| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verdacht auf GVU-Trojaner. Ist mein System betroffen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.01.2013, 15:05
| #1 |
| |  Verdacht auf GVU-Trojaner. Ist mein System betroffen? Hallo Leute, heute war ich auf div. Tube-Seiten und schlagartig sperrte sich der gesamte Bildschirm. im oberen Bildschirmrand war ich zu sehen (Laptop-"Live"Cam - kein Foto) Eine Aufforderung 100€ für die Freischaltung zu bezahlen befand sich am unteren Bildschirmrand sowie eine Auswahlmöglichkeit von Zahlen (queury code oder so ähnlich) Task Manager wurde nicht mehr angezeigt. Neustarten war durch Strg+Alt+Entf aber möglich. Nach dem Neustart war scheinbar alles in Ordnung. Ich startete mit Avira Antivir einen Scan...Ergebnis: Absturz des Laptops bei ca. 40% Beim Starten des Systems werde ich auch gefragt, mit welchem Programm ich gedenke eine bestimmte .ddl Datei zu öffnen. Hier ist also irgendetwas noch aktiv. Ein Scan mit Malwarebytes läuft, eine LOG datei von OTL kann ich bereits posten. ich stelle anschließend den Bericht von Malwarebytes noch rein. Bitte helft mir!! Tausend Dank. Code:
ATTFilter OTL logfile created on: 09.01.2013 14:15:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tobi\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 63,36% Memory free 6,16 Gb Paging File | 4,89 Gb Available in Paging File | 79,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,55 Gb Total Space | 70,34 Gb Free Space | 49,34% Space Free | Partition Type: NTFS Drive D: | 310,21 Gb Total Space | 310,12 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive E: | 6,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: RENA-PC | User Name: Rena | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll () MOD - c:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3358.38385__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3358.38459__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3358.38368__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3358.38441__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3358.38376__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3358.38423__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3358.38410__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3358.38376__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3358.38460__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3358.38427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3358.38458__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3358.38458__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3358.38377__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3358.38435__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3358.38421__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3358.38420__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3358.38407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3358.38485__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3358.38454__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3358.38452__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3358.38467__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3358.38363__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3358.38449__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3358.38365__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3358.38367__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3358.38372__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3358.38366__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3358.38365__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3358.38453__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3358.38364__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll () MOD - C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll () MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PC Performer Manager) -- C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe () SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.36010003&st=12&barid={E8AE54ED-999E-42B2-A3D3-242CA2A5CC5F} IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.36010003&st=12&q={searchTerms}&barid={E8AE54ED-999E-42B2-A3D3-242CA2A5CC5F} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.36010003&st=12&barid={E8AE54ED-999E-42B2-A3D3-242CA2A5CC5F} IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.36010003&st=12&q={searchTerms}&barid={E8AE54ED-999E-42B2-A3D3-242CA2A5CC5F} IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Claro Search" FF - prefs.js..browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "^hxxp://www\\.claro-search\\.com/\\?affID=114506.*" FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true FF - prefs.js..keyword.URL: "^hxxp://www\\.claro-search\\.com/\\?affID=114506.*&q=" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.14 13:43:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.09 14:56:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.14 15:08:52 | 000,000,000 | ---D | M] [2012.11.06 20:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\Extensions [2012.11.17 17:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\bxnin56p.default\extensions [2012.11.11 16:22:31 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\bxnin56p.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2012.11.14 13:43:22 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\bxnin56p.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2012.11.07 14:16:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\bxnin56p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.11.17 17:58:34 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\bxnin56p.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012.11.17 01:01:59 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\firefox\profiles\bxnin56p.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.11.14 13:43:27 | 000,002,533 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\mozilla\firefox\profiles\bxnin56p.default\searchplugins\aol-search.xml [2013.01.08 20:03:29 | 000,001,034 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\mozilla\firefox\profiles\bxnin56p.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml [2012.11.17 01:02:19 | 000,004,003 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\mozilla\firefox\profiles\bxnin56p.default\searchplugins\sweetim.xml [2012.11.24 11:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.11.24 11:18:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.11.14 15:08:52 | 000,000,000 | ---D | M] (PC Performer Manager) -- C:\PROGRAMDATA\PC PERFORMER MANAGER\2.4.897.175\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://home.sweetim.com/?crg=3.36010003&st=12&barid={E8AE54ED-999E-42B2-A3D3-242CA2A5CC5F} CHR - default_search_provider: YouTube-Videosuche (Enabled) CHR - default_search_provider: search_url = hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://home.sweetim.com/?crg=3.36010003&st=12&barid={E8AE54ED-999E-42B2-A3D3-242CA2A5CC5F} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Application Manager (Enabled) = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - Extension: DealPly = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1\ CHR - Extension: Skype Click to Call = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0\ CHR - Extension: Settings Protector = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ CHR - Extension: DealPly = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1\ CHR - Extension: Skype Click to Call = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.1.0.1_0\ CHR - Extension: Settings Protector = C:\Users\Rena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004..\Run: [IExplorer Util] C:\Users\Tobi\AppData\Roaming\ie_util.exe () O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004..\Run: [svñhîst] %USERPROFILE%\AppData\Local\Temp\wpbt0.dll File not found O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004..\Run: [Uslaxeil] C:\Users\Tobi\AppData\Roaming\Lilaar\huwem.exe () O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01163A6C-B23A-4E91-A608-EFFB3F5D3D06}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9DAAE82-C843-4ACB-85C6-0BBF10F5B5C5}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\pcperf~1\24897~1.175\{61d8b~1\pcpmngr.dll) - c:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Rena\Desktop\Rena\Fotos\Wallpaper\Mario-mario-wallpaper-hd-games-1920x1080.jpg O24 - Desktop BackupWallPaper: C:\Users\Rena\Desktop\Rena\Fotos\Wallpaper\Mario-mario-wallpaper-hd-games-1920x1080.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.09 13:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.09 13:23:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.01.09 13:23:24 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.01.09 13:23:24 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.01.09 13:23:24 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.01.09 13:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.09 13:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.01.01 18:17:03 | 000,000,000 | ---D | C] -- C:\Users\Rena\Desktop\Silvester 2012 [2012.12.14 14:41:24 | 016,363,960 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe ========== Files - Modified Within 30 Days ========== [2013.01.09 14:19:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.09 14:17:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.09 13:41:06 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.09 13:41:06 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.09 13:41:06 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.09 13:41:06 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.09 13:41:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.09 13:37:07 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2013.01.09 13:35:59 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.09 13:35:56 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 13:35:55 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 13:35:38 | 3184,119,808 | -HS- | M] () -- C:\hiberfil.sys [2013.01.09 13:34:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.01.09 13:23:36 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.08 13:45:01 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3D7CE8A8-B48A-4E6B-9B47-366EDDA9E856}.job [2013.01.01 18:30:43 | 000,008,192 | -H-- | M] () -- C:\Users\Rena\Desktop\photothumb.db [2012.12.14 14:41:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.14 14:41:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.12.14 14:41:25 | 016,363,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2012.12.14 14:20:38 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013.01.09 13:23:36 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.01 18:30:42 | 000,008,192 | -H-- | C] () -- C:\Users\Rena\Desktop\photothumb.db [2013.01.01 14:17:21 | 001,490,554 | ---- | C] () -- C:\Users\Rena\Desktop\IMG_0893.JPG [2012.11.18 19:17:51 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2013.01.09 13:12:24 | 000,000,000 | ---D | M](C:\ProgramData\?Î?Î0) -- C:\ProgramData\䇀Î㹰Î0 [2013.01.09 13:12:24 | 000,000,000 | ---D | M](C:\ProgramData\?Î?Î0) -- C:\ProgramData\䇀Î㹰Î0 [2013.01.09 13:12:24 | 000,000,000 | ---D | C](C:\ProgramData\?Î?Î0) -- C:\ProgramData\䇀Î㹰Î0 [2013.01.08 20:05:44 | 000,000,000 | ---D | M](C:\ProgramData\?a?a0) -- C:\ProgramData\䇀ă㹰ă0 [2013.01.08 20:05:44 | 000,000,000 | ---D | M](C:\ProgramData\?a?a0) -- C:\ProgramData\䇀ă㹰ă0 [2013.01.08 20:05:44 | 000,000,000 | ---D | C](C:\ProgramData\?a?a0) -- C:\ProgramData\䇀ă㹰ă0 [2013.01.08 19:58:33 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀†㹰†0 [2013.01.08 19:58:33 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀†㹰†0 [2013.01.08 19:58:33 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀†㹰†0 [2013.01.08 19:50:54 | 000,000,000 | ---D | M](C:\ProgramData\?3?30) -- C:\ProgramData\䇀3㹰30 [2013.01.08 19:50:54 | 000,000,000 | ---D | M](C:\ProgramData\?3?30) -- C:\ProgramData\䇀3㹰30 [2013.01.08 19:50:54 | 000,000,000 | ---D | C](C:\ProgramData\?3?30) -- C:\ProgramData\䇀3㹰30 [2013.01.08 13:43:50 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀ȅ㹰ȅ0 [2013.01.08 13:43:50 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀ȅ㹰ȅ0 [2013.01.08 13:43:50 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀ȅ㹰ȅ0 [2013.01.06 13:54:13 | 000,000,000 | ---D | M](C:\ProgramData\?5?50) -- C:\ProgramData\䇀5㹰50 [2013.01.06 13:54:13 | 000,000,000 | ---D | M](C:\ProgramData\?5?50) -- C:\ProgramData\䇀5㹰50 [2013.01.06 13:54:13 | 000,000,000 | ---D | C](C:\ProgramData\?5?50) -- C:\ProgramData\䇀5㹰50 [2013.01.04 18:45:38 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Dž㹰Dž0 [2013.01.04 18:45:38 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Dž㹰Dž0 [2013.01.04 18:45:38 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀Dž㹰Dž0 [2012.12.28 20:45:25 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀dž㹰dž0 [2012.12.28 20:45:25 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀dž㹰dž0 [2012.12.28 20:45:25 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀dž㹰dž0 [2012.12.27 22:04:55 | 000,000,000 | ---D | M](C:\ProgramData\?2?20) -- C:\ProgramData\䇀2㹰20 [2012.12.27 22:04:55 | 000,000,000 | ---D | M](C:\ProgramData\?2?20) -- C:\ProgramData\䇀2㹰20 [2012.12.27 22:04:55 | 000,000,000 | ---D | C](C:\ProgramData\?2?20) -- C:\ProgramData\䇀2㹰20 [2012.12.27 13:58:32 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ž㹰Ž0 [2012.12.27 13:58:32 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ž㹰Ž0 [2012.12.27 13:58:32 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀Ž㹰Ž0 [2012.12.26 17:48:16 | 000,000,000 | ---D | M](C:\ProgramData\?S?S0) -- C:\ProgramData\䇀Ŝ㹰Ŝ0 [2012.12.26 17:48:16 | 000,000,000 | ---D | M](C:\ProgramData\?S?S0) -- C:\ProgramData\䇀Ŝ㹰Ŝ0 [2012.12.26 17:48:16 | 000,000,000 | ---D | C](C:\ProgramData\?S?S0) -- C:\ProgramData\䇀Ŝ㹰Ŝ0 [2012.12.26 10:48:15 | 000,000,000 | ---D | M](C:\ProgramData\?.?.0) -- C:\ProgramData\䇀.㹰.0 [2012.12.26 10:48:15 | 000,000,000 | ---D | M](C:\ProgramData\?.?.0) -- C:\ProgramData\䇀.㹰.0 [2012.12.26 10:48:15 | 000,000,000 | ---D | C](C:\ProgramData\?.?.0) -- C:\ProgramData\䇀.㹰.0 [2012.12.19 18:38:39 | 000,000,000 | ---D | M](C:\ProgramData\?)?)0) -- C:\ProgramData\䇀)㹰)0 [2012.12.19 18:38:39 | 000,000,000 | ---D | M](C:\ProgramData\?)?)0) -- C:\ProgramData\䇀)㹰)0 [2012.12.19 18:38:39 | 000,000,000 | ---D | C](C:\ProgramData\?)?)0) -- C:\ProgramData\䇀)㹰)0 [2012.12.18 15:42:23 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ʋ㹰Ʋ0 [2012.12.18 15:42:23 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ʋ㹰Ʋ0 [2012.12.18 15:42:23 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀Ʋ㹰Ʋ0 [2012.12.14 13:49:01 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀‹㹰‹0 [2012.12.14 13:49:01 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀‹㹰‹0 [2012.12.14 13:49:01 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀‹㹰‹0 [2012.12.11 18:29:47 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǵ㹰Ǵ0 [2012.12.11 18:29:47 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǵ㹰Ǵ0 [2012.12.11 18:29:47 | 000,000,000 | ---D | C](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǵ㹰Ǵ0 [2012.12.09 15:30:21 | 000,000,000 | ---D | M](C:\ProgramData\?i?i0) -- C:\ProgramData\䇀ǐ㹰ǐ0 [2012.12.09 15:30:21 | 000,000,000 | ---D | M](C:\ProgramData\?i?i0) -- C:\ProgramData\䇀ǐ㹰ǐ0 [2012.12.04 14:13:59 | 000,000,000 | ---D | M](C:\ProgramData\?u?u0) -- C:\ProgramData\䇀ǚ㹰ǚ0 [2012.12.04 14:13:59 | 000,000,000 | ---D | M](C:\ProgramData\?u?u0) -- C:\ProgramData\䇀ǚ㹰ǚ0 [2012.12.01 13:28:43 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀œ㹰œ0 [2012.12.01 13:28:43 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀œ㹰œ0 [2012.11.29 21:19:09 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ʃ㹰Ʃ0 [2012.11.29 21:19:09 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ʃ㹰Ʃ0 [2012.11.29 20:43:10 | 000,000,000 | ---D | M](C:\ProgramData\?A?A0) -- C:\ProgramData\䇀Ǎ㹰Ǎ0 [2012.11.29 20:43:10 | 000,000,000 | ---D | M](C:\ProgramData\?A?A0) -- C:\ProgramData\䇀Ǎ㹰Ǎ0 [2012.11.27 21:07:47 | 000,000,000 | ---D | M](C:\ProgramData\?o?o0) -- C:\ProgramData\䇀ǒ㹰ǒ0 [2012.11.27 21:07:47 | 000,000,000 | ---D | M](C:\ProgramData\?o?o0) -- C:\ProgramData\䇀ǒ㹰ǒ0 [2012.11.26 21:04:34 | 000,000,000 | ---D | M](C:\ProgramData\?c?c0) -- C:\ProgramData\䇀ĉ㹰ĉ0 [2012.11.26 21:04:34 | 000,000,000 | ---D | M](C:\ProgramData\?c?c0) -- C:\ProgramData\䇀ĉ㹰ĉ0 [2012.11.24 20:44:02 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǣ㹰Ǣ0 [2012.11.24 20:44:02 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǣ㹰Ǣ0 [2012.11.23 22:07:22 | 000,000,000 | ---D | M](C:\ProgramData\?o?o0) -- C:\ProgramData\䇀ǫ㹰ǫ0 [2012.11.23 22:07:22 | 000,000,000 | ---D | M](C:\ProgramData\?o?o0) -- C:\ProgramData\䇀ǫ㹰ǫ0 [2012.11.22 20:13:26 | 000,000,000 | ---D | M](C:\ProgramData\?u?u0) -- C:\ProgramData\䇀ǜ㹰ǜ0 [2012.11.22 20:13:26 | 000,000,000 | ---D | M](C:\ProgramData\?u?u0) -- C:\ProgramData\䇀ǜ㹰ǜ0 [2012.11.22 00:14:51 | 000,000,000 | ---D | M](C:\ProgramData\?G?G0) -- C:\ProgramData\䇀Ǧ㹰Ǧ0 [2012.11.22 00:14:51 | 000,000,000 | ---D | M](C:\ProgramData\?G?G0) -- C:\ProgramData\䇀Ǧ㹰Ǧ0 [2012.11.21 12:52:07 | 000,000,000 | ---D | M](C:\ProgramData\?d?d0) -- C:\ProgramData\䇀đ㹰đ0 [2012.11.21 12:52:07 | 000,000,000 | ---D | M](C:\ProgramData\?d?d0) -- C:\ProgramData\䇀đ㹰đ0 [2012.11.21 10:42:07 | 000,000,000 | ---D | M](C:\ProgramData\?ü?ü0) -- C:\ProgramData\䇀ü㹰ü0 [2012.11.21 10:42:07 | 000,000,000 | ---D | M](C:\ProgramData\?ü?ü0) -- C:\ProgramData\䇀ü㹰ü0 [2012.11.20 15:10:28 | 000,000,000 | ---D | M](C:\ProgramData\?²?²0) -- C:\ProgramData\䇀²㹰²0 [2012.11.20 15:10:28 | 000,000,000 | ---D | M](C:\ProgramData\?²?²0) -- C:\ProgramData\䇀²㹰²0 [2012.11.20 09:49:25 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀ſ㹰ſ0 [2012.11.20 09:49:25 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀ſ㹰ſ0 [2012.11.19 19:18:37 | 000,000,000 | ---D | M](C:\ProgramData\?×?×0) -- C:\ProgramData\䇀×㹰×0 [2012.11.19 19:18:37 | 000,000,000 | ---D | M](C:\ProgramData\?×?×0) -- C:\ProgramData\䇀×㹰×0 [2012.11.19 07:23:16 | 000,000,000 | ---D | M](C:\ProgramData\?¬?¬0) -- C:\ProgramData\䇀¬㹰¬0 [2012.11.19 07:23:16 | 000,000,000 | ---D | M](C:\ProgramData\?¬?¬0) -- C:\ProgramData\䇀¬㹰¬0 [2012.11.18 16:45:54 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀ˆ㹰ˆ0 [2012.11.18 16:45:54 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀ˆ㹰ˆ0 [2012.11.18 09:32:22 | 000,000,000 | ---D | M](C:\ProgramData\?ã?ã0) -- C:\ProgramData\䇀ã㹰ã0 [2012.11.18 09:32:22 | 000,000,000 | ---D | M](C:\ProgramData\?ã?ã0) -- C:\ProgramData\䇀ã㹰ã0 [2012.11.17 17:56:35 | 000,000,000 | ---D | M](C:\ProgramData\?!?!0) -- C:\ProgramData\䇀ǃ㹰ǃ0 [2012.11.17 17:56:35 | 000,000,000 | ---D | M](C:\ProgramData\?!?!0) -- C:\ProgramData\䇀ǃ㹰ǃ0 [2012.11.16 23:33:37 | 000,000,000 | ---D | M](C:\ProgramData\?D?D0) -- C:\ProgramData\䇀D㹰D0 [2012.11.16 23:33:37 | 000,000,000 | ---D | M](C:\ProgramData\?D?D0) -- C:\ProgramData\䇀D㹰D0 [2012.11.16 18:46:22 | 000,000,000 | ---D | M](C:\ProgramData\?ä?ä0) -- C:\ProgramData\䇀ä㹰ä0 [2012.11.16 18:46:22 | 000,000,000 | ---D | M](C:\ProgramData\?ä?ä0) -- C:\ProgramData\䇀ä㹰ä0 [2012.11.16 12:19:22 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǹ㹰Ǹ0 [2012.11.16 12:19:22 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䇀Ǹ㹰Ǹ0 [2012.11.15 20:22:34 | 000,000,000 | ---D | M](C:\ProgramData\?U?U0) -- C:\ProgramData\䇀Ǖ㹰Ǖ0 [2012.11.15 20:22:34 | 000,000,000 | ---D | M](C:\ProgramData\?U?U0) -- C:\ProgramData\䇀Ǖ㹰Ǖ0 [2012.11.14 21:23:43 | 000,000,000 | ---D | M](C:\ProgramData\?©?©0) -- C:\ProgramData\䇀©㹰©0 [2012.11.14 21:23:43 | 000,000,000 | ---D | M](C:\ProgramData\?©?©0) -- C:\ProgramData\䇀©㹰©0 [2012.11.14 18:27:37 | 000,000,000 | ---D | M](C:\ProgramData\?}?}0) -- C:\ProgramData\䇀}㹰}0 [2012.11.14 18:27:37 | 000,000,000 | ---D | M](C:\ProgramData\?}?}0) -- C:\ProgramData\䇀}㹰}0 (C:\ProgramData\?ü?ü0) -- C:\ProgramData\䇀ü㹰ü0 (C:\ProgramData\?U?U0) -- C:\ProgramData\䇀Ǖ㹰Ǖ0 (C:\ProgramData\?u?u0) -- C:\ProgramData\䇀ǚ㹰ǚ0 (C:\ProgramData\?u?u0) -- C:\ProgramData\䇀ǜ㹰ǜ0 (C:\ProgramData\?o?o0) -- C:\ProgramData\䇀ǫ㹰ǫ0 (C:\ProgramData\?o?o0) -- C:\ProgramData\䇀ǒ㹰ǒ0 (C:\ProgramData\?i?i0) -- C:\ProgramData\䇀ǐ㹰ǐ0 (C:\ProgramData\?G?G0) -- C:\ProgramData\䇀Ǧ㹰Ǧ0 (C:\ProgramData\?d?d0) -- C:\ProgramData\䇀đ㹰đ0 (C:\ProgramData\?D?D0) -- C:\ProgramData\䇀D㹰D0 (C:\ProgramData\?c?c0) -- C:\ProgramData\䇀ĉ㹰ĉ0 (C:\ProgramData\?ã?ã0) -- C:\ProgramData\䇀ã㹰ã0 (C:\ProgramData\?ä?ä0) -- C:\ProgramData\䇀ä㹰ä0 (C:\ProgramData\?A?A0) -- C:\ProgramData\䇀Ǎ㹰Ǎ0 (C:\ProgramData\?²?²0) -- C:\ProgramData\䇀²㹰²0 (C:\ProgramData\?¬?¬0) -- C:\ProgramData\䇀¬㹰¬0 (C:\ProgramData\?©?©0) -- C:\ProgramData\䇀©㹰©0 (C:\ProgramData\?×?×0) -- C:\ProgramData\䇀×㹰×0 (C:\ProgramData\?}?}0) -- C:\ProgramData\䇀}㹰}0 (C:\ProgramData\????0) -- C:\ProgramData\䇀ſ㹰ſ0 (C:\ProgramData\????0) -- C:\ProgramData\䇀Ʃ㹰Ʃ0 (C:\ProgramData\????0) -- C:\ProgramData\䇀Ǹ㹰Ǹ0 (C:\ProgramData\????0) -- C:\ProgramData\䇀Ǣ㹰Ǣ0 (C:\ProgramData\????0) -- C:\ProgramData\䇀œ㹰œ0 (C:\ProgramData\????0) -- C:\ProgramData\䇀ˆ㹰ˆ0 (C:\ProgramData\?!?!0) -- C:\ProgramData\䇀ǃ㹰ǃ0 < End of report > |
|
09.01.2013, 15:14
| #2 |
| /// Malware-holic   | Verdacht auf GVU-Trojaner. Ist mein System betroffen? hi
__________________brich den malwarebytews scan mal ab. Keine windows updates machen, aber auf vidioseiten surfen... dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004..\Run: [Uslaxeil] C:\Users\Tobi\AppData\Roaming\Lilaar\huwem.exe ()
O4 - HKU\S-1-5-21-2544520553-2904505785-4126553863-1004..\Run: [IExplorer Util] C:\Users\Tobi\AppData\Roaming\ie_util.exe ()
:Files
C:\Users\Tobi\AppData\Roaming\Lilaar
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
09.01.2013, 15:20
| #3 |
| | Verdacht auf GVU-Trojaner. Ist mein System betroffen? Achja, was mir eben aufgefallen ist:
__________________Ich habe bei googlebilder mal gesucht. Mein Fall sah optisch VÖLLIG anders aus! So gut wie gar kein Text und Pseudosymbole der Polzei oder ähnliches gab es auch nicht. Die Abkürzung GVU oder Gesellschaft zur Verfolgung... war auch nicht zu sehen. Könnte evtl eine ganz billige Kopie der "echten" GVU-Reihe sein, nichts desto trotz wird gescannt. will nicht wissen was die mit den Fotos machen können. |
|
09.01.2013, 15:21
| #4 |
| /// Malware-holic | Verdacht auf GVU-Trojaner. Ist mein System betroffen? hi brich den scan, wie gesagt ab, und führe mein Script aus
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 15:38
| #5 |
| | Verdacht auf GVU-Trojaner. Ist mein System betroffen? Upload vorgenommen. Ist das nun die einzige datei die du benötigst? Ein anderes Textdokument wurde auf dem Desktop nicht erstellt. Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2544520553-2904505785-4126553863-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Uslaxeil deleted successfully.
C:\Users\Tobi\AppData\Roaming\Lilaar\huwem.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2544520553-2904505785-4126553863-1004\Software\Microsoft\Windows\CurrentVersion\Run\\IExplorer Util deleted successfully.
C:\Users\Tobi\AppData\Roaming\ie_util.exe moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Rena
->Flash cache emptied: 5009 bytes
User: Tobi
->Flash cache emptied: 877 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Rena
->Temp folder emptied: 119691814 bytes
->Temporary Internet Files folder emptied: 86537121 bytes
->FireFox cache emptied: 78145704 bytes
->Google Chrome cache emptied: 464103616 bytes
->Flash cache emptied: 0 bytes
User: Tobi
->Temp folder emptied: 2383332 bytes
->Temporary Internet Files folder emptied: 4278176 bytes
->FireFox cache emptied: 92818875 bytes
->Google Chrome cache emptied: 64697496 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49426050 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4778762 bytes
RecycleBin emptied: 514339422 bytes
Total Files Cleaned = 1.413,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01092013_152517
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Was nun? Vielen Dank für die Hilfe |
|
09.01.2013, 15:52
| #6 |
| /// Malware-holic | Verdacht auf GVU-Trojaner. Ist mein System betroffen? Passt, dann weiter hiermit: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Verdacht auf GVU-Trojaner. Ist mein System betroffen? |
|
09.01.2013, 15:55
| #7 |
| | Verdacht auf GVU-Trojaner. Ist mein System betroffen? erledigt. No threats found Code:
ATTFilter 15:53:43.0081 0508 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:53:43.0681 0508 ============================================================
15:53:43.0681 0508 Current date / time: 2013/01/09 15:53:43.0681
15:53:43.0681 0508 SystemInfo:
15:53:43.0681 0508
15:53:43.0681 0508 OS Version: 6.0.6001 ServicePack: 1.0
15:53:43.0681 0508 Product type: Workstation
15:53:43.0681 0508 ComputerName: RENA-PC
15:53:43.0681 0508 UserName: Rena
15:53:43.0681 0508 Windows directory: C:\Windows
15:53:43.0681 0508 System windows directory: C:\Windows
15:53:43.0681 0508 Processor architecture: Intel x86
15:53:43.0681 0508 Number of processors: 2
15:53:43.0681 0508 Page size: 0x1000
15:53:43.0681 0508 Boot type: Normal boot
15:53:43.0681 0508 ============================================================
15:53:44.0221 0508 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:53:44.0221 0508 ============================================================
15:53:44.0221 0508 \Device\Harddisk0\DR0:
15:53:44.0221 0508 MBR partitions:
15:53:44.0221 0508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x11D18800
15:53:44.0221 0508 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13719000, BlocksNum 0x26C6D000
15:53:44.0221 0508 ============================================================
15:53:44.0261 0508 C: <-> \Device\Harddisk0\DR0\Partition1
15:53:44.0301 0508 D: <-> \Device\Harddisk0\DR0\Partition2
15:53:44.0301 0508 ============================================================
15:53:44.0301 0508 Initialize success
15:53:44.0301 0508 ============================================================
15:54:12.0925 4168 ============================================================
15:54:12.0925 4168 Scan started
15:54:12.0925 4168 Mode: Manual; SigCheck; TDLFS;
15:54:12.0925 4168 ============================================================
15:54:13.0127 4168 ================ Scan system memory ========================
15:54:13.0127 4168 System memory - ok
15:54:13.0127 4168 ================ Scan services =============================
15:54:13.0283 4168 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
15:54:13.0502 4168 ACPI - ok
15:54:13.0642 4168 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:54:13.0673 4168 AdobeFlashPlayerUpdateSvc - ok
15:54:13.0720 4168 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:54:13.0783 4168 adp94xx - ok
15:54:13.0829 4168 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:54:13.0861 4168 adpahci - ok
15:54:13.0876 4168 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:54:13.0907 4168 adpu160m - ok
15:54:13.0939 4168 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:54:13.0974 4168 adpu320 - ok
15:54:14.0024 4168 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:54:14.0144 4168 AeLookupSvc - ok
15:54:14.0214 4168 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
15:54:14.0274 4168 AFD - ok
15:54:14.0304 4168 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
15:54:14.0364 4168 AgereModemAudio - ok
15:54:14.0434 4168 [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
15:54:14.0504 4168 AgereSoftModem - ok
15:54:14.0534 4168 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:54:14.0554 4168 agp440 - ok
15:54:14.0584 4168 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:54:14.0604 4168 aic78xx - ok
15:54:14.0614 4168 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:54:14.0694 4168 ALG - ok
15:54:14.0714 4168 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:54:14.0734 4168 aliide - ok
15:54:14.0754 4168 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:54:14.0784 4168 amdagp - ok
15:54:14.0804 4168 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:54:14.0824 4168 amdide - ok
15:54:14.0854 4168 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:54:14.0924 4168 AmdK7 - ok
15:54:14.0954 4168 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:54:15.0024 4168 AmdK8 - ok
15:54:15.0234 4168 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:54:15.0244 4168 AntiVirSchedulerService - ok
15:54:15.0274 4168 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:54:15.0294 4168 AntiVirService - ok
15:54:15.0324 4168 [ 8D3A55F7B7BE6B374479E5195F477226 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
15:54:15.0424 4168 AnyDVD - ok
15:54:15.0464 4168 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:54:15.0534 4168 Appinfo - ok
15:54:15.0564 4168 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:54:15.0594 4168 arc - ok
15:54:15.0614 4168 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:54:15.0644 4168 arcsas - ok
15:54:15.0664 4168 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:54:15.0724 4168 AsyncMac - ok
15:54:15.0754 4168 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
15:54:15.0774 4168 atapi - ok
15:54:15.0824 4168 [ 99D78248BFD454BFA9B5BEC37350FADE ] athr C:\Windows\system32\DRIVERS\athr.sys
15:54:15.0954 4168 athr - ok
15:54:16.0004 4168 [ DB338C400CC9F5CEB568899D664FF335 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
15:54:16.0124 4168 Ati External Event Utility - ok
15:54:16.0264 4168 [ 45C45796CAAD4F3354496530329A7B10 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:54:16.0704 4168 atikmdag - ok
15:54:16.0764 4168 [ C49972BB5DC0AD5BF11074CD8F5B3265 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:54:16.0804 4168 AudioEndpointBuilder - ok
15:54:16.0814 4168 [ C49972BB5DC0AD5BF11074CD8F5B3265 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:54:16.0844 4168 Audiosrv - ok
15:54:16.0894 4168 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:54:16.0924 4168 avgntflt - ok
15:54:16.0974 4168 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:54:17.0004 4168 avipbb - ok
15:54:17.0034 4168 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:54:17.0054 4168 avkmgr - ok
15:54:17.0104 4168 [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
15:54:17.0224 4168 bcm4sbxp - ok
15:54:17.0264 4168 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:54:17.0284 4168 BcmSqlStartupSvc - ok
15:54:17.0314 4168 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:54:17.0392 4168 Beep - ok
15:54:17.0423 4168 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
15:54:17.0486 4168 BFE - ok
15:54:17.0533 4168 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
15:54:17.0611 4168 BITS - ok
15:54:17.0642 4168 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:54:17.0704 4168 blbdrive - ok
15:54:17.0735 4168 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:54:17.0782 4168 bowser - ok
15:54:17.0798 4168 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:54:17.0860 4168 BrFiltLo - ok
15:54:17.0860 4168 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:54:17.0923 4168 BrFiltUp - ok
15:54:17.0954 4168 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:54:18.0016 4168 Browser - ok
15:54:18.0047 4168 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:54:18.0125 4168 Brserid - ok
15:54:18.0157 4168 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:54:18.0235 4168 BrSerWdm - ok
15:54:18.0266 4168 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:54:18.0359 4168 BrUsbMdm - ok
15:54:18.0391 4168 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:54:18.0484 4168 BrUsbSer - ok
15:54:18.0514 4168 [ C7065FA296C91BF054F421B0EBF93461 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
15:54:18.0574 4168 BthEnum - ok
15:54:18.0624 4168 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:54:18.0714 4168 BTHMODEM - ok
15:54:18.0764 4168 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:54:18.0824 4168 BthPan - ok
15:54:18.0854 4168 [ 1712D956E5A96F866D6791869E99B1D6 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
15:54:18.0894 4168 BTHPORT - ok
15:54:18.0924 4168 [ 58EE7F5E68310BC8D4E7CEBD8358C12E ] BthServ C:\Windows\System32\bthserv.dll
15:54:18.0984 4168 BthServ - ok
15:54:19.0014 4168 [ 66088E161E769D11C3134BC23D0E6144 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
15:54:19.0054 4168 BTHUSB - ok
15:54:19.0084 4168 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:54:19.0154 4168 cdfs - ok
15:54:19.0194 4168 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:54:19.0254 4168 cdrom - ok
15:54:19.0304 4168 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
15:54:19.0354 4168 CertPropSvc - ok
15:54:19.0374 4168 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:54:19.0414 4168 circlass - ok
15:54:19.0444 4168 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
15:54:19.0484 4168 CLFS - ok
15:54:19.0554 4168 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:54:19.0564 4168 clr_optimization_v2.0.50727_32 - ok
15:54:19.0614 4168 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:54:19.0634 4168 clr_optimization_v4.0.30319_32 - ok
15:54:19.0674 4168 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:54:19.0734 4168 CmBatt - ok
15:54:19.0764 4168 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:54:19.0784 4168 cmdide - ok
15:54:19.0814 4168 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:54:19.0834 4168 Compbatt - ok
15:54:19.0844 4168 COMSysApp - ok
15:54:19.0864 4168 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:54:19.0884 4168 crcdisk - ok
15:54:19.0914 4168 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:54:19.0964 4168 Crusoe - ok
15:54:19.0994 4168 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:54:20.0044 4168 CryptSvc - ok
15:54:20.0084 4168 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:54:20.0144 4168 DcomLaunch - ok
15:54:20.0174 4168 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:54:20.0214 4168 DfsC - ok
15:54:20.0294 4168 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
15:54:20.0524 4168 DFSR - ok
15:54:20.0584 4168 [ 7DA8A9D1ED63FB56581EC463D0A50B32 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
15:54:20.0604 4168 dg_ssudbus - ok
15:54:20.0654 4168 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:54:20.0714 4168 Dhcp - ok
15:54:20.0744 4168 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
15:54:20.0775 4168 disk - ok
15:54:20.0822 4168 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:54:20.0869 4168 Dnscache - ok
15:54:20.0895 4168 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
15:54:20.0935 4168 dot3svc - ok
15:54:20.0985 4168 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:54:21.0045 4168 DPS - ok
15:54:21.0085 4168 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:54:21.0125 4168 drmkaud - ok
15:54:21.0165 4168 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:54:21.0235 4168 DXGKrnl - ok
15:54:21.0265 4168 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:54:21.0315 4168 E1G60 - ok
15:54:21.0345 4168 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:54:21.0395 4168 EapHost - ok
15:54:21.0435 4168 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:54:21.0465 4168 Ecache - ok
15:54:21.0515 4168 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:54:21.0555 4168 ehRecvr - ok
15:54:21.0575 4168 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:54:21.0625 4168 ehSched - ok
15:54:21.0645 4168 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:54:21.0675 4168 ehstart - ok
15:54:21.0715 4168 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
15:54:21.0745 4168 ElbyCDIO - ok
15:54:21.0785 4168 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:54:21.0825 4168 elxstor - ok
15:54:21.0875 4168 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:54:21.0965 4168 EMDMgmt - ok
15:54:22.0005 4168 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:54:22.0075 4168 ErrDev - ok
15:54:22.0115 4168 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
15:54:22.0155 4168 EventSystem - ok
15:54:22.0195 4168 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
15:54:22.0255 4168 exfat - ok
15:54:22.0285 4168 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:54:22.0345 4168 fastfat - ok
15:54:22.0375 4168 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:54:22.0435 4168 fdc - ok
15:54:22.0445 4168 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:54:22.0505 4168 fdPHost - ok
15:54:22.0525 4168 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:54:22.0615 4168 FDResPub - ok
15:54:22.0645 4168 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:54:22.0665 4168 FileInfo - ok
15:54:22.0705 4168 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:54:22.0765 4168 Filetrace - ok
15:54:22.0775 4168 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:54:22.0835 4168 flpydisk - ok
15:54:22.0845 4168 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:54:22.0865 4168 FltMgr - ok
15:54:22.0930 4168 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:54:22.0961 4168 FontCache3.0.0.0 - ok
15:54:22.0977 4168 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:54:23.0024 4168 Fs_Rec - ok
15:54:23.0065 4168 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:54:23.0085 4168 gagp30kx - ok
15:54:23.0115 4168 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
15:54:23.0235 4168 gpsvc - ok
15:54:23.0335 4168 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:54:23.0355 4168 gupdate - ok
15:54:23.0365 4168 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:54:23.0385 4168 gupdatem - ok
15:54:23.0435 4168 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:54:23.0455 4168 gusvc - ok
15:54:23.0485 4168 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:54:23.0585 4168 HdAudAddService - ok
15:54:23.0605 4168 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:54:23.0655 4168 HDAudBus - ok
15:54:23.0685 4168 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:54:23.0785 4168 HidBth - ok
15:54:23.0805 4168 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:54:23.0905 4168 HidIr - ok
15:54:23.0925 4168 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
15:54:24.0015 4168 hidserv - ok
15:54:24.0055 4168 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:54:24.0135 4168 HidUsb - ok
15:54:24.0155 4168 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:54:24.0215 4168 hkmsvc - ok
15:54:24.0235 4168 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:54:24.0255 4168 HpCISSs - ok
15:54:24.0295 4168 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:54:24.0365 4168 HTTP - ok
15:54:24.0405 4168 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:54:24.0425 4168 i2omp - ok
15:54:24.0465 4168 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:54:24.0515 4168 i8042prt - ok
15:54:24.0585 4168 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
15:54:24.0725 4168 ialm - ok
15:54:24.0755 4168 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:54:24.0785 4168 iaStor - ok
15:54:24.0815 4168 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:54:24.0855 4168 iaStorV - ok
15:54:24.0925 4168 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:54:25.0065 4168 idsvc - ok
15:54:25.0085 4168 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:54:25.0095 4168 iirsp - ok
15:54:25.0145 4168 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
15:54:25.0215 4168 IKEEXT - ok
15:54:25.0315 4168 [ B4FD14F7B231E358BEC6C71D1A6C2845 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:54:25.0435 4168 IntcAzAudAddService - ok
15:54:25.0475 4168 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:54:25.0505 4168 intelide - ok
15:54:25.0535 4168 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:54:25.0605 4168 intelppm - ok
15:54:25.0625 4168 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:54:25.0675 4168 IPBusEnum - ok
15:54:25.0695 4168 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:54:25.0755 4168 IpFilterDriver - ok
15:54:25.0785 4168 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:54:25.0845 4168 iphlpsvc - ok
15:54:25.0845 4168 IpInIp - ok
15:54:25.0875 4168 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:54:25.0925 4168 IPMIDRV - ok
15:54:25.0955 4168 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:54:26.0015 4168 IPNAT - ok
15:54:26.0035 4168 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:54:26.0085 4168 IRENUM - ok
15:54:26.0095 4168 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:54:26.0125 4168 isapnp - ok
15:54:26.0155 4168 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:54:26.0185 4168 iScsiPrt - ok
15:54:26.0205 4168 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:54:26.0225 4168 iteatapi - ok
15:54:26.0245 4168 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:54:26.0265 4168 iteraid - ok
15:54:26.0275 4168 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:54:26.0305 4168 kbdclass - ok
15:54:26.0345 4168 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:54:26.0405 4168 kbdhid - ok
15:54:26.0435 4168 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
15:54:26.0495 4168 KeyIso - ok
15:54:26.0525 4168 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys
15:54:26.0565 4168 KMDFMEMIO - ok
15:54:26.0585 4168 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:54:26.0635 4168 KSecDD - ok
15:54:26.0685 4168 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:54:26.0755 4168 KtmRm - ok
15:54:26.0785 4168 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:54:26.0825 4168 LanmanServer - ok
15:54:26.0855 4168 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:54:26.0915 4168 LanmanWorkstation - ok
15:54:26.0955 4168 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:54:27.0015 4168 lltdio - ok
15:54:27.0055 4168 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:54:27.0116 4168 lltdsvc - ok
15:54:27.0132 4168 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:54:27.0225 4168 lmhosts - ok
15:54:27.0257 4168 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:54:27.0272 4168 LSI_FC - ok
15:54:27.0303 4168 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:54:27.0319 4168 LSI_SAS - ok
15:54:27.0350 4168 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:54:27.0381 4168 LSI_SCSI - ok
15:54:27.0397 4168 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:54:27.0459 4168 luafv - ok
15:54:27.0506 4168 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:54:27.0553 4168 Mcx2Svc - ok
15:54:27.0569 4168 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:54:27.0600 4168 megasas - ok
15:54:27.0625 4168 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:54:27.0695 4168 MegaSR - ok
15:54:27.0725 4168 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:54:27.0795 4168 MMCSS - ok
15:54:27.0825 4168 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:54:27.0885 4168 Modem - ok
15:54:27.0915 4168 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:54:27.0965 4168 monitor - ok
15:54:27.0985 4168 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:54:28.0005 4168 mouclass - ok
15:54:28.0025 4168 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\drivers\mouhid.sys
15:54:28.0065 4168 mouhid - ok
15:54:28.0095 4168 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:54:28.0115 4168 MountMgr - ok
15:54:28.0155 4168 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:54:28.0195 4168 MozillaMaintenance - ok
15:54:28.0225 4168 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:54:28.0265 4168 mpio - ok
15:54:28.0285 4168 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:54:28.0345 4168 mpsdrv - ok
15:54:28.0375 4168 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
15:54:28.0445 4168 MpsSvc - ok
15:54:28.0475 4168 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:54:28.0505 4168 Mraid35x - ok
15:54:28.0535 4168 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:54:28.0595 4168 MRxDAV - ok
15:54:28.0625 4168 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:54:28.0675 4168 mrxsmb - ok
15:54:28.0705 4168 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:54:28.0735 4168 mrxsmb10 - ok
15:54:28.0745 4168 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:54:28.0785 4168 mrxsmb20 - ok
15:54:28.0815 4168 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
15:54:28.0845 4168 msahci - ok
15:54:28.0875 4168 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:54:28.0905 4168 msdsm - ok
15:54:28.0935 4168 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:54:28.0995 4168 MSDTC - ok
15:54:29.0025 4168 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:54:29.0085 4168 Msfs - ok
15:54:29.0115 4168 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:54:29.0135 4168 msisadrv - ok
15:54:29.0175 4168 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:54:29.0245 4168 MSiSCSI - ok
15:54:29.0255 4168 msiserver - ok
15:54:29.0285 4168 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:54:29.0345 4168 MSKSSRV - ok
15:54:29.0375 4168 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:54:29.0425 4168 MSPCLOCK - ok
15:54:29.0435 4168 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:54:29.0475 4168 MSPQM - ok
15:54:29.0495 4168 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:54:29.0525 4168 MsRPC - ok
15:54:29.0545 4168 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:54:29.0565 4168 mssmbios - ok
15:54:29.0595 4168 MSSQL$MSSMLBIZ - ok
15:54:29.0615 4168 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:54:29.0635 4168 MSSQLServerADHelper - ok
15:54:29.0655 4168 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:54:29.0705 4168 MSTEE - ok
15:54:29.0745 4168 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
15:54:29.0765 4168 Mup - ok
15:54:29.0795 4168 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
15:54:29.0845 4168 napagent - ok
15:54:29.0895 4168 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:54:29.0925 4168 NativeWifiP - ok
15:54:29.0965 4168 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:54:30.0015 4168 NDIS - ok
15:54:30.0055 4168 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:54:30.0115 4168 NdisTapi - ok
15:54:30.0135 4168 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:54:30.0195 4168 Ndisuio - ok
15:54:30.0205 4168 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:54:30.0265 4168 NdisWan - ok
15:54:30.0285 4168 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:54:30.0315 4168 NDProxy - ok
15:54:30.0335 4168 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:54:30.0385 4168 NetBIOS - ok
15:54:30.0405 4168 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:54:30.0485 4168 netbt - ok
15:54:30.0485 4168 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
15:54:30.0515 4168 Netlogon - ok
15:54:30.0555 4168 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:54:30.0625 4168 Netman - ok
15:54:30.0645 4168 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:54:30.0695 4168 netprofm - ok
15:54:30.0735 4168 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:54:30.0765 4168 NetTcpPortSharing - ok
15:54:30.0865 4168 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
15:54:31.0105 4168 NETw3v32 - ok
15:54:31.0225 4168 [ 7269039E216BDD863ABF1850A0FFDBAF ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
15:54:31.0631 4168 NETw5v32 - ok
15:54:31.0662 4168 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:54:31.0693 4168 nfrd960 - ok
15:54:31.0740 4168 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:54:31.0803 4168 NlaSvc - ok
15:54:31.0834 4168 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:54:31.0896 4168 Npfs - ok
15:54:31.0912 4168 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:54:31.0959 4168 nsi - ok
15:54:31.0990 4168 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:54:32.0052 4168 nsiproxy - ok
15:54:32.0083 4168 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:54:32.0161 4168 Ntfs - ok
15:54:32.0187 4168 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:54:32.0267 4168 ntrigdigi - ok
15:54:32.0297 4168 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:54:32.0347 4168 Null - ok
15:54:32.0377 4168 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:54:32.0417 4168 nvraid - ok
15:54:32.0457 4168 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:54:32.0487 4168 nvstor - ok
15:54:32.0507 4168 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:54:32.0527 4168 nv_agp - ok
15:54:32.0537 4168 NwlnkFlt - ok
15:54:32.0547 4168 NwlnkFwd - ok
15:54:32.0617 4168 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:54:32.0687 4168 odserv - ok
15:54:32.0747 4168 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:54:32.0797 4168 ohci1394 - ok
15:54:32.0837 4168 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:54:32.0867 4168 ose - ok
15:54:32.0907 4168 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:54:32.0987 4168 p2pimsvc - ok
15:54:33.0017 4168 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
15:54:33.0057 4168 p2psvc - ok
15:54:33.0087 4168 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:54:33.0207 4168 Parport - ok
15:54:33.0227 4168 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:54:33.0257 4168 partmgr - ok
15:54:33.0287 4168 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:54:33.0367 4168 Parvdm - ok
15:54:33.0527 4168 [ A3333663E400B6327E0A0B98CAD20A24 ] PC Performer Manager C:\ProgramData\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe
15:54:33.0617 4168 PC Performer Manager - ok
15:54:33.0657 4168 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:54:33.0707 4168 PcaSvc - ok
15:54:33.0727 4168 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
15:54:33.0747 4168 pci - ok
15:54:33.0777 4168 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
15:54:33.0807 4168 pciide - ok
15:54:33.0837 4168 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:54:33.0867 4168 pcmcia - ok
15:54:33.0907 4168 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:54:34.0087 4168 PEAUTH - ok
15:54:34.0167 4168 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:54:34.0357 4168 pla - ok
15:54:34.0397 4168 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:54:34.0467 4168 PlugPlay - ok
15:54:34.0497 4168 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:54:34.0548 4168 PNRPAutoReg - ok
15:54:34.0564 4168 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:54:34.0611 4168 PNRPsvc - ok
15:54:34.0626 4168 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:54:34.0686 4168 PolicyAgent - ok
15:54:34.0716 4168 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:54:34.0776 4168 PptpMiniport - ok
15:54:34.0796 4168 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:54:34.0836 4168 Processor - ok
15:54:34.0866 4168 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
15:54:34.0936 4168 ProfSvc - ok
15:54:34.0946 4168 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:54:34.0976 4168 ProtectedStorage - ok
15:54:35.0006 4168 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:54:35.0036 4168 PSched - ok
15:54:35.0106 4168 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:54:35.0166 4168 ql2300 - ok
15:54:35.0196 4168 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:54:35.0216 4168 ql40xx - ok
15:54:35.0256 4168 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:54:35.0286 4168 QWAVE - ok
15:54:35.0306 4168 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:54:35.0336 4168 QWAVEdrv - ok
15:54:35.0356 4168 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:54:35.0396 4168 RasAcd - ok
15:54:35.0416 4168 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:54:35.0476 4168 RasAuto - ok
15:54:35.0496 4168 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:54:35.0546 4168 Rasl2tp - ok
15:54:35.0566 4168 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
15:54:35.0626 4168 RasMan - ok
15:54:35.0626 4168 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:54:35.0676 4168 RasPppoe - ok
15:54:35.0686 4168 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:54:35.0746 4168 RasSstp - ok
15:54:35.0766 4168 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:54:35.0836 4168 rdbss - ok
15:54:35.0846 4168 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:54:35.0906 4168 RDPCDD - ok
15:54:35.0936 4168 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:54:35.0996 4168 rdpdr - ok
15:54:35.0996 4168 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:54:36.0056 4168 RDPENCDD - ok
15:54:36.0076 4168 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:54:36.0126 4168 RDPWD - ok
15:54:36.0156 4168 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:54:36.0206 4168 RemoteAccess - ok
15:54:36.0236 4168 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:54:36.0286 4168 RemoteRegistry - ok
15:54:36.0326 4168 [ 10536B0AD6F416FC7F1149977C28CCDC ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:54:36.0376 4168 RFCOMM - ok
15:54:36.0406 4168 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:54:36.0456 4168 RpcLocator - ok
15:54:36.0486 4168 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
15:54:36.0526 4168 RpcSs - ok
15:54:36.0546 4168 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:54:36.0596 4168 rspndr - ok
15:54:36.0616 4168 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
15:54:36.0646 4168 SamSs - ok
15:54:36.0666 4168 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:54:36.0696 4168 sbp2port - ok
15:54:36.0726 4168 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:54:36.0786 4168 SCardSvr - ok
15:54:36.0826 4168 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
15:54:36.0886 4168 Schedule - ok
15:54:36.0906 4168 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
15:54:36.0946 4168 SCPolicySvc - ok
15:54:36.0986 4168 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:54:37.0036 4168 sdbus - ok
15:54:37.0076 4168 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:54:37.0126 4168 SDRSVC - ok
15:54:37.0146 4168 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:54:37.0246 4168 secdrv - ok
15:54:37.0266 4168 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:54:37.0326 4168 seclogon - ok
15:54:37.0346 4168 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:54:37.0406 4168 SENS - ok
15:54:37.0426 4168 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:54:37.0516 4168 Serenum - ok
15:54:37.0546 4168 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:54:37.0626 4168 Serial - ok
15:54:37.0646 4168 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:54:37.0696 4168 sermouse - ok
15:54:37.0736 4168 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:54:37.0796 4168 SessionEnv - ok
15:54:37.0826 4168 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:54:37.0866 4168 sffdisk - ok
15:54:37.0866 4168 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:54:37.0936 4168 sffp_mmc - ok
15:54:37.0966 4168 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:54:38.0026 4168 sffp_sd - ok
15:54:38.0036 4168 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:54:38.0116 4168 sfloppy - ok
15:54:38.0146 4168 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:54:38.0206 4168 SharedAccess - ok
15:54:38.0256 4168 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:54:38.0326 4168 ShellHWDetection - ok
15:54:38.0356 4168 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:54:38.0386 4168 sisagp - ok
15:54:38.0426 4168 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:54:38.0456 4168 SiSRaid2 - ok
15:54:38.0476 4168 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:54:38.0506 4168 SiSRaid4 - ok
15:54:38.0616 4168 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:54:38.0916 4168 Skype C2C Service - ok
15:54:38.0946 4168 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:54:39.0046 4168 SkypeUpdate - ok
15:54:39.0147 4168 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
15:54:39.0319 4168 slsvc - ok
15:54:39.0349 4168 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:54:39.0409 4168 SLUINotify - ok
15:54:39.0429 4168 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:54:39.0489 4168 Smb - ok
15:54:39.0509 4168 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:54:39.0549 4168 SNMPTRAP - ok
15:54:39.0579 4168 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:54:39.0599 4168 spldr - ok
15:54:39.0639 4168 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
15:54:39.0699 4168 Spooler - ok
15:54:39.0739 4168 [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:54:39.0759 4168 SQLBrowser - ok
15:54:39.0779 4168 [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:54:39.0799 4168 SQLWriter - ok
15:54:39.0839 4168 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:54:39.0879 4168 srv - ok
15:54:39.0899 4168 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:54:39.0939 4168 srv2 - ok
15:54:39.0949 4168 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:54:39.0999 4168 srvnet - ok
15:54:40.0019 4168 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:54:40.0079 4168 SSDPSRV - ok
15:54:40.0149 4168 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:54:40.0169 4168 ssmdrv - ok
15:54:40.0209 4168 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:54:40.0269 4168 SstpSvc - ok
15:54:40.0319 4168 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
15:54:40.0379 4168 stisvc - ok
15:54:40.0409 4168 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:54:40.0429 4168 swenum - ok
15:54:40.0469 4168 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
15:54:40.0529 4168 swprv - ok
15:54:40.0539 4168 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:54:40.0569 4168 Symc8xx - ok
15:54:40.0579 4168 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:54:40.0609 4168 Sym_hi - ok
15:54:40.0629 4168 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:54:40.0659 4168 Sym_u3 - ok
15:54:40.0709 4168 [ 71837FBCE3FD8143953444B3FF7938DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:54:40.0739 4168 SynTP - ok
15:54:40.0769 4168 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
15:54:40.0859 4168 SysMain - ok
15:54:40.0879 4168 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:54:40.0929 4168 TabletInputService - ok
15:54:40.0959 4168 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
15:54:41.0029 4168 TapiSrv - ok
15:54:41.0059 4168 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:54:41.0109 4168 TBS - ok
15:54:41.0159 4168 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:54:41.0312 4168 Tcpip - ok
15:54:41.0359 4168 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:54:41.0453 4168 Tcpip6 - ok
15:54:41.0499 4168 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:54:41.0546 4168 tcpipreg - ok
15:54:41.0556 4168 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:54:41.0606 4168 TDPIPE - ok
15:54:41.0616 4168 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:54:41.0686 4168 TDTCP - ok
15:54:41.0706 4168 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:54:41.0766 4168 tdx - ok
15:54:41.0786 4168 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:54:41.0816 4168 TermDD - ok
15:54:41.0866 4168 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
15:54:41.0916 4168 TermService - ok
15:54:41.0946 4168 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
15:54:41.0976 4168 Themes - ok
15:54:41.0996 4168 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:54:42.0036 4168 THREADORDER - ok
15:54:42.0056 4168 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:54:42.0116 4168 TrkWks - ok
15:54:42.0146 4168 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:54:42.0206 4168 TrustedInstaller - ok
15:54:42.0226 4168 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:54:42.0286 4168 tssecsrv - ok
15:54:42.0386 4168 [ 7D133CB3A08BDFAE656A6580D4A6ED14 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
15:54:42.0456 4168 TuneUp.UtilitiesSvc - ok
15:54:42.0506 4168 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
15:54:42.0526 4168 TuneUpUtilitiesDrv - ok
15:54:42.0546 4168 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:54:42.0576 4168 tunmp - ok
15:54:42.0586 4168 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:54:42.0636 4168 tunnel - ok
15:54:42.0666 4168 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:54:42.0696 4168 uagp35 - ok
15:54:42.0726 4168 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:54:42.0766 4168 udfs - ok
15:54:42.0806 4168 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:54:42.0866 4168 UI0Detect - ok
15:54:42.0886 4168 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:54:42.0906 4168 uliagpkx - ok
15:54:42.0916 4168 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:54:42.0956 4168 uliahci - ok
15:54:42.0966 4168 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:54:42.0996 4168 UlSata - ok
15:54:43.0036 4168 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:54:43.0056 4168 ulsata2 - ok
15:54:43.0076 4168 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:54:43.0146 4168 umbus - ok
15:54:43.0176 4168 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:54:43.0236 4168 upnphost - ok
15:54:43.0276 4168 [ AFB10A231254A1920C3BB4A0D02E1CA6 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:54:43.0316 4168 usbccgp - ok
15:54:43.0356 4168 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:54:43.0456 4168 usbcir - ok
15:54:43.0486 4168 [ 44245742C4ED2EAFD69020583424455B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:54:43.0506 4168 usbehci - ok
15:54:43.0526 4168 [ DB39B3F83AF77BCA019D7DF6AADDBDAE ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:54:43.0576 4168 usbhub - ok
15:54:43.0596 4168 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:54:43.0666 4168 usbohci - ok
15:54:43.0706 4168 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:54:43.0776 4168 usbprint - ok
15:54:43.0796 4168 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:54:43.0856 4168 USBSTOR - ok
15:54:43.0876 4168 [ 587809974E43CFAD0CA0EF6E1D940CA9 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:54:43.0906 4168 usbuhci - ok
15:54:43.0936 4168 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:54:44.0006 4168 usbvideo - ok
15:54:44.0036 4168 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
15:54:44.0096 4168 UxSms - ok
15:54:44.0126 4168 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
15:54:44.0196 4168 vds - ok
15:54:44.0246 4168 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:54:44.0316 4168 vga - ok
15:54:44.0326 4168 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:54:44.0376 4168 VgaSave - ok
15:54:44.0406 4168 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:54:44.0436 4168 viaagp - ok
15:54:44.0456 4168 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:54:44.0516 4168 ViaC7 - ok
15:54:44.0526 4168 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:54:44.0556 4168 viaide - ok
15:54:44.0576 4168 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:54:44.0606 4168 volmgr - ok
15:54:44.0616 4168 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:54:44.0656 4168 volmgrx - ok
15:54:44.0676 4168 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:54:44.0706 4168 volsnap - ok
15:54:44.0736 4168 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:54:44.0766 4168 vsmraid - ok
15:54:44.0826 4168 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
15:54:45.0006 4168 VSS - ok
15:54:45.0046 4168 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
15:54:45.0116 4168 W32Time - ok
15:54:45.0146 4168 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:54:45.0226 4168 WacomPen - ok
15:54:45.0246 4168 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:54:45.0306 4168 Wanarp - ok
15:54:45.0306 4168 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:54:45.0346 4168 Wanarpv6 - ok
15:54:45.0376 4168 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:54:45.0416 4168 wcncsvc - ok
15:54:45.0436 4168 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:54:45.0516 4168 WcsPlugInService - ok
15:54:45.0546 4168 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:54:45.0576 4168 Wd - ok
15:54:45.0606 4168 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:54:45.0656 4168 Wdf01000 - ok
15:54:45.0666 4168 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:54:45.0736 4168 WdiServiceHost - ok
15:54:45.0736 4168 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:54:45.0786 4168 WdiSystemHost - ok
15:54:45.0806 4168 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
15:54:45.0866 4168 WebClient - ok
15:54:45.0906 4168 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:54:45.0966 4168 Wecsvc - ok
15:54:45.0996 4168 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:54:46.0036 4168 wercplsupport - ok
15:54:46.0086 4168 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
15:54:46.0136 4168 WerSvc - ok
15:54:46.0206 4168 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:54:46.0246 4168 WinDefend - ok
15:54:46.0256 4168 WinHttpAutoProxySvc - ok
15:54:46.0316 4168 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:54:46.0356 4168 Winmgmt - ok
15:54:46.0416 4168 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:54:46.0506 4168 WinRM - ok
15:54:46.0556 4168 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:54:46.0646 4168 Wlansvc - ok
15:54:46.0676 4168 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:54:46.0716 4168 WmiAcpi - ok
15:54:46.0756 4168 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:54:46.0806 4168 wmiApSrv - ok
15:54:46.0866 4168 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:54:46.0936 4168 WMPNetworkSvc - ok
15:54:46.0966 4168 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:54:47.0026 4168 WPCSvc - ok
15:54:47.0046 4168 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:54:47.0076 4168 WPDBusEnum - ok
15:54:47.0126 4168 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:54:47.0176 4168 WpdUsb - ok
15:54:47.0256 4168 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:54:47.0306 4168 WPFFontCache_v0400 - ok
15:54:47.0346 4168 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:54:47.0406 4168 ws2ifsl - ok
15:54:47.0436 4168 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
15:54:47.0476 4168 wscsvc - ok
15:54:47.0486 4168 WSearch - ok
15:54:47.0546 4168 [ D79538B67FA641E986855DEF651E78FE ] wuauserv C:\Windows\system32\wuaueng.dll
15:54:47.0756 4168 wuauserv - ok
15:54:47.0796 4168 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:54:47.0856 4168 WUDFRd - ok
15:54:47.0886 4168 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:54:47.0956 4168 wudfsvc - ok
15:54:48.0006 4168 [ 3541E083BE976294DA5E644DB122A9A7 ] yksvc C:\Windows\System32\ykx32mpcoinst.dll
15:54:48.0046 4168 yksvc - ok
15:54:48.0076 4168 [ 6D16A5C05D4FA06FADE1D97580986803 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
15:54:48.0132 4168 yukonwlh - ok
15:54:48.0163 4168 ================ Scan global ===============================
15:54:48.0179 4168 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:54:48.0225 4168 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
15:54:48.0241 4168 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
15:54:48.0288 4168 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
15:54:48.0288 4168 [Global] - ok
15:54:48.0288 4168 ================ Scan MBR ==================================
15:54:48.0319 4168 [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
15:54:49.0009 4168 \Device\Harddisk0\DR0 - ok
15:54:49.0009 4168 ================ Scan VBR ==================================
15:54:49.0009 4168 [ BB87F1BF07E48CF35A0E615B472D9A45 ] \Device\Harddisk0\DR0\Partition1
15:54:49.0019 4168 \Device\Harddisk0\DR0\Partition1 - ok
15:54:49.0039 4168 [ 9706967645B07935DDEF28ED72999991 ] \Device\Harddisk0\DR0\Partition2
15:54:49.0039 4168 \Device\Harddisk0\DR0\Partition2 - ok
15:54:49.0039 4168 ============================================================
15:54:49.0039 4168 Scan finished
15:54:49.0039 4168 ============================================================
15:54:49.0119 3972 Detected object count: 0
15:54:49.0119 3972 Actual detected object count: 0
|
|
09.01.2013, 16:15
| #8 |
| /// Malware-holic | Verdacht auf GVU-Trojaner. Ist mein System betroffen? Hi, nutzt du den PC für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 16:18
| #9 |
| | Verdacht auf GVU-Trojaner. Ist mein System betroffen? Ja Online Banking nutze ich gelegentlich,meistens aber über tablet. Vertrauliche Dateien habe ich genug, aber weniger beruflicher Art. |
|
09.01.2013, 16:19
| #10 |
| /// Malware-holic | Verdacht auf GVU-Trojaner. Ist mein System betroffen? Hi, bitte onlinebanking sperren lassen, du hast zusätzlich den Trojan.zbot, und cih kann dir nicht sagen, wie lange er drauf ist. Notfall nummer falls die Bank zu hatt: 116 116 Da man nicht 100 %ig sicher sagen kann, dass wir das Gerät sauber bekommen: der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 16:20
| #11 |
| | Verdacht auf GVU-Trojaner. Ist mein System betroffen? wie gesagt, ich kann ganz normal hochfahren, es gibt seit dem einzigen Auftreten kein Problem mehr. Kann alles ganz normal ausführen. Die frage nach Öffnen der ddl-Datei war nach dem registry clean auch nicht mehr da. Soll cih einfach nochmal nen scan machen mit malwarebytes? |
|
09.01.2013, 16:23
| #12 |
| /// Malware-holic | Verdacht auf GVU-Trojaner. Ist mein System betroffen? was zu tun ist, steht auf seite 1, letzter Post.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 16:25
| #13 |
| | Verdacht auf GVU-Trojaner. Ist mein System betroffen? diesen trojan.zbot bekomme ich anders nicht entfernt? der Pc ist erst wg. Reparatur neu aufgespielt worden... Onlinebanking mache ich nur über sms. TAN per chip nutze ich aufgrund des mangelnden Medienbruchs nicht. Passwörter werde ich ändern. Danke für die Hilfe. Was denkst du über die GVU Geschichte? Falscher Alarm? |
|
09.01.2013, 17:06
| #14 |
| /// Malware-holic | Verdacht auf GVU-Trojaner. Ist mein System betroffen? hi was meinst du mit Medienbruchs chiptan ist sicherer als sms tan. das gerät muss auf jeden fall neu aufgesetzt werden, richtig. dann kümmern wir uns um ne vernünftige absicherung, das war hier nämlich bisher nicht der Fall.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Verdacht auf GVU-Trojaner. Ist mein System betroffen? |
| .dll, absturz, adobe, antivir, autorun, avg, avira, bho, branding, chrome extension, converter, dealply, defender, explorer, firefox, flash player, format, helper, home, logfile, mozilla, mp3, pc performer, performer, programm, registry, software, system, temp, vista |
Linear-Darstellung
