26.0146 3604 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:47:26.0161 3604 sffp_sd - ok
14:47:26.0177 3604 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:47:26.0208 3604 sfloppy - ok
14:47:26.0255 3604 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:47:26.0395 3604 SharedAccess - ok
14:47:26.0442 3604 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:47:26.0676 3604 ShellHWDetection - ok
14:47:26.0863 3604 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:47:26.0910 3604 sisagp - ok
14:47:26.0957 3604 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:47:27.0004 3604 SiSRaid2 - ok
14:47:27.0004 3604 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:47:27.0035 3604 SiSRaid4 - ok
14:47:27.0051 3604 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:47:27.0082 3604 Smb - ok
14:47:27.0144 3604 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:47:27.0191 3604 SNMPTRAP - ok
14:47:27.0191 3604 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:47:27.0207 3604 spldr - ok
14:47:27.0269 3604 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
14:47:27.0331 3604 Spooler - ok
14:47:27.0472 3604 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
14:47:27.0675 3604 sppsvc - ok
14:47:27.0721 3604 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:47:27.0784 3604 sppuinotify - ok
14:47:27.0831 3604 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:47:27.0877 3604 srv - ok
14:47:27.0909 3604 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:47:27.0955 3604 srv2 - ok
14:47:27.0971 3604 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:47:28.0018 3604 srvnet - ok
14:47:28.0065 3604 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:47:28.0174 3604 SSDPSRV - ok
14:47:28.0189 3604 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:47:28.0267 3604 SstpSvc - ok
14:47:28.0423 3604 [ FE7F776F2590C8331123BDA3A3A21DE6 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
14:47:28.0470 3604 STacSV - ok
14:47:28.0486 3604 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:47:28.0517 3604 stexstor - ok
14:47:28.0579 3604 [ DADB74BF26766757DBBA9C5912969EBF ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
14:47:28.0657 3604 STHDA - ok
14:47:28.0704 3604 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
14:47:28.0798 3604 StiSvc - ok
14:47:28.0829 3604 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:47:28.0876 3604 storflt - ok
14:47:28.0938 3604 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:47:28.0969 3604 storvsc - ok
14:47:29.0001 3604 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
14:47:29.0016 3604 swenum - ok
14:47:29.0047 3604 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:47:29.0110 3604 swprv - ok
14:47:29.0125 3604 Synth3dVsc - ok
14:47:29.0219 3604 [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:47:29.0266 3604 SynTP - ok
14:47:29.0328 3604 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
14:47:29.0453 3604 SysMain - ok
14:47:29.0484 3604 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:47:29.0531 3604 TabletInputService - ok
14:47:29.0562 3604 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
14:47:29.0625 3604 TapiSrv - ok
14:47:29.0671 3604 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:47:29.0765 3604 TBS - ok
14:47:29.0843 3604 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:47:29.0952 3604 Tcpip - ok
14:47:30.0030 3604 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:47:30.0077 3604 TCPIP6 - ok
14:47:30.0108 3604 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:47:30.0139 3604 tcpipreg - ok
14:47:30.0186 3604 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:47:30.0249 3604 TDPIPE - ok
14:47:30.0280 3604 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:47:30.0311 3604 TDTCP - ok
14:47:30.0358 3604 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:47:30.0451 3604 tdx - ok
14:47:30.0467 3604 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:47:30.0498 3604 TermDD - ok
14:47:30.0529 3604 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
14:47:30.0623 3604 TermService - ok
14:47:30.0685 3604 [ A56EC942ECABFB7849BFA76060F929FB ] TfFsMon C:\Windows\system32\drivers\TfFsMon.sys
14:47:30.0717 3604 TfFsMon - ok
14:47:30.0763 3604 [ 917EF522563F6047685486EFA486FB3C ] TfNetMon C:\Windows\system32\drivers\TfNetMon.sys
14:47:30.0779 3604 TfNetMon - ok
14:47:30.0810 3604 [ 57EDBB5FE7FF09BB21121D13BB950BA5 ] TfSysMon C:\Windows\system32\drivers\TfSysMon.sys
14:47:30.0826 3604 TfSysMon - ok
14:47:30.0857 3604 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:47:30.0935 3604 Themes - ok
14:47:30.0982 3604 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:47:31.0044 3604 THREADORDER - ok
14:47:31.0091 3604 ThreatFire - ok
14:47:31.0138 3604 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:47:31.0247 3604 TrkWks - ok
14:47:31.0294 3604 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:47:31.0387 3604 TrustedInstaller - ok
14:47:31.0419 3604 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:47:31.0497 3604 tssecsrv - ok
14:47:31.0528 3604 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:47:31.0590 3604 TsUsbFlt - ok
14:47:31.0606 3604 tsusbhub - ok
14:47:31.0668 3604 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:47:31.0777 3604 tunnel - ok
14:47:31.0902 3604 [ AAF458CC200326BEF602B5339400BF86 ] tvnserver C:\Program Files\TightVNC\tvnserver.exe
14:47:31.0980 3604 tvnserver - ok
14:47:32.0011 3604 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:47:32.0043 3604 uagp35 - ok
14:47:32.0074 3604 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:47:32.0167 3604 udfs - ok
14:47:32.0214 3604 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:47:32.0277 3604 UI0Detect - ok
14:47:32.0308 3604 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:47:32.0355 3604 uliagpkx - ok
14:47:32.0401 3604 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
14:47:32.0448 3604 umbus - ok
14:47:32.0495 3604 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:47:32.0542 3604 UmPass - ok
14:47:32.0589 3604 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
14:47:32.0667 3604 UmRdpService - ok
14:47:32.0713 3604 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:47:32.0854 3604 upnphost - ok
14:47:32.0916 3604 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
14:47:32.0947 3604 USBAAPL - ok
14:47:32.0994 3604 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:47:33.0057 3604 usbccgp - ok
14:47:33.0088 3604 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:47:33.0150 3604 usbcir - ok
14:47:33.0197 3604 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:47:33.0275 3604 usbehci - ok
14:47:33.0322 3604 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:47:33.0400 3604 usbhub - ok
14:47:33.0431 3604 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:47:33.0478 3604 usbohci - ok
14:47:33.0525 3604 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:47:33.0603 3604 usbprint - ok
14:47:33.0649 3604 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:47:33.0712 3604 usbscan - ok
14:47:33.0759 3604 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:47:33.0821 3604 USBSTOR - ok
14:47:33.0852 3604 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:47:33.0868 3604 usbuhci - ok
14:47:33.0915 3604 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:47:33.0993 3604 usbvideo - ok
14:47:34.0039 3604 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:47:34.0149 3604 UxSms - ok
14:47:34.0180 3604 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
14:47:34.0227 3604 VaultSvc - ok
14:47:34.0273 3604 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:47:34.0320 3604 vdrvroot - ok
14:47:34.0351 3604 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
14:47:34.0476 3604 vds - ok
14:47:34.0539 3604 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:47:34.0617 3604 vga - ok
14:47:34.0648 3604 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:47:34.0741 3604 VgaSave - ok
14:47:34.0757 3604 VGPU - ok
14:47:34.0788 3604 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:47:34.0835 3604 vhdmp - ok
14:47:34.0882 3604 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:47:34.0929 3604 viaagp - ok
14:47:34.0944 3604 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
14:47:34.0991 3604 ViaC7 - ok
14:47:35.0022 3604 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
14:47:35.0069 3604 viaide - ok
14:47:35.0100 3604 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:47:35.0147 3604 vmbus - ok
14:47:35.0163 3604 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:47:35.0194 3604 VMBusHID - ok
14:47:35.0209 3604 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:47:35.0225 3604 volmgr - ok
14:47:35.0272 3604 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:47:35.0287 3604 volmgrx - ok
14:47:35.0319 3604 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:47:35.0350 3604 volsnap - ok
14:47:35.0381 3604 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:47:35.0412 3604 vsmraid - ok
14:47:35.0459 3604 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
14:47:35.0553 3604 VSS - ok
14:47:35.0584 3604 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:47:35.0615 3604 vwifibus - ok
14:47:35.0631 3604 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:47:35.0677 3604 vwififlt - ok
14:47:35.0709 3604 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:47:35.0802 3604 W32Time - ok
14:47:35.0833 3604 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:47:35.0896 3604 WacomPen - ok
14:47:35.0927 3604 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:47:36.0005 3604 WANARP - ok
14:47:36.0021 3604 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:47:36.0052 3604 Wanarpv6 - ok
14:47:36.0130 3604 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
14:47:36.0270 3604 wbengine - ok
14:47:36.0301 3604 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:47:36.0364 3604 WbioSrvc - ok
14:47:36.0411 3604 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:47:36.0489 3604 wcncsvc - ok
14:47:36.0520 3604 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:47:36.0582 3604 WcsPlugInService - ok
14:47:36.0629 3604 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:47:36.0676 3604 Wd - ok
14:47:36.0723 3604 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:47:36.0816 3604 Wdf01000 - ok
14:47:36.0832 3604 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:47:36.0894 3604 WdiServiceHost - ok
14:47:36.0894 3604 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:47:36.0925 3604 WdiSystemHost - ok
14:47:36.0957 3604 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
14:47:37.0003 3604 WebClient - ok
14:47:37.0050 3604 [ F56A25B240391620B6E31ACF656F2018 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:47:37.0144 3604 Wecsvc - ok
14:47:37.0191 3604 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:47:37.0253 3604 wercplsupport - ok
14:47:37.0300 3604 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:47:37.0409 3604 WerSvc - ok
14:47:37.0440 3604 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:47:37.0518 3604 WfpLwf - ok
14:47:37.0534 3604 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:47:37.0565 3604 WIMMount - ok
14:47:37.0643 3604 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:47:37.0737 3604 WinDefend - ok
14:47:37.0768 3604 WinHttpAutoProxySvc - ok
14:47:37.0830 3604 [ 320B13F43726EB73B2D7AE8869AFAACE ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:47:37.0877 3604 Winmgmt - ok
14:47:37.0955 3604 [ 895AD0D039FAAE12D4C25E028051344C ] WinRM C:\Windows\system32\WsmSvc.dll
14:47:38.0095 3604 WinRM - ok
14:47:38.0173 3604 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:47:38.0251 3604 WinUsb - ok
14:47:38.0298 3604 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:47:38.0407 3604 Wlansvc - ok
14:47:38.0454 3604 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:47:38.0501 3604 WmiAcpi - ok
14:47:38.0548 3604 [ A1BCA34F741D285E8A7CD3F3E734BBBD ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:47:38.0610 3604 wmiApSrv - ok
14:47:38.0704 3604 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:47:38.0813 3604 WMPNetworkSvc - ok
14:47:38.0844 3604 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:47:38.0907 3604 WPCSvc - ok
14:47:38.0938 3604 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:47:39.0000 3604 WPDBusEnum - ok
14:47:39.0063 3604 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:47:39.0156 3604 ws2ifsl - ok
14:47:39.0172 3604 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
14:47:39.0203 3604 wscsvc - ok
14:47:39.0219 3604 WSearch - ok
14:47:39.0297 3604 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:47:39.0437 3604 wuauserv - ok
14:47:39.0468 3604 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:47:39.0484 3604 WudfPf - ok
14:47:39.0546 3604 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:47:39.0609 3604 WUDFRd - ok
14:47:39.0671 3604 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:47:39.0733 3604 wudfsvc - ok
14:47:39.0780 3604 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:47:39.0858 3604 WwanSvc - ok
14:47:39.0889 3604 ================ Scan global ===============================
14:47:39.0936 3604 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:47:39.0967 3604 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
14:47:39.0999 3604 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
14:47:40.0045 3604 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:47:40.0139 3604 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:47:40.0155 3604 [Global] - ok
14:47:40.0155 3604 ================ Scan MBR ==================================
14:47:40.0170 3604 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:47:40.0716 3604 \Device\Harddisk0\DR0 - ok
14:47:40.0716 3604 ================ Scan VBR ==================================
14:47:40.0716 3604 [ D5BD27ED1DF19982B99FA06BB95E3B45 ] \Device\Harddisk0\DR0\Partition1
14:47:40.0732 3604 \Device\Harddisk0\DR0\Partition1 - ok
14:47:40.0732 3604 ============================================================
14:47:40.0732 3604 Scan finished
14:47:40.0732 3604 ============================================================
14:47:40.0747 3724 Detected object count: 2
14:47:40.0747 3724 Actual detected object count: 2
14:47:55.0443 3724 iscFlash ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:55.0443 3724 iscFlash ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:55.0443 3724 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:55.0443 3724 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.12.2012, 14:53
| #6 | |
| /// Malware-holic | Fund nach Wiederherstellung wegen GVU Trojaner Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Fund nach Wiederherstellung wegen GVU Trojaner |
|
21.12.2012, 15:44
| #7 |
| | Fund nach Wiederherstellung wegen GVU Trojaner Combofix: Code:
ATTFilter ComboFix 12-12-20.02 - XXX 21.12.2012 15:22:35.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3069.1654 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-21 bis 2012-12-21 ))))))))))))))))))))))))))))))
.
.
2012-12-21 14:36 . 2012-12-21 14:36 -------- d-----w- c:\users\XXX\AppData\Local\temp
2012-12-21 14:36 . 2012-12-21 14:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-21 14:36 . 2012-12-21 14:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-20 15:03 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B53E0995-9899-4A45-BDE6-3EED49A1BB6B}\mpengine.dll
2012-12-20 14:13 . 2012-09-13 12:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-20 14:13 . 2012-09-13 12:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-20 14:13 . 2012-09-13 12:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-20 14:13 . 2012-09-13 12:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-20 14:13 . 2012-09-13 12:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-20 14:13 . 2012-09-13 12:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-20 14:13 . 2012-09-13 12:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-12 23:23 . 2012-12-12 23:23 -------- d-----w- c:\windows\Migration
2012-12-12 20:20 . 2012-08-21 14:20 46080 ----a-w- c:\windows\system32\ncobjapi.dll
2012-12-12 20:19 . 2012-08-21 13:37 636928 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-12-12 20:19 . 2012-08-21 13:34 382464 ----a-w- c:\windows\system32\wbemcomn2.dll
2012-12-12 20:19 . 2012-08-21 13:32 909824 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-12-12 20:12 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 20:12 . 2012-11-05 20:32 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 20:12 . 2012-11-05 20:32 34304 ----a-w- c:\windows\system32\atmlib.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 12:05 . 2012-04-02 18:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 12:05 . 2012-02-16 20:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-02-28 13:55 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-02-28 13:55 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-02-28 13:55 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-02-28 13:55 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-02-28 13:55 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-02-16 22:19 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-02-28 13:55 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 07:39 . 2012-11-28 11:47 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-02-28 13:55 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 17:40 . 2012-11-14 13:54 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:54 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-14 13:55 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-14 13:55 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-14 13:55 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-14 13:55 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 13:55 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-14 13:55 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-14 13:55 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-14 13:55 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-29 18:54 . 2012-02-19 21:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-14 13:52 78336 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 21:16 . 2012-10-23 20:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-01 21:56 . 2012-12-01 21:56 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Switcher"="c:\program files\Switcher\Switcher.exe" [2007-10-28 425984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2012-09-10 14:58 59280 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2012-08-29 12:00 59280 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-05-22 06:38 160872 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2011-02-22 11:57 378128 ----a-w- c:\program files\ThreatFire\TFTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2011-08-03 13:23 828944 ----a-w- c:\program files\TightVNC\tvnserver.exe
.
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 iscFlash;iscFlash;c:\swsetup\sp45138\iscflash.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 03185243
*NewlyCreated* - PXLDAPOW
*Deregistered* - 03185243
*Deregistered* - pxldapow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1212)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(584)
c:\program files\ThreatFire\TFWAH.dll
.
Zeit der Fertigstellung: 2012-12-21 15:42:42
ComboFix-quarantined-files.txt 2012-12-21 14:42
.
Vor Suchlauf: 9 Verzeichnis(se), 162.803.249.152 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 165.524.955.136 Bytes frei
.
- - End Of File - - 30198944D8545A3E1EDCFB3197DF3825
|
|
21.12.2012, 15:49
| #8 |
| /// Malware-holic | Fund nach Wiederherstellung wegen GVU Trojaner Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.12.2012, 13:58
| #9 |
| | Fund nach Wiederherstellung wegen GVU Trojaner Ein Fund: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.22.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 XXX :: PC [Administrator] 22.12.2012 12:31:07 mbam-log-2012-12-22 (12-31-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 372680 Laufzeit: 1 Stunde(n), 18 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-2a2aa6be (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
27.12.2012, 15:49
| #10 |
| /// Malware-holic | Fund nach Wiederherstellung wegen GVU Trojaner Hi lade den CCleaner standard: CCleaner Download - CCleaner 3.26.1888 falls der CCleaner bereits instaliert, überspringen. öffnen, Tools,uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 14:09
| #11 |
| | Fund nach Wiederherstellung wegen GVU Trojaner moinmoin, Code:
ATTFilter AC3Filter 1.62b Alexander Vigovsky 20.02.2012 1.62b notwendig Adobe AIR Adobe Systems Incorporated 13.09.2012 3.4.0.2540 unbekannt Adobe Community Help Adobe Systems Incorporated 20.02.2012 3.0.0.400 unbekannt Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 notwendig Adobe Media Player Adobe Systems Incorporated 20.02.2012 1.8 unbekannt Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 17.08.2012 122MB 10.1.4 notwendig Apple Application Support Apple Inc. 08.10.2012 64,5MB 2.2.2 notwendig Apple Mobile Device Support Apple Inc. 11.07.2012 24,4MB 5.2.0.6 notwendig Apple Software Update Apple Inc. 20.02.2012 2,38MB 2.1.3.127 notwendig avast! Free Antivirus AVAST Software 05.11.2012 7.0.1474.0 notwendig Bonjour Apple Inc. 20.02.2012 0,98MB 3.0.0.10 unnötig CCleaner Piriform 19.12.2012 3.26 notwendig DAEMON Tools Lite DT Soft Ltd 19.02.2012 4.45.3.0297 unnötig DivX-Setup DivX, LLC 01.03.2012 2.6.1.8 notwendig Dropbox Dropbox, Inc. 21.02.2012 1.2.52 notwendig FormatFactory 2.90 Free Time 22.02.2012 2.90 notwendig HP Quick Launch Buttons Hewlett-Packard 16.02.2012 6.50.4.2 notwendig iCloud Apple Inc. 08.10.2012 47,4MB 2.0.2.187 notwendig ICQ7.7 ICQ 18.02.2012 7.7 notwendig IDT Audio IDT 20.01.2012 1.0.6225.0 notwendig iFunbox (v1.98.948.666), iFunbox DevTeam 10.07.2012 37,5MB v1.98.948.666 notwendig iTunes Apple Inc. 11.07.2012 181MB 10.6.3.25 notwendig Java 7 Update 9 Oracle 14.09.2012 128MB 7.0.90 notwendig JMicron JMB38X Flash Media Controller Driver JMicron Technology Corp. 16.02.2012 unbekannt 1.00.20.07 LightScribe System Software LightScribe 16.02.2012 27,8MB 1.18.8.1 unbekannt Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 20.12.2012 19,4MB 1.65.1.1000 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16.02.2012 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 16.02.2012 2,93MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 07.03.2012 51,9MB 4.0.30319 unbekannt Microsoft Office Enterprise 2007 Microsoft Corporation 27.02.2012 12.0.6612.1000 unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 27.02.2012 7,95MB 14.0.5130.5003 unbekannt Microsoft Silverlight Microsoft Corporation 11.05.2012 44,7MB 5.1.10411.0 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.02.2012 596KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.02.2012 600KB 9.0.30729.6161 unbekannt Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Corporation 28.05.2012 211MB 9.0.30729 unbekannt Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU Microsoft Corporation 27.05.2012 96,0MB 9.0.30729 unbekannt Microsoft Visual Studio Tools for Applications 2.0 Runtime Microsoft Corporation 27.05.2012 158KB 9.0.30729 unbekannt Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU Microsoft Corporation 27.05.2012 226KB 9.0.30729 unbekannt Mozilla Firefox 17.0.1 (x86 de) Mozilla 01.12.2012 42,3MB 17.0.1 notwendig Mozilla Maintenance Service Mozilla 01.12.2012 329KB 17.0.1 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.09.2012 35,0KB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.09.2012 1,33MB 4.20.9876.0 unbekannt MSXML 4.0 SP3 Parser Microsoft Corporation 09.10.2012 1,47MB 4.30.2100.0 unbekannt MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 10.10.2012 1,53MB 4.30.2114.0 unbekannt Nero 7 Essentials Nero AG 13.09.2012 1,17GB 7.03.1084 notwendig NVIDIA Grafiktreiber 285.62 NVIDIA Corporation 19.02.2012 285.62 notwendig NVIDIA HD-Audiotreiber 1.2.24.0 NVIDIA Corporation 19.02.2012 1.2.24.0 notwendig NVIDIA PhysX-Systemsoftware 9.11.0621 NVIDIA Corporation 16.02.2012 9.11.0621 notwendig NVIDIA Update 1.5.20 NVIDIA Corporation 19.02.2012 1.5.20 notwendig Pando Media Booster Pando Networks Inc. 24.09.2012 5,46MB 2.6.0.8 unbekannt PDF24 Creator 4.6.0 PDF24.org 07.06.2012 33,8MB notwendig QuickTime Apple Inc. 13.09.2012 73,2MB 7.72.80.56 unnötig RUBICon RUB 18.02.2012 13,0MB 2.0.25 notwendig Samsung Universal Print Driver Samsung Electronics Co., Ltd. 18.02.2012 2.02.05.00:24 notwendig Secunia PSI (2.0.0.4003) Secunia 18.02.2012 3,47MB 2.0.0.4003 notwendig ShotOnline OnNet 24.09.2012 1.0 unnötig SopCast 3.5.0 www.sopcast.com 11.04.2012 3.5.0 unnötig SUPERAntiSpyware SUPERAntiSpyware.com 14.09.2012 148MB 5.5.1016 unnötig Switcher 2.0.0 Bao Nguyen 27.03.2012 408KB 2.0.0 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 20.03.2012 46,4MB 15.3.29.0 notwendig System Requirements Lab 19.02.2012 unbekannt TightVNC 2.0.4 GlavSoft LLC. 17.03.2012 2.0.4 notwendig Universal Extractor 1.6.1 Jared Breland 29.03.2012 11,8MB 1.6.1 notwendig VLC media player 2.0.2 VideoLAN 11.07.2012 2.0.2 notwendig Winamp Nullsoft, Inc 17.02.2012 5.623 notwendig Winamp Erkennungs-Plug-in Nullsoft, Inc 17.02.2012 75,0KB 1.0.0.1 unnötig Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) ENE 16.02.2012 unbekannt 09/04/2008 2.6.0.0 WinRAR 4.10 (32-Bit) win.rar GmbH 20.02.2012 4.10.0 notwendig WinSCP 4.3.8 Martin Prikryl 15.07.2012 8,72MB 4.3.8 unnötig WOT für Internet Explorer WOT Services Oy 17.02.2012 1,22MB 11.11.7.0 unnötig gruß |
|
28.12.2012, 14:22
| #12 |
| /// Malware-holic | Fund nach Wiederherstellung wegen GVU Trojaner deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: DAEMON Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: LightScribe Secunia : da gibts bereits Version 3, kümmern wir uns noch drumm. ShotOnline SopCast SUPERAntiSpyware WinSCP WOT Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 15:41
| #13 |
| | Fund nach Wiederherstellung wegen GVU Trojaner Alles erledigt. adwCleaner: Code:
ATTFilter # AdwCleaner v2.103 - Datei am 28/12/2012 um 15:40:06 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : xxx- PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\xxx\AppData\LocalLow\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7DE39862CC26DCE2446838AAF7CD5C163F835A57
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1340 octets] - [28/12/2012 15:40:06]
########## EOF - C:\AdwCleaner[R1].txt - [1400 octets] ##########
|
|
28.12.2012, 18:55
| #14 |
| /// Malware-holic | Fund nach Wiederherstellung wegen GVU Trojaner Hi, Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 19:15
| #15 |
| | Fund nach Wiederherstellung wegen GVU Trojaner adwCleaner: Code:
ATTFilter # AdwCleaner v2.103 - Datei am 28/12/2012 um 19:06:28 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : xxx- PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\xxx\AppData\LocalLow\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7DE39862CC26DCE2446838AAF7CD5C163F835A57
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1469 octets] - [28/12/2012 15:40:06]
AdwCleaner[S1].txt - [1402 octets] - [28/12/2012 19:06:28]
########## EOF - C:\AdwCleaner[S1].txt - [1462 octets] ##########
|
|
| Themen zu Fund nach Wiederherstellung wegen GVU Trojaner |
| adobe, antimalwarebytes, antivirus, avast, bho, bonjour, defender, enigma, error, exploit.drop.gsa, firefox, flash player, format, helper, iexplore.exe, install.exe, launch, logfile, mozilla, nvidia update, office 2007, pando media booster, plug-in, registry, rundll, scan, secunia psi, security, senden, software, system, temp, trojaner, udp, visual studio, windows |
Linear-Darstellung
