| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.01.2013, 01:14
| #1 |
 |  GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen Hallo, beim Surfen mit Opera habe ich mir o.g. Trojaner (die Version mit dem Webcam-Bild) eingefangen. Ich kann den Rechner mittels eines Tricks (schnell Programme öffnen bevor der Bildschirm 'gekapert' wird, dann mittels STRG-ALT-ENTF auf runterfahren, auf die Frage 'Herunterfahren erzwingen' abbrechen anclicken) zum Laufen bringen. Ich habe Defogger wie beschrieben ohne Probleme ausgeführt, danach dann OTL. OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.01.2013 23:04:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,89 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 49,95% Memory free 7,78 Gb Paging File | 6,15 Gb Available in Paging File | 79,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 96,92 Gb Total Space | 48,51 Gb Free Space | 50,05% Space Free | Partition Type: NTFS Drive D: | 123,45 Gb Total Space | 115,11 Gb Free Space | 93,24% Space Free | Partition Type: NTFS Computer Name: ZENBOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.15 22:53:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.12.22 04:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.10.23 23:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe PRC - [2012.04.13 18:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe PRC - [2012.04.10 06:57:26 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe PRC - [2012.03.27 16:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.03.27 16:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012.03.27 16:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.03.26 18:14:26 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.29 19:08:34 | 001,121,448 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe PRC - [2012.02.29 01:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.29 01:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.21 22:49:04 | 000,102,568 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2012.02.21 22:49:00 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe PRC - [2012.02.21 20:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.21 20:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.02.20 04:31:06 | 000,019,968 | ---- | M] () -- C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe PRC - [2012.02.20 04:31:06 | 000,018,944 | ---- | M] () -- C:\Windows\SysWOW64\DptfParticipantProcessorService.exe PRC - [2012.02.17 00:01:36 | 000,473,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe PRC - [2012.02.03 00:33:32 | 002,321,072 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2011.12.21 22:15:54 | 000,017,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe PRC - [2011.09.02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe PRC - [2011.05.20 10:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2009.12.15 09:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.06.19 09:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 16:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.02.21 22:49:00 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll MOD - [2012.01.31 17:25:12 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.03.29 15:57:36 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2012.03.29 15:57:24 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2012.03.29 15:57:14 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2012.03.29 15:57:10 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2012.02.03 06:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2012.01.18 00:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2012.01.09 20:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.01.09 21:21:36 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.23 23:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.04.13 18:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn) SRV - [2012.04.10 06:57:26 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv) SRV - [2012.04.02 09:28:24 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.03.27 16:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.03.27 16:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012.03.27 16:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.02.29 01:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.29 01:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.21 20:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.21 20:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.20 04:31:06 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService) SRV - [2012.02.20 04:31:06 | 000,018,944 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService) SRV - [2011.09.02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 09:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.15 16:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.06.11 11:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp) DRV:64bit: - [2012.06.08 16:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet) DRV:64bit: - [2012.06.08 16:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService) DRV:64bit: - [2012.06.08 16:08:28 | 000,031,232 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem) DRV:64bit: - [2012.04.10 06:57:16 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv) DRV:64bit: - [2012.04.05 07:52:08 | 000,110,592 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772b.sys -- (AX88772B) DRV:64bit: - [2012.04.02 09:28:14 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.27 03:54:40 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.03.26 18:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.03.26 18:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.03.26 18:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.21 19:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012.03.12 22:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.03.01 03:01:08 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.02.29 19:08:34 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2012.02.24 01:56:32 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.02.24 01:56:32 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.02.20 04:31:06 | 000,357,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager) DRV:64bit: - [2012.02.20 04:31:06 | 000,220,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc) DRV:64bit: - [2012.02.20 04:31:06 | 000,107,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevDram.sys -- (DptfDevDram) DRV:64bit: - [2012.02.20 04:31:06 | 000,096,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch) DRV:64bit: - [2012.02.20 04:31:06 | 000,064,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevGen.sys -- (DptfDevGen) DRV:64bit: - [2012.02.20 04:31:06 | 000,042,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevFan.sys -- (DptfDevFan) DRV:64bit: - [2012.02.19 19:16:24 | 000,200,488 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.02.13 17:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012.02.13 16:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2012.01.27 02:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2012.01.27 02:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2012.01.25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl) DRV:64bit: - [2012.01.09 20:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.01.09 20:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.12.21 22:15:56 | 000,035,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVBus.sys -- (AsusVBus) DRV:64bit: - [2011.11.10 09:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.08 03:48:28 | 000,016,512 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVTouch.sys -- (AsusVTouch) DRV:64bit: - [2011.05.14 00:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.03.15 11:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb) DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.01.29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService) DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007.03.01 11:12:16 | 000,103,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabser.sys -- (slabser) DRV:64bit: - [2007.03.01 11:12:16 | 000,079,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabbus.sys -- (slabbus) DRV - [2012.02.29 19:08:34 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger) DRV - [2011.05.25 18:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: d:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.11.18 21:53:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: d:\Programme\Mozilla Thunderbird\components [2013.01.09 21:36:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: d:\Programme\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.11.18 21:53:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2013.01.09 21:36:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2012.06.21 01:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.10.23 13:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w09thd6h.default\extensions O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\Sicherheit\AVG2012\avgssiea.dll File not found O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\Sicherheit\AVG2012\avgssie.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe File not found O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CE57E34-4738-45D0-B7D8-5C6630104BD7}: DhcpNameServer = 100.100.3.213 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32597F59-5609-4802-BA57-63A2EECD86B4}: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E990B53D-A4D4-4F9C-8314-EC9B4EA7BE4E}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\Sicherheit\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\Sicherheit\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\skype.dat) - C:\Users\***\AppData\Roaming\skype.dat () O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.15 22:53:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.15 21:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.01.10 18:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.01.08 01:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.08 01:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.01.08 00:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Diving Log [2013.01.08 00:58:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diving Log 5.0 [2013.01.08 00:58:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Diving Log [2013.01.08 00:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OSTC [2013.01.08 00:47:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OSTC [2013.01.06 01:52:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft [2012.12.28 17:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola [2012.12.28 17:07:13 | 000,000,000 | ---D | C] -- C:\Temp [2012.12.28 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Motorola Mobility [2012.12.28 17:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap [2012.12.28 17:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility [2012.12.28 17:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola [2012.12.28 17:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.12.28 17:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared [2012.12.28 17:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc [2012.12.28 17:04:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Motorola [2012.12.28 16:29:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2012.12.28 16:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer ========== Files - Modified Within 30 Days ========== [2013.01.15 22:56:07 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.15 22:53:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.15 22:52:54 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.15 22:52:24 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.15 22:34:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.15 22:21:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.15 21:05:59 | 009,126,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.15 21:05:59 | 000,742,874 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013.01.15 21:05:59 | 000,742,718 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2013.01.15 21:05:59 | 000,740,588 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013.01.15 21:05:59 | 000,737,410 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013.01.15 21:05:59 | 000,726,410 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2013.01.15 21:05:59 | 000,721,942 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat [2013.01.15 21:05:59 | 000,704,488 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.15 21:05:59 | 000,659,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.15 21:05:59 | 000,604,094 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2013.01.15 21:05:59 | 000,476,636 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat [2013.01.15 21:05:59 | 000,407,076 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2013.01.15 21:05:59 | 000,390,202 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat [2013.01.15 21:05:59 | 000,160,346 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2013.01.15 21:05:59 | 000,154,938 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013.01.15 21:05:59 | 000,154,910 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2013.01.15 21:05:59 | 000,152,502 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat [2013.01.15 21:05:59 | 000,151,314 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013.01.15 21:05:59 | 000,151,270 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.15 21:05:59 | 000,148,810 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013.01.15 21:05:59 | 000,124,216 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2013.01.15 21:05:59 | 000,124,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.15 21:05:59 | 000,113,014 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2013.01.15 21:05:59 | 000,096,812 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat [2013.01.15 21:05:59 | 000,086,922 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat [2013.01.15 21:05:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.15 21:05:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.15 21:00:38 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\skype.ini [2013.01.15 21:00:19 | 000,000,387 | ---- | M] () -- C:\Users\***\AppData\Roaming\sp_data.sys [2013.01.15 20:58:17 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.01.15 20:58:16 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.15 20:58:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.15 20:58:12 | 3131,482,112 | -HS- | M] () -- C:\hiberfil.sys [2013.01.15 18:51:51 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.01.15 18:51:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.01.13 23:49:36 | 000,417,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.13 23:17:35 | 009,083,500 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.10 18:10:11 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.01.08 01:21:27 | 000,000,116 | ---- | M] () -- C:\Users\***\.jdivelog [2013.01.08 01:17:25 | 000,000,679 | ---- | M] () -- C:\Users\***\Desktop\jdivelog.lnk [2013.01.08 00:58:35 | 000,000,664 | ---- | M] () -- C:\Users\***\Desktop\Diving Log 5.0.lnk [2013.01.08 00:55:03 | 000,004,127 | ---- | M] () -- C:\Users\***\OSTC Planner Defaults.ini [2013.01.08 00:49:25 | 000,001,659 | ---- | M] () -- C:\Users\Public\Desktop\OSTC Planner 451.lnk [2012.12.28 17:18:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf [2012.12.28 17:17:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf [2012.12.28 17:17:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf [2012.12.28 17:17:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf [2012.12.28 17:17:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf [2012.12.28 17:08:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf [2012.12.28 16:18:14 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2012.12.24 13:09:26 | 000,001,051 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.24 13:09:12 | 000,001,017 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk ========== Files Created - No Company Name ========== [2013.01.15 22:56:07 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.15 22:52:54 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.15 22:52:24 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.15 20:51:36 | 000,000,004 | ---- | C] () -- C:\Users\***\AppData\Roaming\skype.ini [2013.01.08 01:17:25 | 000,000,679 | ---- | C] () -- C:\Users\***\Desktop\jdivelog.lnk [2013.01.08 01:17:15 | 000,000,116 | ---- | C] () -- C:\Users\***\.jdivelog [2013.01.08 00:58:35 | 000,000,664 | ---- | C] () -- C:\Users\***\Desktop\Diving Log 5.0.lnk [2013.01.08 00:49:29 | 000,004,127 | ---- | C] () -- C:\Users\***\OSTC Planner Defaults.ini [2013.01.08 00:49:25 | 000,001,659 | ---- | C] () -- C:\Users\Public\Desktop\OSTC Planner 451.lnk [2012.12.28 17:18:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf [2012.12.28 17:17:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf [2012.12.28 17:17:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf [2012.12.28 17:17:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf [2012.12.28 17:17:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf [2012.12.28 17:08:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf [2012.12.28 16:18:14 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2012.06.21 00:33:06 | 000,000,387 | ---- | C] () -- C:\Users\***\AppData\Roaming\sp_data.sys [2012.04.30 08:51:35 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\DptfPolicyConfigTDPService.exe [2012.04.30 08:51:35 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\DptfParticipantProcessorService.exe [2012.04.30 08:51:35 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DptfPolicyConfigTDPDll.dll [2012.04.30 08:50:53 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.04.30 08:50:47 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.04.30 08:50:38 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.04.30 08:50:34 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.24 03:42:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2012.02.24 03:28:11 | 009,083,500 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.24 02:33:03 | 000,059,392 | ---- | C] () -- C:\Users\***\AppData\Roaming\skype.dat [2012.02.03 06:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.06 01:53:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2012.06.21 00:45:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage [2012.12.15 09:38:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2013 [2013.01.15 21:33:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.12.28 17:04:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Motorola [2012.12.28 17:07:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Motorola Mobility [2012.12.28 18:08:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2012.06.21 00:39:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2013.01.08 00:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OSTC [2012.06.21 01:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.12.13 21:55:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Extras.txt: (angehängt aus Platzgründen) Beim Starten von GMER kam die angehängte Fehlermeldung, danach ließ sich der Scan jedoch durchführen. Gegen Ende des Scans kam nochmal obige Fehlermeldung, sowie eine weitere, die ich leider nicht notieren konnte. Hier das Ergebnis: (angehängt aus Platzgründen) Ich hoffe, ich habe soweit alles halbwegs durchgeführt wie gefordert. Für Hilfe wäre ich äußerst dankbar. Geändert von LTB666 (16.01.2013 um 01:23 Uhr) Grund: typo |
|
16.01.2013, 14:28
| #2 |
| /// Malware-holic   | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen hi
__________________ersetze *** durch nutzernamen im Script dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\skype.dat) - C:\Users\***\AppData\Roaming\skype.dat ()
[2013.01.15 21:00:38 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\skype.ini
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
16.01.2013, 19:51
| #3 |
| | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen Hallo Markus,
__________________zunächst ganz herzlichen Dank, daß du dich meines Problems angenommen hast. Während des OTL-Vorgangs kam ein Dialogfenster, ob ich Änderungen durch 'ASUS instant on' zulassen möchte. Ich habe das getan und hoffe, das war richtig so. OTL hat tatsächlich einen Neustart gefordert; Symbole waren direkt alle da. Hier das Ergebnis: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\***\AppData\Roaming\skype.dat deleted successfully.
C:\Users\***\AppData\Roaming\skype.dat moved successfully.
C:\Users\***\AppData\Roaming\skype.ini moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: ***
->Flash cache emptied: 725 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 644172042 bytes
->Temporary Internet Files folder emptied: 132314718 bytes
->Java cache emptied: 45270 bytes
->FireFox cache emptied: 187150057 bytes
->Opera cache emptied: 31683744 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 226538321 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.165,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01162013_193507
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Viele Grüße. Geändert von LTB666 (16.01.2013 um 20:45 Uhr) Grund: Code-Tags |
|
16.01.2013, 20:23
| #4 |
| /// Malware-holic | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen hi sehr schön! download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhal posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 20:32
| #5 |
| /// Malware-holic | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen hi auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
[2013/01/14 07:30:27 | 000,003,174 | ---- | C] () -- D:\ProgramData\RWvESYd.js
[2013/01/14 07:30:27 | 000,001,080 | ---- | C] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/14 07:30:25 | 095,023,320 | ---- | C] () -- D:\ProgramData\RWvESYd.pad
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 21:06
| #6 |
| | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen TDSS-Killer-Report: Code:
ATTFilter 20:51:58.0167 7444 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:51:58.0167 7444 UEFI system
20:51:58.0420 7444 ============================================================
20:51:58.0420 7444 Current date / time: 2013/01/16 20:51:58.0420
20:51:58.0420 7444 SystemInfo:
20:51:58.0420 7444
20:51:58.0420 7444 OS Version: 6.1.7601 ServicePack: 1.0
20:51:58.0420 7444 Product type: Workstation
20:51:58.0420 7444 ComputerName: ZENBOOK
20:51:58.0421 7444 UserName: ***
20:51:58.0421 7444 Windows directory: C:\Windows
20:51:58.0421 7444 System windows directory: C:\Windows
20:51:58.0421 7444 Running under WOW64
20:51:58.0421 7444 Processor architecture: Intel x64
20:51:58.0421 7444 Number of processors: 4
20:51:58.0421 7444 Page size: 0x1000
20:51:58.0421 7444 Boot type: Normal boot
20:51:58.0421 7444 ============================================================
20:51:59.0049 7444 Drive \Device\Harddisk0\DR0 - Size: 0x3AAC5ED800 (234.69 Gb), SectorSize: 0x200, Cylinders: 0x77AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:51:59.0061 7444 ============================================================
20:51:59.0061 7444 \Device\Harddisk0\DR0:
20:51:59.0062 7444 GPT partitions:
20:51:59.0063 7444 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {B6F4A044-715D-4930-A889-3ECB279E6335}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x64000
20:51:59.0063 7444 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {5CF18A03-8204-41C2-89BE-DBA0DDE278C9}, Name: Microsoft reserved partition, StartLBA 0x64800, BlocksNum 0x40000
20:51:59.0064 7444 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {32683BCE-7127-4747-9CC5-AB0ED7C0DB93}, Name: Basic data partition, StartLBA 0xA4800, BlocksNum 0xC1D5800
20:51:59.0064 7444 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {C27B8ED9-317A-4DB8-884A-B2217FA33C4A}, Name: Basic data partition, StartLBA 0xC27A000, BlocksNum 0x800000
20:51:59.0064 7444 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {60CBF359-CBA3-4C1B-92A2-FB275FC8D1B0}, Name: Basic data partition, StartLBA 0xCA7A000, BlocksNum 0xF6E8800
20:51:59.0064 7444 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {992C9F4C-E6DB-4A9A-BDC5-5C5CA882E2F3}, Name: Basic data partition, StartLBA 0x1C162800, BlocksNum 0x1400000
20:51:59.0064 7444 MBR partitions:
20:51:59.0064 7444 ============================================================
20:51:59.0066 7444 C: <-> \Device\Harddisk0\DR0\Partition3
20:51:59.0068 7444 D: <-> \Device\Harddisk0\DR0\Partition5
20:51:59.0068 7444 ============================================================
20:51:59.0068 7444 Initialize success
20:51:59.0068 7444 ============================================================
20:52:24.0468 7484 ============================================================
20:52:24.0468 7484 Scan started
20:52:24.0468 7484 Mode: Manual; SigCheck; TDLFS;
20:52:24.0468 7484 ============================================================
20:52:24.0565 7484 ================ Scan system memory ========================
20:52:24.0565 7484 System memory - ok
20:52:24.0566 7484 ================ Scan services =============================
20:52:24.0680 7484 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:52:24.0797 7484 1394ohci - ok
20:52:24.0812 7484 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:52:24.0848 7484 ACPI - ok
20:52:24.0857 7484 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:52:24.0908 7484 AcpiPmi - ok
20:52:24.0920 7484 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:52:24.0944 7484 AdobeARMservice - ok
20:52:25.0010 7484 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:52:25.0042 7484 AdobeFlashPlayerUpdateSvc - ok
20:52:25.0066 7484 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:52:25.0109 7484 adp94xx - ok
20:52:25.0123 7484 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:52:25.0159 7484 adpahci - ok
20:52:25.0170 7484 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:52:25.0200 7484 adpu320 - ok
20:52:25.0220 7484 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:52:25.0344 7484 AeLookupSvc - ok
20:52:25.0364 7484 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:52:25.0406 7484 AFD - ok
20:52:25.0435 7484 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
20:52:25.0499 7484 AgereSoftModem - ok
20:52:25.0508 7484 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:52:25.0533 7484 agp440 - ok
20:52:25.0541 7484 [ 16F6F6B7903B913AB41AB848C8BB5658 ] AiCharger C:\Windows\system32\DRIVERS\AiCharger.sys
20:52:25.0574 7484 AiCharger - ok
20:52:25.0583 7484 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:52:25.0616 7484 ALG - ok
20:52:25.0624 7484 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:52:25.0648 7484 aliide - ok
20:52:25.0656 7484 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:52:25.0678 7484 amdide - ok
20:52:25.0688 7484 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:52:25.0720 7484 AmdK8 - ok
20:52:25.0734 7484 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:52:25.0764 7484 AmdPPM - ok
20:52:25.0775 7484 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:52:25.0801 7484 amdsata - ok
20:52:25.0813 7484 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:52:25.0843 7484 amdsbs - ok
20:52:25.0851 7484 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:52:25.0873 7484 amdxata - ok
20:52:25.0886 7484 [ 157B1C973637919DCD0D0464167C86BA ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
20:52:25.0921 7484 AMPPAL - ok
20:52:25.0932 7484 [ 157B1C973637919DCD0D0464167C86BA ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
20:52:25.0958 7484 AMPPALP - ok
20:52:25.0981 7484 [ FB70F8C1283C8CC6BFAA6F9971107E68 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
20:52:26.0025 7484 AMPPALR3 - ok
20:52:26.0035 7484 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:52:26.0117 7484 AppID - ok
20:52:26.0127 7484 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:52:26.0212 7484 AppIDSvc - ok
20:52:26.0263 7484 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:52:26.0345 7484 Appinfo - ok
20:52:26.0355 7484 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:52:26.0381 7484 arc - ok
20:52:26.0390 7484 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:52:26.0417 7484 arcsas - ok
20:52:26.0428 7484 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
20:52:26.0448 7484 ASLDRService - ok
20:52:26.0452 7484 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
20:52:26.0457 7484 ASMMAP64 - ok
20:52:26.0478 7484 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:52:26.0488 7484 aspnet_state - ok
20:52:26.0495 7484 [ 6A122B4F0E5293CACFA8A5F2CBA9B356 ] ASUS InstantOn C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
20:52:26.0505 7484 ASUS InstantOn - ok
20:52:26.0509 7484 [ CBF4C9263F35A9E80E4AD5CBBAE6049C ] AsusVBus C:\Windows\system32\DRIVERS\AsusVBus.sys
20:52:26.0515 7484 AsusVBus - ok
20:52:26.0518 7484 [ C951F6F1D909E1AAD7160D9EE860A3F1 ] AsusVTouch C:\Windows\system32\DRIVERS\AsusVTouch.sys
20:52:26.0524 7484 AsusVTouch - ok
20:52:26.0528 7484 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:52:26.0555 7484 AsyncMac - ok
20:52:26.0558 7484 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:52:26.0565 7484 atapi - ok
20:52:26.0579 7484 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:52:26.0619 7484 athr - ok
20:52:26.0623 7484 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
20:52:26.0630 7484 ATKGFNEXSrv - ok
20:52:26.0633 7484 [ AC31727F9946E9009480708E4D1B9986 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
20:52:26.0639 7484 ATKWMIACPIIO - ok
20:52:26.0649 7484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:52:26.0680 7484 AudioEndpointBuilder - ok
20:52:26.0688 7484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:52:26.0717 7484 AudioSrv - ok
20:52:26.0774 7484 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
20:52:26.0855 7484 AVGIDSAgent - ok
20:52:26.0861 7484 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:52:26.0869 7484 AVGIDSDriver - ok
20:52:26.0872 7484 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
20:52:26.0879 7484 AVGIDSHA - ok
20:52:26.0886 7484 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
20:52:26.0894 7484 Avgldx64 - ok
20:52:26.0900 7484 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
20:52:26.0910 7484 Avgloga - ok
20:52:26.0915 7484 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
20:52:26.0923 7484 Avgmfx64 - ok
20:52:26.0927 7484 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
20:52:26.0934 7484 Avgrkx64 - ok
20:52:26.0939 7484 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
20:52:26.0947 7484 Avgtdia - ok
20:52:26.0952 7484 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
20:52:26.0962 7484 avgwd - ok
20:52:26.0966 7484 [ 95920D4BE86DD1F60A2D4D23A869A043 ] AX88772B C:\Windows\system32\DRIVERS\ax88772b.sys
20:52:26.0978 7484 AX88772B - ok
20:52:26.0985 7484 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:52:27.0009 7484 AxInstSV - ok
20:52:27.0018 7484 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:52:27.0034 7484 b06bdrv - ok
20:52:27.0040 7484 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:52:27.0068 7484 b57nd60a - ok
20:52:27.0083 7484 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:52:27.0114 7484 BDESVC - ok
20:52:27.0122 7484 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:52:27.0204 7484 Beep - ok
20:52:27.0231 7484 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:52:27.0332 7484 BFE - ok
20:52:27.0357 7484 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:52:27.0463 7484 BITS - ok
20:52:27.0472 7484 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:52:27.0502 7484 blbdrive - ok
20:52:27.0530 7484 [ 6D625A18DDFCD0464B914B71293AD837 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
20:52:27.0582 7484 Bluetooth Device Monitor - ok
20:52:27.0613 7484 [ 74B2BF80D966CFE8BC8005D19E40608D ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
20:52:27.0674 7484 Bluetooth Media Service - ok
20:52:27.0701 7484 [ 707BF27D30ADAB7798C69D5BF41C7131 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
20:52:27.0755 7484 Bluetooth OBEX Service - ok
20:52:27.0766 7484 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:52:27.0797 7484 bowser - ok
20:52:27.0805 7484 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:52:27.0838 7484 BrFiltLo - ok
20:52:27.0847 7484 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:52:27.0879 7484 BrFiltUp - ok
20:52:27.0891 7484 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:52:27.0923 7484 Browser - ok
20:52:27.0937 7484 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:52:27.0975 7484 Brserid - ok
20:52:27.0985 7484 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:52:28.0020 7484 BrSerWdm - ok
20:52:28.0029 7484 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:52:28.0065 7484 BrUsbMdm - ok
20:52:28.0076 7484 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:52:28.0106 7484 BrUsbSer - ok
20:52:28.0116 7484 [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
20:52:28.0152 7484 BTCFilterService - ok
20:52:28.0160 7484 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
20:52:28.0207 7484 BthEnum - ok
20:52:28.0219 7484 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:52:28.0254 7484 BTHMODEM - ok
20:52:28.0263 7484 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:52:28.0301 7484 BthPan - ok
20:52:28.0319 7484 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
20:52:28.0360 7484 BTHPORT - ok
20:52:28.0371 7484 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:52:28.0458 7484 bthserv - ok
20:52:28.0469 7484 [ FA2D081709A764F6BEE16B7FFE03E36C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
20:52:28.0492 7484 BTHSSecurityMgr - ok
20:52:28.0503 7484 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
20:52:28.0532 7484 BTHUSB - ok
20:52:28.0542 7484 [ 3676BEAA7D842047D30E95D59B241F22 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
20:52:28.0570 7484 btmaux - ok
20:52:28.0594 7484 [ FA0E7B5AFB8FD335234916764A2D6CF9 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
20:52:28.0629 7484 btmhsf ( UnsignedFile.Multi.Generic ) - warning
20:52:28.0630 7484 btmhsf - detected UnsignedFile.Multi.Generic (1)
20:52:28.0640 7484 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:52:28.0727 7484 cdfs - ok
20:52:28.0739 7484 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:52:28.0771 7484 cdrom - ok
20:52:28.0781 7484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:52:28.0877 7484 CertPropSvc - ok
20:52:28.0885 7484 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:52:28.0919 7484 circlass - ok
20:52:28.0935 7484 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:52:28.0971 7484 CLFS - ok
20:52:28.0989 7484 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:52:29.0012 7484 clr_optimization_v2.0.50727_32 - ok
20:52:29.0029 7484 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:52:29.0054 7484 clr_optimization_v2.0.50727_64 - ok
20:52:29.0079 7484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:52:29.0119 7484 clr_optimization_v4.0.30319_32 - ok
20:52:29.0131 7484 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:52:29.0159 7484 clr_optimization_v4.0.30319_64 - ok
20:52:29.0169 7484 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:52:29.0198 7484 CmBatt - ok
20:52:29.0207 7484 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:52:29.0230 7484 cmdide - ok
20:52:29.0249 7484 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:52:29.0305 7484 CNG - ok
20:52:29.0316 7484 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:52:29.0338 7484 Compbatt - ok
20:52:29.0352 7484 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:52:29.0388 7484 CompositeBus - ok
20:52:29.0396 7484 COMSysApp - ok
20:52:29.0461 7484 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:52:29.0491 7484 cphs - ok
20:52:29.0501 7484 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:52:29.0524 7484 crcdisk - ok
20:52:29.0541 7484 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:52:29.0575 7484 CryptSvc - ok
20:52:29.0597 7484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:52:29.0696 7484 DcomLaunch - ok
20:52:29.0712 7484 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:52:29.0806 7484 defragsvc - ok
20:52:29.0818 7484 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:52:29.0900 7484 DfsC - ok
20:52:29.0914 7484 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:52:29.0952 7484 Dhcp - ok
20:52:29.0962 7484 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:52:30.0046 7484 discache - ok
20:52:30.0056 7484 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:52:30.0081 7484 Disk - ok
20:52:30.0093 7484 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:52:30.0127 7484 Dnscache - ok
20:52:30.0140 7484 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:52:30.0229 7484 dot3svc - ok
20:52:30.0241 7484 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:52:30.0325 7484 DPS - ok
20:52:30.0335 7484 [ B57B6CAFABC6E4F9CD0E4178585E793A ] DptfDevDram C:\Windows\system32\DRIVERS\DptfDevDram.sys
20:52:30.0357 7484 DptfDevDram - ok
20:52:30.0368 7484 [ 3D4E77C43E9320845D37D6174E61D1C4 ] DptfDevFan C:\Windows\system32\DRIVERS\DptfDevFan.sys
20:52:30.0387 7484 DptfDevFan - ok
20:52:30.0399 7484 [ 503BB50D87387C11EEA9315D81F66E75 ] DptfDevGen C:\Windows\system32\DRIVERS\DptfDevGen.sys
20:52:30.0418 7484 DptfDevGen - ok
20:52:30.0430 7484 [ C924AF49E62D8255DF89BAA91770344E ] DptfDevPch C:\Windows\system32\DRIVERS\DptfDevPch.sys
20:52:30.0451 7484 DptfDevPch - ok
20:52:30.0463 7484 [ C89D695BEDD341AD56A4D5D57D6DFF5C ] DptfDevProc C:\Windows\system32\DRIVERS\DptfDevProc.sys
20:52:30.0487 7484 DptfDevProc - ok
20:52:30.0505 7484 [ 80198E50E63EA9F9B472B1FEC7E8BEB4 ] DptfManager C:\Windows\system32\DRIVERS\DptfManager.sys
20:52:30.0541 7484 DptfManager - ok
20:52:30.0550 7484 [ E5EBBE07DCE63C2F2DB3F52FECA1DCE2 ] DptfParticipantProcessorService C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
20:52:30.0575 7484 DptfParticipantProcessorService - ok
20:52:30.0583 7484 [ A9B530EC5F3D11B0B0DBC2947B10F700 ] DptfPolicyConfigTDPService C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
20:52:30.0607 7484 DptfPolicyConfigTDPService - ok
20:52:30.0617 7484 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:52:30.0651 7484 drmkaud - ok
20:52:30.0679 7484 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:52:30.0736 7484 DXGKrnl - ok
20:52:30.0749 7484 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:52:30.0834 7484 EapHost - ok
20:52:30.0902 7484 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:52:31.0021 7484 ebdrv - ok
20:52:31.0032 7484 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:52:31.0064 7484 EFS - ok
20:52:31.0088 7484 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:52:31.0141 7484 ehRecvr - ok
20:52:31.0151 7484 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:52:31.0187 7484 ehSched - ok
20:52:31.0217 7484 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:52:31.0259 7484 elxstor - ok
20:52:31.0267 7484 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:52:31.0296 7484 ErrDev - ok
20:52:31.0314 7484 [ 42B4D3D746B3625EF42233C3897E1F68 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
20:52:31.0341 7484 ETD - ok
20:52:31.0362 7484 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:52:31.0456 7484 EventSystem - ok
20:52:31.0477 7484 [ 52AE29A233832E0C704FD7FC534AF9FB ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:52:31.0518 7484 EvtEng - ok
20:52:31.0530 7484 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:52:31.0619 7484 exfat - ok
20:52:31.0632 7484 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:52:31.0720 7484 fastfat - ok
20:52:31.0745 7484 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:52:31.0791 7484 Fax - ok
20:52:31.0801 7484 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:52:31.0830 7484 fdc - ok
20:52:31.0838 7484 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:52:31.0922 7484 fdPHost - ok
20:52:31.0932 7484 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:52:32.0016 7484 FDResPub - ok
20:52:32.0025 7484 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:52:32.0049 7484 FileInfo - ok
20:52:32.0057 7484 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:52:32.0143 7484 Filetrace - ok
20:52:32.0151 7484 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:52:32.0180 7484 flpydisk - ok
20:52:32.0194 7484 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:52:32.0228 7484 FltMgr - ok
20:52:32.0257 7484 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:52:32.0317 7484 FontCache - ok
20:52:32.0326 7484 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:52:32.0346 7484 FontCache3.0.0.0 - ok
20:52:32.0356 7484 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:52:32.0380 7484 FsDepends - ok
20:52:32.0389 7484 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:52:32.0409 7484 fssfltr - ok
20:52:32.0448 7484 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:52:32.0525 7484 fsssvc - ok
20:52:32.0534 7484 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:52:32.0556 7484 Fs_Rec - ok
20:52:32.0569 7484 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:52:32.0609 7484 fvevol - ok
20:52:32.0618 7484 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:52:32.0643 7484 gagp30kx - ok
20:52:32.0737 7484 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:52:32.0839 7484 gpsvc - ok
20:52:32.0846 7484 gupdate - ok
20:52:32.0854 7484 gupdatem - ok
20:52:32.0866 7484 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:52:32.0898 7484 hcw85cir - ok
20:52:32.0913 7484 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:52:32.0956 7484 HdAudAddService - ok
20:52:32.0966 7484 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:52:33.0002 7484 HDAudBus - ok
20:52:33.0011 7484 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:52:33.0041 7484 HidBatt - ok
20:52:33.0052 7484 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:52:33.0087 7484 HidBth - ok
20:52:33.0097 7484 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:52:33.0130 7484 HidIr - ok
20:52:33.0139 7484 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:52:33.0225 7484 hidserv - ok
20:52:33.0235 7484 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:52:33.0264 7484 HidUsb - ok
20:52:33.0274 7484 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:52:33.0357 7484 hkmsvc - ok
20:52:33.0373 7484 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:52:33.0408 7484 HomeGroupListener - ok
20:52:33.0421 7484 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:52:33.0455 7484 HomeGroupProvider - ok
20:52:33.0466 7484 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:52:33.0492 7484 HpSAMD - ok
20:52:33.0514 7484 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:52:33.0613 7484 HTTP - ok
20:52:33.0622 7484 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:52:33.0645 7484 hwpolicy - ok
20:52:33.0655 7484 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:52:33.0684 7484 i8042prt - ok
20:52:33.0706 7484 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:52:33.0744 7484 iaStor - ok
20:52:33.0760 7484 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:52:33.0797 7484 iaStorV - ok
20:52:33.0807 7484 [ 653A38B868A5F20BB506AB57AC41B936 ] ibtfltcoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
20:52:33.0819 7484 ibtfltcoex ( UnsignedFile.Multi.Generic ) - warning
20:52:33.0819 7484 ibtfltcoex - detected UnsignedFile.Multi.Generic (1)
20:52:33.0846 7484 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:52:33.0898 7484 idsvc - ok
20:52:34.0140 7484 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:52:34.0600 7484 igfx - ok
20:52:34.0615 7484 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:52:34.0640 7484 iirsp - ok
20:52:34.0664 7484 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:52:34.0767 7484 IKEEXT - ok
20:52:34.0781 7484 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
20:52:34.0802 7484 intaud_WaveExtensible - ok
20:52:34.0880 7484 [ 6EF96DF5184DDB95A12107B8D7531FB7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:52:35.0038 7484 IntcAzAudAddService - ok
20:52:35.0059 7484 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:52:35.0093 7484 IntcDAud - ok
20:52:35.0112 7484 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:52:35.0153 7484 Intel(R) Capability Licensing Service Interface - ok
20:52:35.0165 7484 [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
20:52:35.0188 7484 Intel(R) ME Service - ok
20:52:35.0200 7484 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:52:35.0226 7484 intelide - ok
20:52:35.0238 7484 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:52:35.0267 7484 intelppm - ok
20:52:35.0277 7484 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:52:35.0364 7484 IPBusEnum - ok
20:52:35.0375 7484 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:52:35.0457 7484 IpFilterDriver - ok
20:52:35.0475 7484 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:52:35.0519 7484 iphlpsvc - ok
20:52:35.0528 7484 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:52:35.0559 7484 IPMIDRV - ok
20:52:35.0571 7484 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:52:35.0657 7484 IPNAT - ok
20:52:35.0668 7484 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:52:35.0718 7484 IRENUM - ok
20:52:35.0728 7484 [ 6DC22BDAA595BE00F19696E72F2F3312 ] irstrtdv C:\Windows\system32\DRIVERS\irstrtdv.sys
20:52:35.0747 7484 irstrtdv - ok
20:52:35.0760 7484 [ 205FD80EF4B9832F9763B9A187957260 ] irstrtsv C:\Windows\SysWOW64\irstrtsv.exe
20:52:35.0787 7484 irstrtsv - ok
20:52:35.0796 7484 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:52:35.0820 7484 isapnp - ok
20:52:35.0836 7484 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:52:35.0869 7484 iScsiPrt - ok
20:52:35.0878 7484 [ B2381712638B0B714D0EEAB9A1F7C640 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
20:52:35.0896 7484 iusb3hcs - ok
20:52:35.0913 7484 [ FD2C6457232E95C014DAD21DEBC64867 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
20:52:35.0942 7484 iusb3hub - ok
20:52:35.0965 7484 [ F6A2B5D030BE7EDF8ADC12C9A40825A8 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
20:52:36.0009 7484 iusb3xhc - ok
20:52:36.0018 7484 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
20:52:36.0037 7484 iwdbus - ok
20:52:36.0050 7484 [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:52:36.0075 7484 jhi_service - ok
20:52:36.0085 7484 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:52:36.0109 7484 kbdclass - ok
20:52:36.0118 7484 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:52:36.0149 7484 kbdhid - ok
20:52:36.0157 7484 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
20:52:36.0175 7484 kbfiltr - ok
20:52:36.0185 7484 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:52:36.0215 7484 KeyIso - ok
20:52:36.0225 7484 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:52:36.0250 7484 KSecDD - ok
20:52:36.0262 7484 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:52:36.0289 7484 KSecPkg - ok
20:52:36.0297 7484 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:52:36.0382 7484 ksthunk - ok
20:52:36.0398 7484 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:52:36.0494 7484 KtmRm - ok
20:52:36.0504 7484 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
20:52:36.0535 7484 L1C - ok
20:52:36.0548 7484 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:52:36.0635 7484 LanmanServer - ok
20:52:36.0646 7484 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:52:36.0731 7484 LanmanWorkstation - ok
20:52:36.0746 7484 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:52:36.0829 7484 lltdio - ok
20:52:36.0843 7484 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:52:36.0876 7484 lltdsvc - ok
20:52:36.0879 7484 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:52:36.0904 7484 lmhosts - ok
20:52:36.0912 7484 [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:52:36.0922 7484 LMS - ok
20:52:36.0927 7484 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:52:36.0936 7484 LSI_FC - ok
20:52:36.0939 7484 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:52:36.0948 7484 LSI_SAS - ok
20:52:36.0952 7484 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:52:36.0960 7484 LSI_SAS2 - ok
20:52:36.0964 7484 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:52:36.0973 7484 LSI_SCSI - ok
20:52:36.0978 7484 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:52:37.0005 7484 luafv - ok
20:52:37.0009 7484 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:52:37.0020 7484 Mcx2Svc - ok
20:52:37.0023 7484 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:52:37.0031 7484 megasas - ok
20:52:37.0036 7484 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:52:37.0048 7484 MegaSR - ok
20:52:37.0052 7484 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:52:37.0058 7484 MEIx64 - ok
20:52:37.0062 7484 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:52:37.0089 7484 MMCSS - ok
20:52:37.0093 7484 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:52:37.0120 7484 Modem - ok
20:52:37.0123 7484 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:52:37.0134 7484 monitor - ok
20:52:37.0138 7484 [ D69F1E9A944A5F46A494AF901ED41118 ] motandroidusb C:\Windows\system32\Drivers\motoandroid.sys
20:52:37.0150 7484 motandroidusb - ok
20:52:37.0154 7484 [ 43E754047C6DEE50666554D3C66D6279 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
20:52:37.0167 7484 motccgp - ok
20:52:37.0170 7484 [ 577399C75CF85AC68E7830EB150F45EF ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
20:52:37.0182 7484 motccgpfl - ok
20:52:37.0185 7484 [ 785B2CBA23D374649D98715C3EE17B2A ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
20:52:37.0198 7484 motmodem - ok
20:52:37.0205 7484 [ AC9D6E3629E4388A9EA9B4172493AAEE ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
20:52:37.0212 7484 Motorola Device Manager - ok
20:52:37.0215 7484 [ 19BC2161C3FCCED802F1BCD9B78C3466 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
20:52:37.0227 7484 MotoSwitchService - ok
20:52:37.0230 7484 [ C4F1495598C7E1FEF53BCFD84A5BD53E ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
20:52:37.0242 7484 Motousbnet - ok
20:52:37.0246 7484 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:52:37.0253 7484 mouclass - ok
20:52:37.0257 7484 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:52:37.0267 7484 mouhid - ok
20:52:37.0271 7484 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:52:37.0279 7484 mountmgr - ok
20:52:37.0284 7484 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:52:37.0294 7484 mpio - ok
20:52:37.0298 7484 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:52:37.0325 7484 mpsdrv - ok
20:52:37.0336 7484 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:52:37.0371 7484 MpsSvc - ok
20:52:37.0375 7484 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:52:37.0391 7484 MRxDAV - ok
20:52:37.0397 7484 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:52:37.0410 7484 mrxsmb - ok
20:52:37.0416 7484 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:52:37.0428 7484 mrxsmb10 - ok
20:52:37.0432 7484 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:52:37.0444 7484 mrxsmb20 - ok
20:52:37.0447 7484 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:52:37.0454 7484 msahci - ok
20:52:37.0458 7484 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:52:37.0468 7484 msdsm - ok
20:52:37.0473 7484 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:52:37.0485 7484 MSDTC - ok
20:52:37.0491 7484 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:52:37.0517 7484 Msfs - ok
20:52:37.0520 7484 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:52:37.0546 7484 mshidkmdf - ok
20:52:37.0548 7484 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:52:37.0555 7484 msisadrv - ok
20:52:37.0559 7484 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:52:37.0588 7484 MSiSCSI - ok
20:52:37.0591 7484 msiserver - ok
20:52:37.0594 7484 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:52:37.0621 7484 MSKSSRV - ok
20:52:37.0624 7484 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:52:37.0649 7484 MSPCLOCK - ok
20:52:37.0652 7484 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:52:37.0678 7484 MSPQM - ok
20:52:37.0685 7484 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:52:37.0697 7484 MsRPC - ok
20:52:37.0703 7484 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:52:37.0710 7484 mssmbios - ok
20:52:37.0714 7484 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:52:37.0740 7484 MSTEE - ok
20:52:37.0743 7484 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:52:37.0754 7484 MTConfig - ok
20:52:37.0757 7484 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:52:37.0765 7484 Mup - ok
20:52:37.0771 7484 [ 4D02A9A4AAE43280D8631F232AAD79BC ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:52:37.0781 7484 MyWiFiDHCPDNS - ok
20:52:37.0789 7484 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:52:37.0825 7484 napagent - ok
20:52:37.0833 7484 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:52:37.0850 7484 NativeWifiP - ok
20:52:37.0861 7484 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:52:37.0880 7484 NDIS - ok
20:52:37.0883 7484 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:52:37.0910 7484 NdisCap - ok
20:52:37.0914 7484 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:52:37.0940 7484 NdisTapi - ok
20:52:37.0943 7484 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:52:37.0970 7484 Ndisuio - ok
20:52:37.0975 7484 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:52:38.0002 7484 NdisWan - ok
20:52:38.0006 7484 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:52:38.0032 7484 NDProxy - ok
20:52:38.0035 7484 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:52:38.0063 7484 NetBIOS - ok
20:52:38.0068 7484 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:52:38.0095 7484 NetBT - ok
20:52:38.0099 7484 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:52:38.0107 7484 Netlogon - ok
20:52:38.0114 7484 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:52:38.0145 7484 Netman - ok
20:52:38.0162 7484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:52:38.0174 7484 NetMsmqActivator - ok
20:52:38.0177 7484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:52:38.0184 7484 NetPipeActivator - ok
20:52:38.0192 7484 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:52:38.0224 7484 netprofm - ok
20:52:38.0228 7484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:52:38.0234 7484 NetTcpActivator - ok
20:52:38.0238 7484 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:52:38.0244 7484 NetTcpPortSharing - ok
20:52:38.0330 7484 [ 262225F08B891FD7F16B3B93A3177C1F ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
20:52:38.0448 7484 NETwNs64 - ok
20:52:38.0454 7484 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:52:38.0462 7484 nfrd960 - ok
20:52:38.0468 7484 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:52:38.0482 7484 NlaSvc - ok
20:52:38.0486 7484 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:52:38.0512 7484 Npfs - ok
20:52:38.0516 7484 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:52:38.0543 7484 nsi - ok
20:52:38.0547 7484 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:52:38.0572 7484 nsiproxy - ok
20:52:38.0591 7484 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:52:38.0619 7484 Ntfs - ok
20:52:38.0623 7484 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:52:38.0649 7484 Null - ok
20:52:38.0653 7484 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:52:38.0662 7484 nvraid - ok
20:52:38.0667 7484 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:52:38.0677 7484 nvstor - ok
20:52:38.0681 7484 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:52:38.0691 7484 nv_agp - ok
20:52:38.0695 7484 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:52:38.0707 7484 ohci1394 - ok
20:52:38.0713 7484 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:52:38.0722 7484 ose - ok
20:52:38.0763 7484 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:52:38.0832 7484 osppsvc - ok
20:52:38.0841 7484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:52:38.0855 7484 p2pimsvc - ok
20:52:38.0862 7484 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:52:38.0878 7484 p2psvc - ok
20:52:38.0882 7484 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:52:38.0893 7484 Parport - ok
20:52:38.0898 7484 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:52:38.0906 7484 partmgr - ok
20:52:38.0911 7484 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:52:38.0927 7484 PcaSvc - ok
20:52:38.0932 7484 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:52:38.0942 7484 pci - ok
20:52:38.0945 7484 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:52:38.0952 7484 pciide - ok
20:52:38.0957 7484 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:52:38.0967 7484 pcmcia - ok
20:52:38.0970 7484 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:52:38.0977 7484 pcw - ok
20:52:38.0986 7484 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:52:39.0019 7484 PEAUTH - ok
20:52:39.0024 7484 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:52:39.0034 7484 PerfHost - ok
20:52:39.0051 7484 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:52:39.0091 7484 pla - ok
20:52:39.0099 7484 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:52:39.0115 7484 PlugPlay - ok
20:52:39.0118 7484 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:52:39.0129 7484 PNRPAutoReg - ok
20:52:39.0134 7484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:52:39.0144 7484 PNRPsvc - ok
20:52:39.0152 7484 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:52:39.0182 7484 PolicyAgent - ok
20:52:39.0188 7484 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:52:39.0216 7484 Power - ok
20:52:39.0221 7484 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:52:39.0247 7484 PptpMiniport - ok
20:52:39.0250 7484 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:52:39.0261 7484 Processor - ok
20:52:39.0266 7484 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:52:39.0279 7484 ProfSvc - ok
20:52:39.0282 7484 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:52:39.0290 7484 ProtectedStorage - ok
20:52:39.0294 7484 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:52:39.0321 7484 Psched - ok
20:52:39.0326 7484 [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
20:52:39.0331 7484 PST Service ( UnsignedFile.Multi.Generic ) - warning
20:52:39.0331 7484 PST Service - detected UnsignedFile.Multi.Generic (1)
20:52:39.0346 7484 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:52:39.0374 7484 ql2300 - ok
20:52:39.0379 7484 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:52:39.0388 7484 ql40xx - ok
20:52:39.0394 7484 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:52:39.0410 7484 QWAVE - ok
20:52:39.0413 7484 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:52:39.0426 7484 QWAVEdrv - ok
20:52:39.0429 7484 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:52:39.0456 7484 RasAcd - ok
20:52:39.0460 7484 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:52:39.0485 7484 RasAgileVpn - ok
20:52:39.0489 7484 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:52:39.0516 7484 RasAuto - ok
20:52:39.0520 7484 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:52:39.0546 7484 Rasl2tp - ok
20:52:39.0553 7484 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:52:39.0581 7484 RasMan - ok
20:52:39.0585 7484 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:52:39.0612 7484 RasPppoe - ok
20:52:39.0616 7484 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:52:39.0643 7484 RasSstp - ok
20:52:39.0651 7484 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:52:39.0680 7484 rdbss - ok
20:52:39.0683 7484 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:52:39.0695 7484 rdpbus - ok
20:52:39.0698 7484 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:52:39.0724 7484 RDPCDD - ok
20:52:39.0730 7484 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:52:39.0756 7484 RDPENCDD - ok
20:52:39.0760 7484 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:52:39.0786 7484 RDPREFMP - ok
20:52:39.0791 7484 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:52:39.0805 7484 RDPWD - ok
20:52:39.0810 7484 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:52:39.0820 7484 rdyboost - ok
20:52:39.0826 7484 [ C480D028012881E0136962A49379688D ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:52:39.0834 7484 RegSrvc - ok
20:52:39.0838 7484 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:52:39.0866 7484 RemoteAccess - ok
20:52:39.0870 7484 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:52:39.0899 7484 RemoteRegistry - ok
20:52:39.0903 7484 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:52:39.0917 7484 RFCOMM - ok
20:52:39.0921 7484 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:52:39.0949 7484 RpcEptMapper - ok
20:52:39.0952 7484 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:52:39.0962 7484 RpcLocator - ok
20:52:39.0969 7484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:52:39.0997 7484 RpcSs - ok
20:52:40.0001 7484 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:52:40.0026 7484 rspndr - ok
20:52:40.0037 7484 [ CE0A1D8A59410E698140821E4E69DA0D ] RSUSBVSTOR C:\Windows\system32\Drivers\RTSUVSTOR.sys
20:52:40.0048 7484 RSUSBVSTOR - ok
20:52:40.0051 7484 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:52:40.0059 7484 SamSs - ok
20:52:40.0065 7484 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:52:40.0073 7484 sbp2port - ok
20:52:40.0079 7484 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:52:40.0108 7484 SCardSvr - ok
20:52:40.0111 7484 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:52:40.0136 7484 scfilter - ok
20:52:40.0148 7484 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:52:40.0184 7484 Schedule - ok
20:52:40.0190 7484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:52:40.0214 7484 SCPolicySvc - ok
20:52:40.0219 7484 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:52:40.0232 7484 SDRSVC - ok
20:52:40.0236 7484 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:52:40.0262 7484 secdrv - ok
20:52:40.0266 7484 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:52:40.0292 7484 seclogon - ok
20:52:40.0296 7484 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:52:40.0325 7484 SENS - ok
20:52:40.0329 7484 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:52:40.0340 7484 SensrSvc - ok
20:52:40.0343 7484 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
20:52:40.0354 7484 Serenum - ok
20:52:40.0358 7484 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
20:52:40.0371 7484 Serial - ok
20:52:40.0375 7484 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:52:40.0389 7484 sermouse - ok
20:52:40.0397 7484 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:52:40.0425 7484 SessionEnv - ok
20:52:40.0428 7484 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:52:40.0439 7484 sffdisk - ok
20:52:40.0442 7484 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:52:40.0454 7484 sffp_mmc - ok
20:52:40.0457 7484 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:52:40.0467 7484 sffp_sd - ok
20:52:40.0470 7484 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:52:40.0480 7484 sfloppy - ok
20:52:40.0487 7484 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:52:40.0516 7484 SharedAccess - ok
20:52:40.0523 7484 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:52:40.0553 7484 ShellHWDetection - ok
20:52:40.0557 7484 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
20:52:40.0566 7484 SiSGbeLH - ok
20:52:40.0569 7484 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:52:40.0577 7484 SiSRaid2 - ok
20:52:40.0581 7484 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:52:40.0589 7484 SiSRaid4 - ok
20:52:40.0595 7484 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:52:40.0603 7484 SkypeUpdate - ok
20:52:40.0607 7484 [ A457553166B11B4B34C80C5C08729C44 ] slabbus C:\Windows\system32\DRIVERS\slabbus.sys
20:52:40.0626 7484 slabbus - ok
20:52:40.0633 7484 [ CC73BE818A487D3CE31466D25286F65B ] slabser C:\Windows\system32\DRIVERS\slabser.sys
20:52:40.0644 7484 slabser - ok
20:52:40.0647 7484 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:52:40.0674 7484 Smb - ok
20:52:40.0681 7484 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:52:40.0692 7484 SNMPTRAP - ok
20:52:40.0696 7484 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:52:40.0703 7484 spldr - ok
20:52:40.0711 7484 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:52:40.0728 7484 Spooler - ok
20:52:40.0757 7484 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:52:40.0816 7484 sppsvc - ok
20:52:40.0821 7484 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:52:40.0848 7484 sppuinotify - ok
20:52:40.0856 7484 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:52:40.0872 7484 srv - ok
20:52:40.0881 7484 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:52:40.0894 7484 srv2 - ok
20:52:40.0900 7484 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:52:40.0910 7484 srvnet - ok
20:52:40.0916 7484 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:52:40.0944 7484 SSDPSRV - ok
20:52:40.0948 7484 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:52:40.0975 7484 SstpSvc - ok
20:52:40.0978 7484 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:52:40.0986 7484 stexstor - ok
20:52:40.0994 7484 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:52:41.0014 7484 stisvc - ok
20:52:41.0017 7484 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:52:41.0024 7484 swenum - ok
20:52:41.0031 7484 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:52:41.0065 7484 swprv - ok
20:52:41.0081 7484 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:52:41.0113 7484 SysMain - ok
20:52:41.0117 7484 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:52:41.0132 7484 TabletInputService - ok
20:52:41.0139 7484 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:52:41.0169 7484 TapiSrv - ok
20:52:41.0173 7484 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:52:41.0200 7484 TBS - ok
20:52:41.0219 7484 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:52:41.0250 7484 Tcpip - ok
20:52:41.0268 7484 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:52:41.0294 7484 TCPIP6 - ok
20:52:41.0299 7484 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:52:41.0309 7484 tcpipreg - ok
20:52:41.0313 7484 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:52:41.0323 7484 TDPIPE - ok
20:52:41.0327 7484 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:52:41.0337 7484 TDTCP - ok
20:52:41.0341 7484 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:52:41.0367 7484 tdx - ok
20:52:41.0371 7484 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:52:41.0378 7484 TermDD - ok
20:52:41.0389 7484 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:52:41.0422 7484 TermService - ok
20:52:41.0425 7484 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:52:41.0439 7484 Themes - ok
20:52:41.0443 7484 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:52:41.0469 7484 THREADORDER - ok
20:52:41.0472 7484 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
20:52:41.0482 7484 TPM - ok
20:52:41.0487 7484 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:52:41.0514 7484 TrkWks - ok
20:52:41.0520 7484 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:52:41.0547 7484 TrustedInstaller - ok
20:52:41.0551 7484 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:52:41.0577 7484 tssecsrv - ok
20:52:41.0581 7484 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:52:41.0591 7484 TsUsbFlt - ok
20:52:41.0594 7484 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:52:41.0604 7484 TsUsbGD - ok
20:52:41.0608 7484 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:52:41.0633 7484 tunnel - ok
20:52:41.0637 7484 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:52:41.0646 7484 uagp35 - ok
20:52:41.0659 7484 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:52:41.0688 7484 udfs - ok
20:52:41.0694 7484 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:52:41.0706 7484 UI0Detect - ok
20:52:41.0710 7484 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:52:41.0718 7484 uliagpkx - ok
20:52:41.0721 7484 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:52:41.0731 7484 umbus - ok
20:52:41.0734 7484 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:52:41.0744 7484 UmPass - ok
20:52:41.0754 7484 [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:52:41.0766 7484 UNS - ok
20:52:41.0773 7484 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:52:41.0803 7484 upnphost - ok
20:52:41.0808 7484 [ EBF228A52517042DE4F38A40285BC8D9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:52:41.0819 7484 usbccgp - ok
20:52:41.0823 7484 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:52:41.0835 7484 usbcir - ok
20:52:41.0838 7484 [ 6B3D5E6A9DA786EC755B00BC180C700B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:52:41.0849 7484 usbehci - ok
20:52:41.0856 7484 [ 94ABE9DA48E466BBE84C73E0C6652ED1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:52:41.0870 7484 usbhub - ok
20:52:41.0873 7484 [ 660B2C08CE7103E71EAA26F85B0B0A56 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:52:41.0883 7484 usbohci - ok
20:52:41.0888 7484 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:52:41.0901 7484 usbprint - ok
20:52:41.0904 7484 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:52:41.0916 7484 USBSTOR - ok
20:52:41.0919 7484 [ 1529632FC96032D337B298F8A285D640 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:52:41.0927 7484 usbuhci - ok
20:52:41.0933 7484 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:52:41.0947 7484 usbvideo - ok
20:52:41.0951 7484 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
20:52:41.0961 7484 usb_rndisx - ok
20:52:41.0965 7484 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:52:41.0992 7484 UxSms - ok
20:52:41.0996 7484 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:52:42.0005 7484 VaultSvc - ok
20:52:42.0008 7484 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:52:42.0016 7484 vdrvroot - ok
20:52:42.0024 7484 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:52:42.0056 7484 vds - ok
20:52:42.0059 7484 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:52:42.0070 7484 vga - ok
20:52:42.0073 7484 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:52:42.0099 7484 VgaSave - ok
20:52:42.0105 7484 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:52:42.0115 7484 vhdmp - ok
20:52:42.0118 7484 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:52:42.0126 7484 viaide - ok
20:52:42.0130 7484 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:52:42.0138 7484 volmgr - ok
20:52:42.0145 7484 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:52:42.0157 7484 volmgrx - ok
20:52:42.0163 7484 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:52:42.0174 7484 volsnap - ok
20:52:42.0179 7484 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:52:42.0189 7484 vsmraid - ok
20:52:42.0205 7484 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:52:42.0247 7484 VSS - ok
20:52:42.0250 7484 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:52:42.0262 7484 vwifibus - ok
20:52:42.0265 7484 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:52:42.0279 7484 vwififlt - ok
20:52:42.0282 7484 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:52:42.0295 7484 vwifimp - ok
20:52:42.0302 7484 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:52:42.0334 7484 W32Time - ok
20:52:42.0338 7484 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:52:42.0348 7484 WacomPen - ok
20:52:42.0352 7484 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:52:42.0378 7484 WANARP - ok
20:52:42.0382 7484 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:52:42.0407 7484 Wanarpv6 - ok
20:52:42.0422 7484 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:52:42.0445 7484 WatAdminSvc - ok
20:52:42.0461 7484 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:52:42.0487 7484 wbengine - ok
20:52:42.0492 7484 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:52:42.0508 7484 WbioSrvc - ok
20:52:42.0516 7484 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:52:42.0536 7484 wcncsvc - ok
20:52:42.0539 7484 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:52:42.0550 7484 WcsPlugInService - ok
20:52:42.0552 7484 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:52:42.0560 7484 Wd - ok
20:52:42.0570 7484 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:52:42.0588 7484 Wdf01000 - ok
20:52:42.0592 7484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:52:42.0627 7484 WdiServiceHost - ok
20:52:42.0629 7484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:52:42.0642 7484 WdiSystemHost - ok
20:52:42.0649 7484 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:52:42.0699 7484 WebClient - ok
20:52:42.0714 7484 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:52:42.0807 7484 Wecsvc - ok
20:52:42.0816 7484 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:52:42.0915 7484 wercplsupport - ok
20:52:42.0925 7484 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:52:43.0015 7484 WerSvc - ok
20:52:43.0023 7484 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:52:43.0106 7484 WfpLwf - ok
20:52:43.0118 7484 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
20:52:43.0149 7484 WimFltr - ok
20:52:43.0157 7484 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:52:43.0180 7484 WIMMount - ok
20:52:43.0191 7484 WinDefend - ok
20:52:43.0209 7484 WinHttpAutoProxySvc - ok
20:52:43.0233 7484 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:52:43.0322 7484 Winmgmt - ok
20:52:43.0367 7484 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:52:43.0502 7484 WinRM - ok
20:52:43.0520 7484 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
20:52:43.0554 7484 WinUsb - ok
20:52:43.0579 7484 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:52:43.0644 7484 Wlansvc - ok
20:52:43.0659 7484 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:52:43.0679 7484 wlcrasvc - ok
20:52:43.0727 7484 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:52:43.0830 7484 wlidsvc - ok
20:52:43.0840 7484 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:52:43.0866 7484 WmiAcpi - ok
20:52:43.0883 7484 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:52:43.0919 7484 wmiApSrv - ok
20:52:43.0927 7484 WMPNetworkSvc - ok
20:52:43.0938 7484 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:52:43.0968 7484 WPCSvc - ok
20:52:43.0978 7484 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:52:44.0014 7484 WPDBusEnum - ok
20:52:44.0023 7484 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:52:44.0106 7484 ws2ifsl - ok
20:52:44.0117 7484 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:52:44.0161 7484 wscsvc - ok
20:52:44.0169 7484 WSearch - ok
20:52:44.0229 7484 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:52:44.0344 7484 wuauserv - ok
20:52:44.0355 7484 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:52:44.0385 7484 WudfPf - ok
20:52:44.0400 7484 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:52:44.0433 7484 WUDFRd - ok
20:52:44.0443 7484 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:52:44.0475 7484 wudfsvc - ok
20:52:44.0489 7484 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:52:44.0537 7484 WwanSvc - ok
20:52:44.0597 7484 [ 118C018DF1C53B94F8C06D2CABBBDA52 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
20:52:44.0713 7484 ZeroConfigService - ok
20:52:44.0752 7484 ================ Scan global ===============================
20:52:44.0759 7484 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:52:44.0773 7484 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:52:44.0790 7484 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:52:44.0802 7484 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:52:44.0818 7484 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:52:44.0828 7484 [Global] - ok
20:52:44.0830 7484 ================ Scan MBR ==================================
20:52:44.0835 7484 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:52:44.0907 7484 \Device\Harddisk0\DR0 - ok
20:52:44.0908 7484 ================ Scan VBR ==================================
20:52:44.0914 7484 [ C0CA64F5F1B5FEE746FC6A9120F779A3 ] \Device\Harddisk0\DR0\Partition1
20:52:44.0916 7484 \Device\Harddisk0\DR0\Partition1 - ok
20:52:44.0922 7484 [ F95C6499DB28041210DAD54F30FD7FFC ] \Device\Harddisk0\DR0\Partition2
20:52:44.0923 7484 \Device\Harddisk0\DR0\Partition2 - ok
20:52:44.0932 7484 [ 5CBDD8F0E6C8B9CE8E0824A78CE12390 ] \Device\Harddisk0\DR0\Partition3
20:52:44.0936 7484 \Device\Harddisk0\DR0\Partition3 - ok
20:52:44.0941 7484 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4
20:52:44.0941 7484 \Device\Harddisk0\DR0\Partition4 - ok
20:52:44.0950 7484 [ 6D7B821B369AA6D4A14C04BD91AD2B64 ] \Device\Harddisk0\DR0\Partition5
20:52:44.0953 7484 \Device\Harddisk0\DR0\Partition5 - ok
20:52:44.0962 7484 [ C5C62BE79BF58E4A24EDCA267A9D449C ] \Device\Harddisk0\DR0\Partition6
20:52:44.0965 7484 \Device\Harddisk0\DR0\Partition6 - ok
20:52:44.0966 7484 ============================================================
20:52:44.0966 7484 Scan finished
20:52:44.0966 7484 ============================================================
20:52:44.0991 9140 Detected object count: 3
20:52:44.0991 9140 Actual detected object count: 3
20:53:06.0358 9140 btmhsf ( UnsignedFile.Multi.Generic ) - skipped by user
20:53:06.0358 9140 btmhsf ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:53:06.0363 9140 ibtfltcoex ( UnsignedFile.Multi.Generic ) - skipped by user
20:53:06.0363 9140 ibtfltcoex ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:53:06.0365 9140 PST Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:53:06.0365 9140 PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
EDIT2: Download von OTLPENet.exe von geekstogo steht jetzt schon seit ca. 15 Minuten bei 0%. ISO Burner wird auf filepony gar nicht gefunden. Kann man z.B. Nero verwenden? Vorausgesetzt ich krieg die OTLPENet.exe noch irgendwie? Geändert von LTB666 (16.01.2013 um 21:38 Uhr) Grund: Nachsatz eingefügt |
|
16.01.2013, 22:37
| #7 | |
| /// Malware-holic | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen hi nein brauchst du nicht laden, hatte den post nicht richtig editiert. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 22:38
| #8 |
| | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen combofix.txt: Code:
ATTFilter ComboFix 13-01-16.01 - *** 16.01.2013 22:46:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3982.980 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Roaming
c:\users\***\Desktop\Internet Explorer.lnk
c:\users\Public\sdelevURL.tmp
c:\windows\msvcr71.dll
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-16 bis 2013-01-16 ))))))))))))))))))))))))))))))
.
.
2013-01-16 21:50 . 2013-01-16 21:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-16 18:35 . 2013-01-16 18:38 -------- d-----w- C:\_OTL
2013-01-16 00:53 . 2013-01-16 00:53 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-01-16 00:52 . 2013-01-16 00:52 -------- d-----w- c:\programdata\Malwarebytes
2013-01-16 00:52 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-16 00:51 . 2013-01-16 00:51 -------- d-----w- c:\users\***\AppData\Local\Programs
2013-01-15 20:47 . 2013-01-15 20:47 -------- d-----w- c:\program files (x86)\ESET
2013-01-10 17:10 . 2013-01-10 17:10 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-09 19:46 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 19:46 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 19:46 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 19:43 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-08 00:13 . 2013-01-08 00:13 308200 ----a-w- c:\windows\system32\javaws.exe
2013-01-08 00:13 . 2013-01-08 00:13 188392 ----a-w- c:\windows\system32\javaw.exe
2013-01-08 00:13 . 2013-01-08 00:13 188392 ----a-w- c:\windows\system32\java.exe
2013-01-08 00:13 . 2013-01-08 00:13 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-08 00:12 . 2013-01-08 00:12 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-08 00:11 . 2013-01-08 00:11 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-08 00:11 . 2013-01-08 00:11 -------- d-----w- c:\program files (x86)\Java
2013-01-07 23:59 . 2013-01-07 23:59 -------- d-----w- c:\programdata\Diving Log
2013-01-07 23:47 . 2013-01-07 23:47 -------- d-----w- c:\users\***\AppData\Roaming\OSTC
2013-01-06 00:52 . 2013-01-06 00:53 -------- d-----w- c:\users\***\AppData\Roaming\.minecraft
2012-12-28 16:17 . 2012-12-28 16:17 -------- d-----w- c:\programdata\Motorola
2012-12-28 16:07 . 2013-01-16 18:36 -------- d-----w- C:\Temp
2012-12-28 16:07 . 2012-12-28 16:07 -------- d-----w- c:\users\***\AppData\Roaming\Motorola Mobility
2012-12-28 16:06 . 2012-12-28 16:07 -------- d-----w- c:\program files (x86)\Motorola Mobility
2012-12-28 16:06 . 2012-12-28 16:06 -------- d-----w- c:\program files (x86)\Motorola
2012-12-28 16:06 . 2012-12-28 16:06 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-12-28 16:06 . 2012-12-28 16:06 -------- d-----w- c:\program files\Motorola Inc
2012-12-28 16:06 . 2012-12-28 16:06 -------- d-----w- c:\program files\Common Files\Motorola Shared
2012-12-28 16:04 . 2012-12-28 16:04 -------- d-----w- c:\users\***\AppData\Roaming\Motorola
2012-12-28 15:29 . 2012-12-28 17:08 -------- d-----w- c:\users\***\AppData\Roaming\MyPhoneExplorer
2012-12-24 11:49 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-24 11:49 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-24 11:49 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-24 11:49 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 18:22 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-20 18:22 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-20 18:22 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-20 18:22 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 18:36 . 2012-06-20 23:33 440 ----a-w- c:\users\***\AppData\Roaming\sp_data.sys
2013-01-13 22:09 . 2012-06-21 16:22 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 20:21 . 2012-07-07 04:01 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 20:21 . 2012-07-07 04:01 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 00:13 . 2012-11-03 23:26 959976 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-08 00:13 . 2012-11-03 23:26 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-08 00:11 . 2012-11-03 23:29 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-08 00:11 . 2012-11-03 23:29 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-30 04:45 . 2013-01-09 19:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-15 22:33 . 2012-11-15 22:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-21 102568]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-06-02 3058304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-2-24 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
R3 AX88772B;ASIX AX88772B USB2.0 to Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ax88772b.sys [2012-04-05 110592]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2012-02-13 747008]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-03-21 60928]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-01-27 34200]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-03-29 273168]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-03-15 311400]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-03-27 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-03-27 1104208]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
S2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;c:\windows\SysWOW64\DptfParticipantProcessorService.exe [2012-02-20 18944]
S2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;c:\windows\SysWOW64\DptfPolicyConfigTDPService.exe [2012-02-20 19968]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe [2012-04-10 193536]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-03-29 2669840]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-02-29 17152]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2011-12-21 35968]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2011-11-08 16512]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-03-27 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2012-02-13 95232]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys [2012-02-20 107288]
S3 DptfDevFan;DptfDevFan;c:\windows\system32\DRIVERS\DptfDevFan.sys [2012-02-20 42776]
S3 DptfDevGen;DptfDevGen;c:\windows\system32\DRIVERS\DptfDevGen.sys [2012-02-20 64792]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys [2012-02-20 96024]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys [2012-02-20 220952]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys [2012-02-20 357656]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-27 331264]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys [2012-04-10 26504]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-01-27 25496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 00454123
*Deregistered* - 00454123
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 20:21]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2013-01-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-01-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-29 12460136]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\w09thd6h.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-DptfPolicyLpmServiceHelper - c:\windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-16 22:53:03
ComboFix-quarantined-files.txt 2013-01-16 21:53
.
Vor Suchlauf: 12 Verzeichnis(se), 52.919.500.800 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 52.509.773.824 Bytes frei
.
- - End Of File - - 0418F98126901663C83AD3B3D3508FDA
Geändert von LTB666 (16.01.2013 um 23:09 Uhr) |
|
17.01.2013, 16:04
| #9 |
| /// Malware-holic | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 18:39
| #10 |
| | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen Hi, hier die Liste: Code:
ATTFilter 7-Zip 9.20 16.01.2013 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 - notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 - notwendig Adobe Reader X (10.1.5) MUI Adobe Systems Incorporated 15.01.2013 396MB 10.1.5 - notwendig ASUS AI Recovery ASUS 02.06.2012 9,10MB 1.0.24 - unbekannt ASUS FaceLogon ASUS 02.06.2012 11,9MB 1.0.0014 - unbekannt ASUS LifeFrame3 ASUS 02.06.2012 37,7MB 3.1.1 - unbekannt ASUS Live Update ASUS 25.08.2012 5,26MB 3.1.7 - notwendig ASUS Power4Gear Hybrid ASUS 02.06.2012 16,4MB 1.2.1 - unbekannt ASUS PWR Option ASUS 02.06.2012 14,3MB 1.1.0 - notwendig ASUS Splendid Video Enhancement Technology ASUS 02.06.2012 21,2MB 1.02.0041 - unbekannt ASUS Tutor ASUS 02.06.2012 20,1MB 1.0.3 - unbekannt ASUS USB Charger Plus ASUS 02.06.2012 6,97MB 2.0.9 - unbekannt ASUS Virtual Touch ASUS 02.06.2012 5,76MB 1.0.9 - unbekannt ASUS WebStorage eCareme Technologies, Inc. 02.06.2012 - unbekannt 3.0.108.222 ASUS_Scr_ZenbookPrime ASUS 02.06.2012 152MB 1.0.0001 - unbekannt AsusVibe2.0 ASUSTEK 02.06.2012 2.0.9.157 - unbekannt ATK Package ASUS 11.09.2012 12,0MB 1.0.0010 - unbekannt AVG 2013 AVG Technologies 10.01.2013 2013.0.2890 - notwendig AX88772B Windows 7 Drivers ASIX Electronics Corporation 02.06.2012 5,32MB 1.0.2.0 - unbekannt Bubbletown Oberon Media 02.06.2012 - unbekannt CCleaner Piriform 19.12.2012 3.26 - notwendig ;) Control ActiveX de Windows Live Mesh para conexiones remotas Microsoft Corporation 23.02.2012 5,37MB 15.4.5722.2 - unbekannt Controlo ActiveX do Windows Live Mesh para Ligações Remotas Microsoft Corporation 23.02.2012 5,38MB 15.4.5722.2 - unbekannt Contrôle ActiveX Windows Live Mesh pour connexions à distance Microsoft Corporation 23.02.2012 5,37MB 15.4.5722.2 - unbekannt Deadtime Stories Oberon Media 02.06.2012 - unbekannt Diving Log 5.0 Divinglog 08.01.2013 5.0 - notwendig Dream Day First Home Oberon Media 02.06.2012 - unbekannt Dream Vacation Solitaire Oberon Media 02.06.2012 - unbekannt Dropbox Dropbox, Inc. 24.12.2012 1.6.10 - notwendig ESET Online Scanner v3 15.01.2013 - unnötig ETDWare PS/2-X64 10.5.9.0 ELAN Microelectronic Corp. 02.06.2012 10.5.9.0 - unbekannt Farm Frenzy 3 - Madagascar Oberon Media 02.06.2012 - unbekannt Galapago Oberon Media 02.06.2012 - unbekannt Game Park Console Oberon Media Inc. 02.06.2012 1.2.4.431 - unbekannt Go Go Gourmet Chef of the Year Oberon Media 02.06.2012 - unbekannt Google Chrome Google Inc. 23.02.2012 15.0.874.120 - notwendig InstantOn for NB ASUS 02.06.2012 7,44MB 2.3.2 - benötigt Intel(R) Dynamic Platform & Thermal Framework Intel Corporation 02.06.2012 6.0.1.1067 - unbekannt Intel(R) Manageability Engine Firmware Recovery Agent Intel Corporation 02.06.2012 54,8MB 1.0.0.35342 - unbekannt Intel(R) Management Engine Components Intel Corporation 02.06.2012 8.0.3.1427 - unbekannt Intel(R) OpenCL CPU Runtime Intel Corporation 02.06.2012 - unbekannt Intel(R) Processor Graphics Intel Corporation 02.06.2012 8.15.10.2696 - unbekannt Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed Intel Corporation 02.06.2012 5,30MB 15.1.0.0096 - unbekannt Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology Intel Corporation 02.06.2012 95,2MB 2.1.1.0153 - unbekannt Intel(R) Rapid Start Technology Intel Corporation 02.06.2012 1.0.0.1024 - unbekannt Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 02.06.2012 1.0.4.225 - unbekannt Intel(R) WiDi Intel Corporation 02.06.2012 141MB 3.0.13.0 - unbekannt Intel® AT Service signup Intel Corporation 02.06.2012 374KB 2.0.0.3 - unbekannt Intel® PROSet/Wireless WiFi Software Intel Corporation 02.06.2012 181MB 15.01.1000.0927 - unbekannt Intel® Trusted Connect Service Client Intel Corporation 02.06.2012 10,6MB 1.23.605.1 - unbekannt Java 7 Update 10 Oracle 08.01.2013 130MB 7.0.100 - notwendig Java 7 Update 10 (64-bit) Oracle 08.01.2013 127MB 7.0.100 Mahjong Memoirs Oberon Media 02.06.2012 - notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 16.01.2013 18,4MB 1.70.0.1100 - benötigt Mares DRAK Mares Spa 31.08.2012 31,4MB 1.5.0 - benötigt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.02.2012 38,8MB 4.0.30319 - benötigt Microsoft .NET Framework 4 Extended Microsoft Corporation 24.02.2012 51,9MB 4.0.30319 - benötigt Microsoft Office Professional 2010 Microsoft Corporation 26.06.2012 14.0.6029.1000 - benötigt Microsoft Silverlight Microsoft Corporation 21.06.2012 40,3MB 4.1.10329.0 - benötigt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 23.02.2012 1,69MB 3.1.0000 - unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 28.12.2012 300KB 8.0.61001 - unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 02.06.2012 788KB 9.0.30729 - unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 21.06.2012 786KB 9.0.30729.6161 - unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02.06.2012 596KB 9.0.30729 - unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.06.2012 592KB 9.0.30729.4148 - unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 21.06.2012 598KB 9.0.30729.6161 - unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 02.06.2012 13,8MB 10.0.40219 - unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 02.06.2012 11,1MB 10.0.40219 - unbekannt Motorola Device Manager Motorola Mobility 28.12.2012 2.3.4 benötigt Mozilla Firefox 15.0.1 (x86 de) Mozilla 11.09.2012 55,2MB 15.0.1 - unnötig Mozilla Firefox 16.0.2 (x86 de) Mozilla 29.12.2012 38,5MB 16.0.2 - unnötig Mozilla Thunderbird 13.0.1 (x86 de) Mozilla 21.06.2012 39,1MB 13.0.1 - benötigt Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 15.01.2013 41,9MB 17.0.2 - benötigt MRU-Blaster v1.5 (Database 3/28/2004) Javacool Software LLC 29.11.2012 - benötigt 1.5 MSXML 4.0 SP3 Parser Microsoft Corporation 28.12.2012 1,47MB 4.30.2100.0 - unbekannt MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 03.01.2013 1,53MB 4.30.2114.0 - unbekannt MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 11.01.2013 1,54MB 4.30.2117.0 - unbekannt MyPhoneExplorer F.J. Wechselberger 28.12.2012 1.8.4 - benötigt Opera 12.12 Opera Software ASA 30.12.2012 12.12.1707 - benötigt OSTC Planner OSTC 08.01.2013 14,8MB 451 - benötigt Plants vs Zombies Oberon Media 02.06.2012 - unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 02.06.2012 6.0.1.6608 - benötigt Realtek USB 2.0 Reader Driver Realtek Semiconductor Corp. 02.06.2012 6.1.7600.10010 - benötigt Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) 31.08.2012 - unbekannt Skype™ 6.0 Skype Technologies S.A. 08.12.2012 20,3MB 6.0.126 - benötigt Turbo Fiesta Oberon Media 02.06.2012 - unbekannt Visual Studio 2008 x64 Redistributables AVG Technologies 21.06.2012 10,0MB 10.0.0.2 - unbekannt Visual Studio 2010 x64 Redistributables AVG Technologies 13.12.2012 12,4MB 13.0.0.1 - unbekannt VLC media player 2.0.4 VideoLAN 28.11.2012 2.0.4 - benötigt Windows Live Essentials Microsoft Corporation 23.02.2012 15.4.3538.0513 - unbekannt Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Microsoft Corporation 23.02.2012 5,37MB 15.4.5722.2 - unbekannt Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 23.02.2012 5,37MB 15.4.5722.2 - unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 23.02.2012 5,38MB 15.4.5722.2 - unbekannt WinFlash ASUS 02.06.2012 881KB 2.41.1 - unbekannt Wireless Console 3 ASUS 02.06.2012 9,11MB 3.0.27 - unbekannt World of Goo Oberon Media 02.06.2012 - unbekannt Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις Microsoft Corporation 23.02.2012 5,38MB 15.4.5722.2 - unbekannt Элемент управления Windows Live Mesh ActiveX для удаленных подключений Microsoft Corporation 23.02.2012 5,37MB 15.4.5722.2 - unbekannt פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים Microsoft Corporation 23.02.2012 5,37MB 15.4.5722.2 - unbekannt عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة Microsoft Corporation 23.02.2012 5,37MB 15.4.5722.2 - unbekannt 適用遠端連線的 Windows Live Mesh ActiveX 控制項 Microsoft Corporation 23.02.2012 5,56MB 15.4.5722.2 - unbekannt Viele Grüße, L. |
|
17.01.2013, 18:44
| #11 |
| /// Malware-holic | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Control Controlo Contrôle Deadtime Dream : beide ESET Farm Galapago Game Go Java : beide downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Plants vs Windows Live : alle von dir nicht verwendeten. World of Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 18:59
| #13 |
| /// Malware-holic | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen Ja, oder über Software, wies dir gefällt :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 20:07
| #14 |
| | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen Ergebnis: Code:
ATTFilter # AdwCleaner v2.106 - Datei am 17/01/2013 um 20:04:22 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lars - ZENBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lars\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Softonic
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Datei : C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\w09thd6h.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\Lars\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [889 octets] - [17/01/2013 20:04:22]
########## EOF - C:\AdwCleaner[R1].txt - [948 octets] ##########
|
|
17.01.2013, 20:28
| #15 |
| /// Malware-holic | GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen Hi, da versuch mal den Rewo: http://www.hijackthis-forum.de/tipps...installer.html der kann das sicher deinstalieren. Downloade Dir bitte AdwCleaner auf deinen Desktop.
neustarten, testen, wie der PC + Programme wie Browser laufen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen |
| adobe, autorun, avg, bho, bildschirm, defender, fehlermeldung, firefox, flash player, format, frage, home, logfile, monitor, plug-in, realtek, registry, scan, senden, sicherheit, software, starten, trojaner, usb, windows |
Linear-Darstellung
