|
Log-Analyse und Auswertung: GVU trojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.01.2013, 17:47 | #1 |
| GVU trojaner Hallo habe ein kleines Problem mit einem GVU Trojaner :-( Wäre jemand bitte bereit mir zu helfen. Habe Win 7 Ultimate. Leider bin ich nicht oft oder unregelmäßig am Rechner, also Rückmeldungen können etwas dauern. Gruß josuhasottie |
18.01.2013, 18:04 | #2 |
/// Malware-holic | GVU trojaner Hi,
__________________neustart, f8 drücken abgesicherter modus mit Netzwerk wählen, im betroffenen Konto anmelden. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
18.01.2013, 18:47 | #3 |
| GVU trojaner Hi
__________________danke für das schnelle reagieren. Hier der OLT.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 18.01.2013 18:29:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jürgen_2\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 80,24% Memory free 6,00 Gb Paging File | 5,43 Gb Available in Paging File | 90,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 105,38 Gb Free Space | 22,63% Space Free | Partition Type: NTFS Drive D: | 41,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 1,86 Gb Total Space | 0,43 Gb Free Space | 23,04% Space Free | Partition Type: FAT32 Drive G: | 1863,01 Gb Total Space | 601,50 Gb Free Space | 32,29% Space Free | Partition Type: NTFS Computer Name: JÜRGEN-PC | User Name: Jürgen | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.18 18:18:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen_2\Desktop\OTL.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2013.01.08 22:17:22 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.05 04:44:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.07.25 09:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2012.07.25 09:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.04.20 04:56:47 | 000,083,240 | ---- | M] () [Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.29 15:59:40 | 000,517,416 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4) SRV - [2010.01.21 00:52:14 | 000,167,528 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2010.01.21 00:52:12 | 000,370,792 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.04.17 09:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athr.sys -- (athr) DRV - [2012.12.29 11:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.09.20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.09.07 19:26:05 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.09.07 19:26:05 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.09.07 19:26:05 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.06.27 09:37:56 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2012.06.27 09:37:56 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2012.06.27 09:37:56 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2012.06.27 09:37:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.04.20 04:56:48 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD) DRV - [2011.04.13 17:30:04 | 000,161,024 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2011.04.13 17:30:02 | 000,067,456 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010.11.20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010.11.20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.09 01:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2010.03.04 17:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2004.06.03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PfModNT.sys -- (PfModNT) DRV - [2004.05.18 01:25:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctpdusb.sys -- (Jukebox3) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 73 7E 90 55 9B CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.14 17:55:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.14 17:56:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.09.26 15:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Extensions [2012.10.21 20:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\ffnxk3nm.default\extensions [2012.10.21 20:01:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\ffnxk3nm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.01.14 17:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [RemoteControl11] C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Jürgen\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jürgen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O13 - gopher Prefix: missing O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F250F523-F749-4FF1-BC86-9EF46549B65B}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2013.01.12 14:31:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.08 10:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2013.01.01 19:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [2013.01.01 19:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2013.01.01 18:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2013.01.01 17:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Creative [2012.12.21 11:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.12.21 11:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.12.21 11:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.21 11:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.21 11:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.21 11:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 ========== Files - Modified Within 30 Days ========== [2013.01.18 18:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.18 18:25:34 | 2415,456,256 | -HS- | M] () -- C:\hiberfil.sys [2013.01.18 18:18:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.18 18:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.18 18:14:24 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.18 18:14:24 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.18 18:14:24 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.18 18:14:24 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.18 17:48:59 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.18 17:48:59 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.18 17:38:40 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.14 17:56:05 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.01.14 17:55:54 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.10 17:14:51 | 000,294,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.29 11:26:54 | 000,013,153 | ---- | M] () -- C:\Windows\System32\nvinfo.pb [2012.12.29 09:25:57 | 002,923,201 | ---- | M] () -- C:\Windows\System32\nvcoproc.bin [2012.12.21 11:42:09 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.12.21 11:12:50 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2013.01.01 20:02:08 | 000,294,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.01 17:46:55 | 000,028,672 | ---- | C] () -- C:\Windows\System32\PdeSrvps.dll [2013.01.01 17:46:55 | 000,002,444 | ---- | C] () -- C:\Windows\ctpdusb.uns [2013.01.01 17:44:30 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE [2013.01.01 17:44:30 | 000,006,067 | ---- | C] () -- C:\Windows\UNWISE.INI [2012.12.21 11:42:09 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.12.18 15:02:19 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2012.09.25 20:51:53 | 002,923,201 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.09.25 20:44:13 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.04.12 02:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.12 02:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.26 16:17:56 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\DVDFab [2012.10.21 20:01:19 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\DVDVideoSoft [2012.10.21 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.25 21:04:10 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\pdfforge [2012.10.04 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Samsung [2012.09.26 15:50:22 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Thunderbird [2012.12.12 23:50:47 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.01.18 17:33:07 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.01.12 18:12:47 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.09.25 20:36:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.09.25 20:50:25 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.08 10:05:44 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.01 18:49:08 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.09.25 20:36:41 | 000,000,000 | -HSD | M] -- C:\Programme [2012.09.25 20:36:41 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.01.18 17:31:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.17 18:18:13 | 000,000,000 | ---D | M] -- C:\temp [2013.01.18 17:32:49 | 000,000,000 | R--D | M] -- C:\Users [2013.01.18 18:25:35 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 22:29:06 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 05:53:46 | 000,032,634 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2012.09.25 20:41:06 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.09.25 21:07:56 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.09.25 21:07:58 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: NVSTOR32.SYS > [2010.04.09 01:32:56 | 000,215,656 | ---- | M] (NVIDIA Corporation) MD5=8C98D67A228B7C4476656B80633CD485 -- C:\NVIDIA\nForceWin7VistaInt\15.57\IDE\Win7\sataraid\nvstor32.sys [2010.04.09 01:32:56 | 000,215,656 | ---- | M] (NVIDIA Corporation) MD5=8C98D67A228B7C4476656B80633CD485 -- C:\NVIDIA\nForceWin7VistaInt\15.57\IDE\WinVista\sataraid\nvstor32.sys [2010.04.09 01:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) MD5=97778C3CB3AF6B2243648D0DCD4D8916 -- C:\NVIDIA\nForceWin7VistaInt\15.57\IDE\Win7\sata_ide\nvstor32.sys [2010.04.09 01:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) MD5=97778C3CB3AF6B2243648D0DCD4D8916 -- C:\NVIDIA\nForceWin7VistaInt\15.57\IDE\WinVista\sata_ide\nvstor32.sys [2010.04.09 01:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) MD5=97778C3CB3AF6B2243648D0DCD4D8916 -- C:\Windows\System32\drivers\nvstor32.sys [2010.04.09 01:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) MD5=97778C3CB3AF6B2243648D0DCD4D8916 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_42c5f57853db3f80\nvstor32.sys < MD5 for: SCECLI.DLL > [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WINLOGON.EXE > [2012.09.07 16:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.18 18:26:57 | 001,310,720 | -HS- | M] () -- C:\Users\Jürgen\ntuser.dat [2013.01.18 18:26:56 | 000,262,144 | -HS- | M] () -- C:\Users\Jürgen\ntuser.dat.LOG1 [2012.09.25 20:37:24 | 000,000,000 | -HS- | M] () -- C:\Users\Jürgen\ntuser.dat.LOG2 [2013.01.15 18:36:51 | 000,065,536 | -HS- | M] () -- C:\Users\Jürgen\ntuser.dat{47cdcb5f-5f39-11e2-8039-0019db68ef64}.TM.blf [2013.01.15 18:36:51 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\ntuser.dat{47cdcb5f-5f39-11e2-8039-0019db68ef64}.TMContainer00000000000000000001.regtrans-ms [2013.01.15 18:36:51 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\ntuser.dat{47cdcb5f-5f39-11e2-8039-0019db68ef64}.TMContainer00000000000000000002.regtrans-ms [2012.09.25 20:37:27 | 000,065,536 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2012.09.25 20:37:27 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2012.09.25 20:37:27 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012.11.22 17:10:21 | 000,065,536 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{72ae1cd9-34be-11e2-8bdf-0019db68ef64}.TM.blf [2012.11.22 17:10:21 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{72ae1cd9-34be-11e2-8bdf-0019db68ef64}.TMContainer00000000000000000001.regtrans-ms [2012.11.22 17:10:21 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{72ae1cd9-34be-11e2-8bdf-0019db68ef64}.TMContainer00000000000000000002.regtrans-ms [2012.10.17 05:05:43 | 000,065,536 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{aa808633-17a0-11e2-9413-0019db68ef64}.TM.blf [2012.10.17 05:05:43 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{aa808633-17a0-11e2-9413-0019db68ef64}.TMContainer00000000000000000001.regtrans-ms [2012.10.17 05:05:43 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{aa808633-17a0-11e2-9413-0019db68ef64}.TMContainer00000000000000000002.regtrans-ms [2012.11.11 16:44:44 | 000,065,536 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{ab1f4267-2c04-11e2-91c8-0019db68ef64}.TM.blf [2012.11.11 16:44:44 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{ab1f4267-2c04-11e2-91c8-0019db68ef64}.TMContainer00000000000000000001.regtrans-ms [2012.11.11 16:44:44 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{ab1f4267-2c04-11e2-91c8-0019db68ef64}.TMContainer00000000000000000002.regtrans-ms [2013.01.07 14:34:03 | 000,065,536 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{c70b6c27-58a9-11e2-804d-0019db68ef64}.TM.blf [2013.01.07 14:34:03 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{c70b6c27-58a9-11e2-804d-0019db68ef64}.TMContainer00000000000000000001.regtrans-ms [2013.01.07 14:34:03 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\NTUSER.DAT{c70b6c27-58a9-11e2-804d-0019db68ef64}.TMContainer00000000000000000002.regtrans-ms [2013.01.08 09:53:10 | 000,065,536 | -HS- | M] () -- C:\Users\Jürgen\ntuser.dat{c70b6c79-58a9-11e2-804d-0019db68ef64}.TM.blf [2013.01.08 09:53:10 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\ntuser.dat{c70b6c79-58a9-11e2-804d-0019db68ef64}.TMContainer00000000000000000001.regtrans-ms [2013.01.08 09:53:10 | 000,524,288 | -HS- | M] () -- C:\Users\Jürgen\ntuser.dat{c70b6c79-58a9-11e2-804d-0019db68ef64}.TMContainer00000000000000000002.regtrans-ms [2012.09.25 20:37:24 | 000,000,020 | -HS- | M] () -- C:\Users\Jürgen\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > und der Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.01.2013 18:29:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jürgen_2\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 80,24% Memory free 6,00 Gb Paging File | 5,43 Gb Available in Paging File | 90,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 105,38 Gb Free Space | 22,63% Space Free | Partition Type: NTFS Drive D: | 41,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 1,86 Gb Total Space | 0,43 Gb Free Space | 23,04% Space Free | Partition Type: FAT32 Drive G: | 1863,01 Gb Total Space | 601,50 Gb Free Space | 32,29% Space Free | Partition Type: NTFS Computer Name: JÜRGEN-PC | User Name: Jürgen | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1F68D91B-3606-405E-BB36-3F5F943E16E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{312F0925-ECAE-41D2-9F4A-DC3A1C797322}" = lport=139 | protocol=6 | dir=in | app=system | "{409F4A7E-79CC-4ED9-85C0-95E12307D9B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4E930945-FD56-4D55-AF6D-7B2357D59580}" = lport=137 | protocol=17 | dir=in | app=system | "{4E96719B-EA08-40E9-9169-386E762C2C29}" = rport=138 | protocol=17 | dir=out | app=system | "{50298C71-698F-4B6B-8F63-F7788B84CE61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5201F7A6-DCA8-4CD8-B5DB-8749B8AB1B33}" = rport=10243 | protocol=6 | dir=out | app=system | "{564186EA-55D4-4EBB-A22B-1F9A22326CEF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{661BF454-08BB-46C8-90DB-2DD86D4FA9B3}" = lport=10243 | protocol=6 | dir=in | app=system | "{67CD1430-D622-46FB-843F-9D7E0162A852}" = lport=138 | protocol=17 | dir=in | app=system | "{78B14B9C-B9BB-4F6B-913C-2823E2A8FFBB}" = rport=445 | protocol=6 | dir=out | app=system | "{981BD98D-91D1-4856-86A6-3682350EF9AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B3A8EB5F-BAD8-489E-BA3D-476D03B4016D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C86932C2-F577-4C79-B8F6-5C57ABF82083}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CC5604E5-4F14-4C67-8D21-D7D25B4ECAD8}" = lport=2869 | protocol=6 | dir=in | app=system | "{CC5CE3EA-D9A3-47A4-A096-4F4A70726EE0}" = lport=445 | protocol=6 | dir=in | app=system | "{CDAFA408-08F1-4264-99DB-9E0DCB15EE05}" = rport=137 | protocol=17 | dir=out | app=system | "{D258A951-5FC2-48C4-9E1C-A818502CEE7C}" = rport=139 | protocol=6 | dir=out | app=system | "{D4EA4D8B-9DF5-442C-9227-FAA0281594E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FC217E25-ED71-444F-BE5A-9F280EF8CF19}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FC392DDC-3214-42C7-A42A-5F1C6655D379}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0030D479-FD53-4BC9-A6B2-BF7243E9026A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1493D41B-1C95-41B8-AC2C-446DC6341CAD}" = dir=in | app=c:\program files\cyberlink\powerdvd11\pdvd11serv.exe | "{1841F7CA-766E-4E72-BF45-9C392E8851B3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{1BF019AA-8958-411B-B68B-054F122A0E67}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{1C8EAE67-B046-4C26-BEA1-5DFFFB4C9C3E}" = dir=in | app=c:\program files\itunes\itunes.exe | "{2E9F93BF-548B-488C-92D2-3A0DF20DE778}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{30540529-1D97-4233-8858-62213DB6C66F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{43EA7E87-8218-472C-907A-48D2C8FC9769}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5FBEAEA1-775F-42C8-AB9A-BCFD8AA2C476}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{6E1B452C-1022-4D59-811A-AC2858415CC7}" = protocol=17 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe | "{7015917B-AA7A-4E63-8A54-AF28B444F08D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{70993598-0B1B-479C-B344-31ECE32C03A0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8B62A21E-455E-40CB-8BE2-B2FCD6D06F10}" = dir=in | app=c:\program files\cyberlink\powerdvd11\powerdvd11.exe | "{8EFB616F-92A1-4B9B-8827-BBF14866E716}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{913ADED1-7148-408E-8611-01644E1E0A22}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{99C1AD57-E5E5-4882-AEDE-9A9600723CD1}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{9E1F3CFE-8B94-41AA-855C-AA5225758A90}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A281D530-36B1-4E03-A474-94215C78CD55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A95C79F5-799A-441B-A318-FA929E06379C}" = protocol=6 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe | "{BA130E31-EB13-411F-BC5E-61090CD6C8F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C7737DBE-EEC3-4D06-BD91-E1B6E5CD54D1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CF0F5B25-1219-40CC-B0A8-5A29453730CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D1EC9A17-A395-4663-B409-A858035EA213}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D2A39CD2-F41D-4B73-9E7D-6CDE97FC1A7A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{D8254936-E0CD-4948-9E2E-A6805ABC65D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DF7898D3-F91B-4B34-B57E-9D4CEB943048}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E225029E-6C4D-4BE7-917B-AD7849F0D17B}" = protocol=6 | dir=out | app=system | "{E89E9A40-BF8D-44F4-93F7-2E6593500F55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{3C7F3BD9-CDD1-4FFB-8AA5-854C67DB5490}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{CC014321-5501-4EB6-8A42-3025AEFFE1F7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{1103112B-513D-4DEF-96B4-9889774E0118}" = Creative Zen Touch "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{194A4B5E-DF6F-00B8-30B7-D9148A2E305B}" = Flixster "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 10 "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51788b29-956c-4b62-961d-393542e7f1d2}" = Nero 9 Essentials "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME "{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{ea68f00b-bd1f-4757-9a5d-880d76331c6a}" = Nero MediaHome 4 Essentials "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11 "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "AudibleManager" = AudibleManager "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "com.wb.DC2" = Flixster "Creative Jukebox Driver" = Creative Jukebox Driver "Defraggler" = Defraggler "DVDFab 8 Qt_is1" = DVDFab 8.2.1.5 (10/10/2012) Qt "Free Studio_is1" = Free Studio version 5.7.6.1015 "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de) "Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Philips Songbird" = Philips Songbird "Secunia PSI" = Secunia PSI (3.0.0.3001) "SysInfo" = Creative-Systeminformationen "uTorrent" = µTorrent "WinRAR archiver" = WinRAR 4.20 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.01.2013 03:43:08 | Computer Name = Jürgen-PC | Source = WinMgmt | ID = 10 Description = Error - 06.01.2013 12:39:57 | Computer Name = Jürgen-PC | Source = WinMgmt | ID = 10 Description = Error - 07.01.2013 05:10:17 | Computer Name = Jürgen-PC | Source = WinMgmt | ID = 10 Description = Error - 07.01.2013 16:57:47 | Computer Name = Jürgen-PC | Source = WinMgmt | ID = 10 Description = Error - 08.01.2013 04:35:45 | Computer Name = Jürgen-PC | Source = WinMgmt | ID = 10 Description = Error - 08.01.2013 05:06:35 | Computer Name = Jürgen-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457, Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: D3D10Warp.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b7af Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002b38f ID des fehlerhaften Prozesses: 0x16e8 Startzeit der fehlerhaften Anwendung: 0x01cded7dce946cc8 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\D3D10Warp.dll Berichtskennung: b35c0bd0-5972-11e2-b35d-0019db68ef64 Error - 08.01.2013 17:13:46 | Computer Name = Jürgen-PC | Source = WinMgmt | ID = 10 Description = Error - 09.01.2013 01:09:28 | Computer Name = Jürgen-PC | Source = WinMgmt | ID = 10 Description = Error - 09.01.2013 16:02:16 | Computer Name = Jürgen-PC | Source = WinMgmt | ID = 10 Description = Error - 10.01.2013 12:16:16 | Computer Name = Jürgen-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 12.01.2013 09:20:13 | Computer Name = Jürgen-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35 Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware. Error - 12.01.2013 09:22:05 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error - 12.01.2013 09:22:05 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.01.2013 13:12:48 | Computer Name = Jürgen-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35 Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware. Error - 12.01.2013 13:12:48 | Computer Name = Jürgen-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35 Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware. Error - 12.01.2013 13:14:24 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error - 12.01.2013 13:14:24 | Computer Name = Jürgen-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.01.2013 16:28:57 | Computer Name = Jürgen-PC | Source = bowser | ID = 8003 Description = Error - 12.01.2013 19:27:15 | Computer Name = Jürgen-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35 Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware. Error - 12.01.2013 19:27:15 | Computer Name = Jürgen-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35 Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie sich beim Hersteller des Computers nach aktualisierter Firmware. < End of report > Gruß josuhasottie Geändert von josuhasottie (18.01.2013 um 19:16 Uhr) |
18.01.2013, 19:22 | #4 |
/// Malware-holic | GVU trojaner hi hast du Malwarebytes ausgeführt, wenn ja: es währe Günstig mir solche Infos nicht vor zuenthalten, das verkürtzt die Arbeitszeit ungemein. öffne Malwarebytes, Logdateien poste alle Berichte mit Funden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.01.2013, 19:30 | #5 |
| GVU trojaner Nein, habe noch Malwarebytes nicht ausgeführt, werde es aber sofort ausführen wenn ich wieder an meinem Rechner bin (in mit Smartphone on). Werde jede neue Info weiterleiten bzw. posten. Habe die Aufforderung das ich Malwarebytes ausführen soll leider nicht gesehen bzw. gelesen. Sorry Hi, habe gerade Malwarebytes ausgeführt (Quick Scan) und nach der Beschreibung den Fund gelöscht. Hier der Report: Malwarebytes Anti-Malware (Test) 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.01.18.09 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Jürgen :: JÜRGEN-PC [Administrator] Schutz: Deaktiviert 18.01.2013 23:15:15 mbam-log-2013-01-18 (23-15-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 285738 Laufzeit: 2 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Jürgen_2\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Hoffe habe alles richtig gemacht. Gruß und gute Nacht josuhasottie (Jürgen Schott) |
20.01.2013, 10:40 | #6 |
| GVU trojaner Hallo, auf einen inneren Verdacht hin, poste ich mein letzten Post mit dem Ergebniss vom Malwarebytes Anti-Malware Test noch einmal. Bitte nicht falsch verstehen, möchte damit niemanden Stressen. Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.18.09 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Jürgen :: JÜRGEN-PC [Administrator] Schutz: Deaktiviert 18.01.2013 23:15:15 mbam-log-2013-01-18 (23-15-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 285738 Laufzeit: 2 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Jürgen_2\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
20.01.2013, 15:01 | #7 |
/// Malware-holic | GVU trojaner hi du solltest es nicht ausführen, die frage war, ob du es ausgeführt hast, und wenn ja, solltest du die logs posten, bitte das nächste mal richtig lesen, danke. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
20.01.2013, 15:36 | #8 |
| GVU trojaner Hi, entschuldige habe da leider was missverstanden (bin in der Sache blutiger Anfänger). So habe jetzt tdsskiller wie beschrieben ausgeführt. Hier der Log: 15:11:26.0676 1568 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:11:27.0098 1568 ============================================================ 15:11:27.0098 1568 Current date / time: 2013/01/20 15:11:27.0098 15:11:27.0098 1568 SystemInfo: 15:11:27.0098 1568 15:11:27.0098 1568 OS Version: 6.1.7601 ServicePack: 1.0 15:11:27.0098 1568 Product type: Workstation 15:11:27.0098 1568 ComputerName: JÜRGEN-PC 15:11:27.0098 1568 UserName: Jürgen 15:11:27.0098 1568 Windows directory: C:\Windows 15:11:27.0098 1568 System windows directory: C:\Windows 15:11:27.0098 1568 Processor architecture: Intel x86 15:11:27.0098 1568 Number of processors: 2 15:11:27.0098 1568 Page size: 0x1000 15:11:27.0098 1568 Boot type: Safe boot with network 15:11:27.0098 1568 ============================================================ 15:11:27.0815 1568 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050 15:11:27.0815 1568 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 15:11:37.0222 1568 ============================================================ 15:11:37.0222 1568 \Device\Harddisk0\DR0: 15:11:37.0222 1568 MBR partitions: 15:11:37.0222 1568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 15:11:37.0222 1568 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000 15:11:37.0222 1568 \Device\Harddisk1\DR1: 15:11:37.0238 1568 MBR partitions: 15:11:37.0238 1568 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E06CC1 15:11:37.0238 1568 ============================================================ 15:11:37.0253 1568 C: <-> \Device\Harddisk0\DR0\Partition2 15:11:37.0284 1568 G: <-> \Device\Harddisk1\DR1\Partition1 15:11:37.0284 1568 ============================================================ 15:11:37.0284 1568 Initialize success 15:11:37.0284 1568 ============================================================ 15:12:25.0707 1788 ============================================================ 15:12:25.0707 1788 Scan started 15:12:25.0707 1788 Mode: Manual; SigCheck; TDLFS; 15:12:25.0707 1788 ============================================================ 15:12:26.0409 1788 ================ Scan system memory ======================== 15:12:26.0409 1788 System memory - ok 15:12:26.0409 1788 ================ Scan services ============================= 15:12:26.0549 1788 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 15:12:26.0658 1788 1394ohci - ok 15:12:26.0674 1788 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:12:26.0690 1788 ACPI - ok 15:12:26.0721 1788 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 15:12:26.0783 1788 AcpiPmi - ok 15:12:26.0877 1788 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 15:12:26.0892 1788 AdobeARMservice - ok 15:12:26.0924 1788 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:12:26.0939 1788 AdobeFlashPlayerUpdateSvc - ok 15:12:26.0970 1788 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:12:26.0986 1788 adp94xx - ok 15:12:27.0002 1788 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:12:27.0017 1788 adpahci - ok 15:12:27.0033 1788 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:12:27.0048 1788 adpu320 - ok 15:12:27.0064 1788 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:12:27.0173 1788 AeLookupSvc - ok 15:12:27.0204 1788 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 15:12:27.0267 1788 AFD - ok 15:12:27.0282 1788 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 15:12:27.0298 1788 agp440 - ok 15:12:27.0329 1788 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 15:12:27.0329 1788 aic78xx - ok 15:12:27.0360 1788 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 15:12:27.0407 1788 ALG - ok 15:12:27.0423 1788 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 15:12:27.0438 1788 aliide - ok 15:12:27.0454 1788 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 15:12:27.0470 1788 amdagp - ok 15:12:27.0485 1788 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 15:12:27.0485 1788 amdide - ok 15:12:27.0501 1788 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 15:12:27.0532 1788 AmdK8 - ok 15:12:27.0532 1788 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 15:12:27.0563 1788 AmdPPM - ok 15:12:27.0579 1788 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:12:27.0594 1788 amdsata - ok 15:12:27.0610 1788 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 15:12:27.0626 1788 amdsbs - ok 15:12:27.0641 1788 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:12:27.0641 1788 amdxata - ok 15:12:27.0672 1788 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys 15:12:27.0735 1788 androidusb - ok 15:12:27.0766 1788 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 15:12:27.0782 1788 AntiVirSchedulerService - ok 15:12:27.0797 1788 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 15:12:27.0813 1788 AntiVirService - ok 15:12:27.0828 1788 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 15:12:27.0860 1788 AppID - ok 15:12:27.0906 1788 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:12:27.0953 1788 AppIDSvc - ok 15:12:27.0984 1788 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 15:12:28.0031 1788 Appinfo - ok 15:12:28.0094 1788 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:12:28.0109 1788 Apple Mobile Device - ok 15:12:28.0125 1788 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 15:12:28.0172 1788 AppMgmt - ok 15:12:28.0203 1788 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys 15:12:28.0218 1788 arc - ok 15:12:28.0234 1788 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:12:28.0250 1788 arcsas - ok 15:12:28.0265 1788 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:12:28.0374 1788 AsyncMac - ok 15:12:28.0390 1788 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 15:12:28.0406 1788 atapi - ok 15:12:28.0421 1788 athr - ok 15:12:28.0452 1788 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:12:28.0499 1788 AudioEndpointBuilder - ok 15:12:28.0499 1788 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 15:12:28.0530 1788 Audiosrv - ok 15:12:28.0546 1788 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 15:12:28.0562 1788 avgntflt - ok 15:12:28.0593 1788 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 15:12:28.0608 1788 avipbb - ok 15:12:28.0624 1788 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 15:12:28.0624 1788 avkmgr - ok 15:12:28.0640 1788 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:12:28.0702 1788 AxInstSV - ok 15:12:28.0749 1788 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys 15:12:28.0796 1788 b06bdrv - ok 15:12:28.0811 1788 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 15:12:28.0842 1788 b57nd60x - ok 15:12:28.0874 1788 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 15:12:28.0920 1788 BDESVC - ok 15:12:28.0936 1788 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 15:12:28.0967 1788 Beep - ok 15:12:28.0998 1788 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 15:12:29.0045 1788 BFE - ok 15:12:29.0092 1788 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 15:12:29.0170 1788 BITS - ok 15:12:29.0186 1788 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 15:12:29.0201 1788 blbdrive - ok 15:12:29.0248 1788 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:12:29.0264 1788 Bonjour Service - ok 15:12:29.0279 1788 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:12:29.0295 1788 bowser - ok 15:12:29.0310 1788 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 15:12:29.0342 1788 BrFiltLo - ok 15:12:29.0342 1788 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 15:12:29.0373 1788 BrFiltUp - ok 15:12:29.0404 1788 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 15:12:29.0451 1788 Browser - ok 15:12:29.0466 1788 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 15:12:29.0482 1788 Brserid - ok 15:12:29.0498 1788 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 15:12:29.0529 1788 BrSerWdm - ok 15:12:29.0529 1788 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 15:12:29.0560 1788 BrUsbMdm - ok 15:12:29.0560 1788 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 15:12:29.0576 1788 BrUsbSer - ok 15:12:29.0607 1788 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 15:12:29.0622 1788 BTHMODEM - ok 15:12:29.0654 1788 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 15:12:29.0685 1788 bthserv - ok 15:12:29.0716 1788 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:12:29.0763 1788 cdfs - ok 15:12:29.0794 1788 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:12:29.0825 1788 cdrom - ok 15:12:29.0872 1788 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 15:12:29.0888 1788 CertPropSvc - ok 15:12:29.0903 1788 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys 15:12:29.0919 1788 circlass - ok 15:12:29.0934 1788 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 15:12:29.0950 1788 CLFS - ok 15:12:30.0028 1788 [ 4AA6694FB767BBFF6A8EF080806447BD ] CLHNServiceForPowerDVD C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe 15:12:30.0028 1788 CLHNServiceForPowerDVD - ok 15:12:30.0122 1788 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:12:30.0137 1788 clr_optimization_v2.0.50727_32 - ok 15:12:30.0200 1788 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:12:30.0215 1788 clr_optimization_v4.0.30319_32 - ok 15:12:30.0231 1788 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 15:12:30.0262 1788 CmBatt - ok 15:12:30.0278 1788 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:12:30.0278 1788 cmdide - ok 15:12:30.0309 1788 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 15:12:30.0324 1788 CNG - ok 15:12:30.0356 1788 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys 15:12:30.0371 1788 Compbatt - ok 15:12:30.0402 1788 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 15:12:30.0418 1788 CompositeBus - ok 15:12:30.0434 1788 COMSysApp - ok 15:12:30.0449 1788 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:12:30.0465 1788 crcdisk - ok 15:12:30.0512 1788 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\Windows\system32\CTsvcCDA.EXE 15:12:30.0543 1788 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning 15:12:30.0543 1788 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1) 15:12:30.0574 1788 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:12:30.0621 1788 CryptSvc - ok 15:12:30.0636 1788 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys 15:12:30.0683 1788 CSC - ok 15:12:30.0714 1788 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll 15:12:30.0746 1788 CscService - ok 15:12:30.0792 1788 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 15:12:30.0839 1788 DcomLaunch - ok 15:12:30.0886 1788 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 15:12:30.0917 1788 defragsvc - ok 15:12:30.0948 1788 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:12:30.0995 1788 DfsC - ok 15:12:31.0042 1788 [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 15:12:31.0042 1788 dg_ssudbus - ok 15:12:31.0073 1788 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 15:12:31.0120 1788 Dhcp - ok 15:12:31.0136 1788 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 15:12:31.0167 1788 discache - ok 15:12:31.0214 1788 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys 15:12:31.0214 1788 Disk - ok 15:12:31.0229 1788 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 15:12:31.0276 1788 dmvsc - ok 15:12:31.0307 1788 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:12:31.0354 1788 Dnscache - ok 15:12:31.0370 1788 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 15:12:31.0401 1788 dot3svc - ok 15:12:31.0432 1788 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 15:12:31.0463 1788 DPS - ok 15:12:31.0494 1788 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:12:31.0526 1788 drmkaud - ok 15:12:31.0557 1788 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:12:31.0572 1788 DXGKrnl - ok 15:12:31.0604 1788 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 15:12:31.0635 1788 EapHost - ok 15:12:31.0713 1788 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys 15:12:31.0775 1788 ebdrv - ok 15:12:31.0806 1788 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 15:12:31.0838 1788 EFS - ok 15:12:31.0884 1788 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:12:31.0916 1788 ehRecvr - ok 15:12:31.0931 1788 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 15:12:31.0962 1788 ehSched - ok 15:12:31.0994 1788 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys 15:12:32.0009 1788 elxstor - ok 15:12:32.0025 1788 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:12:32.0040 1788 ErrDev - ok 15:12:32.0087 1788 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 15:12:32.0134 1788 EventSystem - ok 15:12:32.0150 1788 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 15:12:32.0181 1788 exfat - ok 15:12:32.0196 1788 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:12:32.0228 1788 fastfat - ok 15:12:32.0274 1788 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 15:12:32.0337 1788 Fax - ok 15:12:32.0352 1788 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys 15:12:32.0368 1788 fdc - ok 15:12:32.0399 1788 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 15:12:32.0415 1788 fdPHost - ok 15:12:32.0430 1788 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 15:12:32.0446 1788 FDResPub - ok 15:12:32.0462 1788 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:12:32.0477 1788 FileInfo - ok 15:12:32.0493 1788 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:12:32.0524 1788 Filetrace - ok 15:12:32.0555 1788 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 15:12:32.0555 1788 flpydisk - ok 15:12:32.0571 1788 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:12:32.0586 1788 FltMgr - ok 15:12:32.0602 1788 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll 15:12:32.0680 1788 FontCache - ok 15:12:32.0711 1788 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:12:32.0727 1788 FontCache3.0.0.0 - ok 15:12:32.0789 1788 [ 7DFF82ACDAB23414ABC2A95FEF8982F8 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 15:12:32.0805 1788 ForceWare Intelligent Application Manager (IAM) - ok 15:12:32.0820 1788 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:12:32.0820 1788 FsDepends - ok 15:12:32.0836 1788 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:12:32.0852 1788 Fs_Rec - ok 15:12:32.0883 1788 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:12:32.0898 1788 fvevol - ok 15:12:32.0914 1788 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:12:32.0930 1788 gagp30kx - ok 15:12:32.0961 1788 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:12:32.0961 1788 GEARAspiWDM - ok 15:12:32.0976 1788 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 15:12:33.0039 1788 gpsvc - ok 15:12:33.0101 1788 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 15:12:33.0101 1788 gupdate - ok 15:12:33.0117 1788 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 15:12:33.0132 1788 gupdatem - ok 15:12:33.0148 1788 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 15:12:33.0164 1788 gusvc - ok 15:12:33.0179 1788 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 15:12:33.0226 1788 hcw85cir - ok 15:12:33.0242 1788 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:12:33.0288 1788 HdAudAddService - ok 15:12:33.0320 1788 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 15:12:33.0320 1788 HDAudBus - ok 15:12:33.0351 1788 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 15:12:33.0366 1788 HidBatt - ok 15:12:33.0398 1788 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys 15:12:33.0429 1788 HidBth - ok 15:12:33.0460 1788 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys 15:12:33.0491 1788 HidIr - ok 15:12:33.0507 1788 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 15:12:33.0554 1788 hidserv - ok 15:12:33.0585 1788 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:12:33.0616 1788 HidUsb - ok 15:12:33.0647 1788 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:12:33.0663 1788 hkmsvc - ok 15:12:33.0678 1788 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:12:33.0741 1788 HomeGroupListener - ok 15:12:33.0772 1788 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:12:33.0803 1788 HomeGroupProvider - ok 15:12:33.0819 1788 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 15:12:33.0834 1788 HpSAMD - ok 15:12:33.0866 1788 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:12:33.0881 1788 HTTP - ok 15:12:33.0912 1788 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:12:33.0912 1788 hwpolicy - ok 15:12:33.0944 1788 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 15:12:33.0975 1788 i8042prt - ok 15:12:33.0990 1788 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:12:34.0006 1788 iaStorV - ok 15:12:34.0068 1788 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:12:34.0084 1788 idsvc - ok 15:12:34.0209 1788 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 15:12:34.0318 1788 igfx - ok 15:12:34.0334 1788 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:12:34.0349 1788 iirsp - ok 15:12:34.0380 1788 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 15:12:34.0427 1788 IKEEXT - ok 15:12:34.0458 1788 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 15:12:34.0458 1788 intelide - ok 15:12:34.0490 1788 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:12:34.0490 1788 intelppm - ok 15:12:34.0505 1788 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:12:34.0552 1788 IPBusEnum - ok 15:12:34.0568 1788 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:12:34.0599 1788 IpFilterDriver - ok 15:12:34.0630 1788 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:12:34.0692 1788 iphlpsvc - ok 15:12:34.0692 1788 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 15:12:34.0708 1788 IPMIDRV - ok 15:12:34.0724 1788 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:12:34.0770 1788 IPNAT - ok 15:12:34.0833 1788 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 15:12:34.0848 1788 iPod Service - ok 15:12:34.0864 1788 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:12:34.0895 1788 IRENUM - ok 15:12:34.0911 1788 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:12:34.0926 1788 isapnp - ok 15:12:34.0942 1788 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 15:12:34.0958 1788 iScsiPrt - ok 15:12:34.0989 1788 [ C4D1E49A7D853A6FDFE8EC2906AE5AAA ] Jukebox3 C:\Windows\system32\DRIVERS\ctpdusb.sys 15:12:35.0036 1788 Jukebox3 - ok 15:12:35.0067 1788 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:12:35.0067 1788 kbdclass - ok 15:12:35.0098 1788 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 15:12:35.0129 1788 kbdhid - ok 15:12:35.0145 1788 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 15:12:35.0160 1788 KeyIso - ok 15:12:35.0176 1788 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:12:35.0192 1788 KSecDD - ok 15:12:35.0192 1788 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:12:35.0207 1788 KSecPkg - ok 15:12:35.0238 1788 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 15:12:35.0270 1788 KtmRm - ok 15:12:35.0285 1788 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 15:12:35.0332 1788 LanmanServer - ok 15:12:35.0363 1788 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:12:35.0410 1788 LanmanWorkstation - ok 15:12:35.0441 1788 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 15:12:35.0457 1788 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 15:12:35.0457 1788 LightScribeService - detected UnsignedFile.Multi.Generic (1) 15:12:35.0488 1788 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:12:35.0535 1788 lltdio - ok 15:12:35.0566 1788 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:12:35.0597 1788 lltdsvc - ok 15:12:35.0628 1788 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 15:12:35.0660 1788 lmhosts - ok 15:12:35.0691 1788 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 15:12:35.0706 1788 LSI_FC - ok 15:12:35.0722 1788 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:12:35.0738 1788 LSI_SAS - ok 15:12:35.0753 1788 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 15:12:35.0753 1788 LSI_SAS2 - ok 15:12:35.0769 1788 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:12:35.0784 1788 LSI_SCSI - ok 15:12:35.0800 1788 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 15:12:35.0831 1788 luafv - ok 15:12:35.0894 1788 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 15:12:35.0894 1788 MBAMProtector - ok 15:12:35.0956 1788 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 15:12:35.0972 1788 MBAMScheduler - ok 15:12:35.0987 1788 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 15:12:36.0018 1788 MBAMService - ok 15:12:36.0050 1788 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:12:36.0065 1788 Mcx2Svc - ok 15:12:36.0081 1788 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys 15:12:36.0096 1788 megasas - ok 15:12:36.0112 1788 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 15:12:36.0112 1788 MegaSR - ok 15:12:36.0143 1788 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 15:12:36.0174 1788 MMCSS - ok 15:12:36.0206 1788 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 15:12:36.0237 1788 Modem - ok 15:12:36.0268 1788 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:12:36.0299 1788 monitor - ok 15:12:36.0330 1788 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:12:36.0346 1788 mouclass - ok 15:12:36.0362 1788 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\drivers\mouhid.sys 15:12:36.0393 1788 mouhid - ok 15:12:36.0408 1788 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:12:36.0424 1788 mountmgr - ok 15:12:36.0455 1788 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:12:36.0455 1788 MozillaMaintenance - ok 15:12:36.0486 1788 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 15:12:36.0486 1788 mpio - ok 15:12:36.0502 1788 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:12:36.0549 1788 mpsdrv - ok 15:12:36.0580 1788 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:12:36.0627 1788 MpsSvc - ok 15:12:36.0658 1788 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:12:36.0689 1788 MRxDAV - ok 15:12:36.0720 1788 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:12:36.0752 1788 mrxsmb - ok 15:12:36.0767 1788 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:12:36.0767 1788 mrxsmb10 - ok 15:12:36.0783 1788 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:12:36.0814 1788 mrxsmb20 - ok 15:12:36.0845 1788 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 15:12:36.0861 1788 msahci - ok 15:12:36.0876 1788 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:12:36.0876 1788 msdsm - ok 15:12:36.0908 1788 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 15:12:36.0939 1788 MSDTC - ok 15:12:36.0954 1788 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:12:36.0970 1788 Msfs - ok 15:12:36.0986 1788 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:12:37.0017 1788 mshidkmdf - ok 15:12:37.0048 1788 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:12:37.0064 1788 msisadrv - ok 15:12:37.0095 1788 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:12:37.0126 1788 MSiSCSI - ok 15:12:37.0126 1788 msiserver - ok 15:12:37.0157 1788 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:12:37.0188 1788 MSKSSRV - ok 15:12:37.0204 1788 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:12:37.0251 1788 MSPCLOCK - ok 15:12:37.0266 1788 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:12:37.0313 1788 MSPQM - ok 15:12:37.0329 1788 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:12:37.0344 1788 MsRPC - ok 15:12:37.0360 1788 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 15:12:37.0376 1788 mssmbios - ok 15:12:37.0376 1788 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:12:37.0407 1788 MSTEE - ok 15:12:37.0422 1788 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 15:12:37.0454 1788 MTConfig - ok 15:12:37.0469 1788 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 15:12:37.0485 1788 Mup - ok 15:12:37.0516 1788 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 15:12:37.0563 1788 napagent - ok 15:12:37.0594 1788 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:12:37.0641 1788 NativeWifiP - ok 15:12:37.0688 1788 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:12:37.0703 1788 NDIS - ok 15:12:37.0719 1788 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:12:37.0766 1788 NdisCap - ok 15:12:37.0797 1788 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:12:37.0828 1788 NdisTapi - ok 15:12:37.0859 1788 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:12:37.0890 1788 Ndisuio - ok 15:12:37.0922 1788 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:12:37.0953 1788 NdisWan - ok 15:12:37.0984 1788 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:12:38.0000 1788 NDProxy - ok 15:12:38.0078 1788 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 15:12:38.0109 1788 Nero BackItUp Scheduler 4.0 - ok 15:12:38.0140 1788 [ D660376BD52DF3D33390ACAE9FA1A54C ] NeroMediaHomeService.4 C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe 15:12:38.0156 1788 NeroMediaHomeService.4 - ok 15:12:38.0187 1788 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:12:38.0234 1788 NetBIOS - ok 15:12:38.0249 1788 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:12:38.0280 1788 NetBT - ok 15:12:38.0296 1788 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 15:12:38.0312 1788 Netlogon - ok 15:12:38.0343 1788 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 15:12:38.0358 1788 Netman - ok 15:12:38.0374 1788 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 15:12:38.0436 1788 netprofm - ok 15:12:38.0468 1788 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:12:38.0483 1788 NetTcpPortSharing - ok 15:12:38.0499 1788 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:12:38.0514 1788 nfrd960 - ok 15:12:38.0546 1788 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 15:12:38.0561 1788 NlaSvc - ok 15:12:38.0577 1788 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:12:38.0592 1788 Npfs - ok 15:12:38.0624 1788 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 15:12:38.0639 1788 nsi - ok 15:12:38.0655 1788 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:12:38.0686 1788 nsiproxy - ok 15:12:38.0733 1788 [ 198FF60A42802C319FBA58FDB13EEE49 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 15:12:38.0748 1788 nSvcIp - ok 15:12:38.0795 1788 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:12:38.0826 1788 Ntfs - ok 15:12:38.0858 1788 [ 170EE229D4DEF31DBE95348C9A88FE74 ] ntk_PowerDVD C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys 15:12:38.0873 1788 ntk_PowerDVD - ok 15:12:38.0873 1788 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 15:12:38.0904 1788 Null - ok 15:12:38.0936 1788 [ E54781F54ABCF18DCE0D39E78462A104 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 15:12:38.0967 1788 nusb3hub - ok 15:12:38.0982 1788 [ AA4CC12E74B813347E8AB590B4C9DD8A ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 15:12:39.0029 1788 nusb3xhc - ok 15:12:39.0045 1788 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys 15:12:39.0092 1788 NVENETFD - ok 15:12:39.0138 1788 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys 15:12:39.0138 1788 NVHDA - ok 15:12:39.0326 1788 [ 2FA5434344AF84D73F66BA402FF78690 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:12:39.0513 1788 nvlddmkm - ok 15:12:39.0575 1788 [ 0219B05730635FCAB3A9925D3374C464 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys 15:12:39.0575 1788 NVNET - ok 15:12:39.0622 1788 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:12:39.0622 1788 nvraid - ok 15:12:39.0638 1788 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:12:39.0653 1788 nvstor - ok 15:12:39.0684 1788 [ 97778C3CB3AF6B2243648D0DCD4D8916 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys 15:12:39.0684 1788 nvstor32 - ok 15:12:39.0731 1788 [ B785320CBCF5021DE9945C803696C511 ] nvsvc C:\Windows\system32\nvvsvc.exe 15:12:39.0747 1788 nvsvc - ok 15:12:39.0809 1788 [ D2B064796C369F82E96397F721C4A29D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 15:12:39.0840 1788 nvUpdatusService - ok 15:12:39.0856 1788 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:12:39.0856 1788 nv_agp - ok 15:12:39.0872 1788 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:12:39.0903 1788 ohci1394 - ok 15:12:39.0934 1788 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:12:39.0981 1788 p2pimsvc - ok 15:12:39.0996 1788 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 15:12:40.0043 1788 p2psvc - ok 15:12:40.0059 1788 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 15:12:40.0074 1788 Parport - ok 15:12:40.0090 1788 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:12:40.0090 1788 partmgr - ok 15:12:40.0106 1788 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 15:12:40.0121 1788 Parvdm - ok 15:12:40.0137 1788 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:12:40.0152 1788 PcaSvc - ok 15:12:40.0168 1788 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 15:12:40.0168 1788 pci - ok 15:12:40.0184 1788 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 15:12:40.0199 1788 pciide - ok 15:12:40.0215 1788 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 15:12:40.0230 1788 pcmcia - ok 15:12:40.0246 1788 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 15:12:40.0262 1788 pcw - ok 15:12:40.0293 1788 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:12:40.0340 1788 PEAUTH - ok 15:12:40.0371 1788 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 15:12:40.0449 1788 PeerDistSvc - ok 15:12:40.0480 1788 [ 0ABC514F6606324CE15484D079027798 ] PfModNT C:\Windows\system32\drivers\PfModNT.sys 15:12:40.0496 1788 PfModNT ( UnsignedFile.Multi.Generic ) - warning 15:12:40.0496 1788 PfModNT - detected UnsignedFile.Multi.Generic (1) 15:12:40.0558 1788 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 15:12:40.0620 1788 pla - ok 15:12:40.0652 1788 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:12:40.0698 1788 PlugPlay - ok 15:12:40.0714 1788 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:12:40.0745 1788 PNRPAutoReg - ok 15:12:40.0776 1788 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:12:40.0776 1788 PNRPsvc - ok 15:12:40.0808 1788 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:12:40.0854 1788 PolicyAgent - ok 15:12:40.0870 1788 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 15:12:40.0901 1788 Power - ok 15:12:40.0932 1788 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:12:40.0979 1788 PptpMiniport - ok 15:12:40.0995 1788 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys 15:12:41.0026 1788 Processor - ok 15:12:41.0057 1788 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 15:12:41.0104 1788 ProfSvc - ok 15:12:41.0120 1788 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:12:41.0120 1788 ProtectedStorage - ok 15:12:41.0166 1788 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:12:41.0198 1788 Psched - ok 15:12:41.0213 1788 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys 15:12:41.0229 1788 PSI - ok 15:12:41.0260 1788 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 15:12:41.0307 1788 ql2300 - ok 15:12:41.0322 1788 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 15:12:41.0338 1788 ql40xx - ok 15:12:41.0338 1788 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 15:12:41.0385 1788 QWAVE - ok 15:12:41.0400 1788 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:12:41.0416 1788 QWAVEdrv - ok 15:12:41.0432 1788 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:12:41.0478 1788 RasAcd - ok 15:12:41.0494 1788 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:12:41.0525 1788 RasAgileVpn - ok 15:12:41.0541 1788 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 15:12:41.0588 1788 RasAuto - ok 15:12:41.0603 1788 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:12:41.0634 1788 Rasl2tp - ok 15:12:41.0681 1788 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 15:12:41.0697 1788 RasMan - ok 15:12:41.0712 1788 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:12:41.0744 1788 RasPppoe - ok 15:12:41.0744 1788 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:12:41.0790 1788 RasSstp - ok 15:12:41.0806 1788 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:12:41.0853 1788 rdbss - ok 15:12:41.0868 1788 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 15:12:41.0884 1788 rdpbus - ok 15:12:41.0900 1788 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:12:41.0931 1788 RDPCDD - ok 15:12:41.0962 1788 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 15:12:41.0978 1788 RDPDR - ok 15:12:42.0009 1788 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:12:42.0040 1788 RDPENCDD - ok 15:12:42.0071 1788 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 15:12:42.0102 1788 RDPREFMP - ok 15:12:42.0134 1788 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 15:12:42.0165 1788 RdpVideoMiniport - ok 15:12:42.0180 1788 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:12:42.0227 1788 RDPWD - ok 15:12:42.0258 1788 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:12:42.0274 1788 rdyboost - ok 15:12:42.0305 1788 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 15:12:42.0321 1788 RemoteAccess - ok 15:12:42.0352 1788 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:12:42.0368 1788 RemoteRegistry - ok 15:12:42.0399 1788 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:12:42.0446 1788 RpcEptMapper - ok 15:12:42.0461 1788 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 15:12:42.0492 1788 RpcLocator - ok 15:12:42.0524 1788 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 15:12:42.0555 1788 RpcSs - ok 15:12:42.0570 1788 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:12:42.0617 1788 rspndr - ok 15:12:42.0648 1788 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 15:12:42.0680 1788 s3cap - ok 15:12:42.0695 1788 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 15:12:42.0711 1788 SamSs - ok 15:12:42.0726 1788 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:12:42.0742 1788 sbp2port - ok 15:12:42.0758 1788 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:12:42.0804 1788 SCardSvr - ok 15:12:42.0804 1788 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:12:42.0836 1788 scfilter - ok 15:12:42.0867 1788 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 15:12:42.0929 1788 Schedule - ok 15:12:42.0945 1788 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 15:12:42.0960 1788 SCPolicySvc - ok 15:12:42.0976 1788 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:12:42.0992 1788 SDRSVC - ok 15:12:43.0023 1788 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:12:43.0038 1788 secdrv - ok 15:12:43.0054 1788 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 15:12:43.0085 1788 seclogon - ok 15:12:43.0163 1788 [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe 15:12:43.0194 1788 Secunia PSI Agent - ok 15:12:43.0226 1788 [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe 15:12:43.0257 1788 Secunia Update Agent - ok 15:12:43.0272 1788 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 15:12:43.0319 1788 SENS - ok 15:12:43.0335 1788 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:12:43.0382 1788 SensrSvc - ok 15:12:43.0413 1788 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 15:12:43.0413 1788 Serenum - ok 15:12:43.0428 1788 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 15:12:43.0460 1788 Serial - ok 15:12:43.0475 1788 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys 15:12:43.0491 1788 sermouse - ok 15:12:43.0522 1788 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 15:12:43.0569 1788 SessionEnv - ok 15:12:43.0584 1788 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:12:43.0616 1788 sffdisk - ok 15:12:43.0616 1788 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:12:43.0631 1788 sffp_mmc - ok 15:12:43.0631 1788 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:12:43.0647 1788 sffp_sd - ok 15:12:43.0662 1788 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 15:12:43.0678 1788 sfloppy - ok 15:12:43.0709 1788 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:12:43.0756 1788 SharedAccess - ok 15:12:43.0787 1788 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:12:43.0834 1788 ShellHWDetection - ok 15:12:43.0850 1788 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 15:12:43.0865 1788 sisagp - ok 15:12:43.0896 1788 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 15:12:43.0912 1788 SiSRaid2 - ok 15:12:43.0928 1788 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:12:43.0928 1788 SiSRaid4 - ok 15:12:43.0959 1788 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:12:43.0990 1788 Smb - ok 15:12:44.0037 1788 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:12:44.0052 1788 SNMPTRAP - ok 15:12:44.0052 1788 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 15:12:44.0068 1788 spldr - ok 15:12:44.0099 1788 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 15:12:44.0146 1788 Spooler - ok 15:12:44.0208 1788 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 15:12:44.0286 1788 sppsvc - ok 15:12:44.0302 1788 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:12:44.0333 1788 sppuinotify - ok 15:12:44.0364 1788 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 15:12:44.0411 1788 srv - ok 15:12:44.0427 1788 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:12:44.0442 1788 srv2 - ok 15:12:44.0458 1788 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:12:44.0489 1788 srvnet - ok 15:12:44.0520 1788 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys 15:12:44.0567 1788 ssadbus - ok 15:12:44.0583 1788 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys 15:12:44.0583 1788 ssadmdfl - ok 15:12:44.0614 1788 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys 15:12:44.0630 1788 ssadmdm - ok 15:12:44.0645 1788 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:12:44.0692 1788 SSDPSRV - ok 15:12:44.0723 1788 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 15:12:44.0723 1788 ssmdrv - ok 15:12:44.0739 1788 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:12:44.0786 1788 SstpSvc - ok 15:12:44.0817 1788 [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 15:12:44.0832 1788 ssudmdm - ok 15:12:44.0879 1788 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 15:12:44.0895 1788 Stereo Service - ok 15:12:44.0926 1788 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys 15:12:44.0926 1788 stexstor - ok 15:12:44.0957 1788 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 15:12:45.0004 1788 StiSvc - ok 15:12:45.0035 1788 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 15:12:45.0035 1788 storflt - ok 15:12:45.0051 1788 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys 15:12:45.0066 1788 storvsc - ok 15:12:45.0082 1788 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 15:12:45.0098 1788 swenum - ok 15:12:45.0113 1788 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 15:12:45.0144 1788 swprv - ok 15:12:45.0160 1788 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys 15:12:45.0160 1788 Synth3dVsc - ok 15:12:45.0191 1788 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 15:12:45.0222 1788 SysMain - ok 15:12:45.0238 1788 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:12:45.0269 1788 TabletInputService - ok 15:12:45.0300 1788 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 15:12:45.0332 1788 TapiSrv - ok 15:12:45.0363 1788 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 15:12:45.0394 1788 TBS - ok 15:12:45.0441 1788 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:12:45.0472 1788 Tcpip - ok 15:12:45.0503 1788 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:12:45.0534 1788 TCPIP6 - ok 15:12:45.0566 1788 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:12:45.0597 1788 tcpipreg - ok 15:12:45.0628 1788 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:12:45.0659 1788 TDPIPE - ok 15:12:45.0675 1788 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:12:45.0690 1788 TDTCP - ok 15:12:45.0706 1788 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:12:45.0737 1788 tdx - ok 15:12:45.0753 1788 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 15:12:45.0768 1788 TermDD - ok 15:12:45.0768 1788 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys 15:12:45.0815 1788 terminpt - ok 15:12:45.0831 1788 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 15:12:45.0862 1788 TermService - ok 15:12:45.0878 1788 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 15:12:45.0909 1788 Themes - ok 15:12:45.0924 1788 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 15:12:45.0940 1788 THREADORDER - ok 15:12:45.0987 1788 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 15:12:46.0002 1788 TomTomHOMEService - ok 15:12:46.0018 1788 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 15:12:46.0065 1788 TrkWks - ok 15:12:46.0112 1788 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:12:46.0158 1788 TrustedInstaller - ok 15:12:46.0190 1788 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:12:46.0252 1788 tssecsrv - ok 15:12:46.0268 1788 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:12:46.0314 1788 TsUsbFlt - ok 15:12:46.0330 1788 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 15:12:46.0330 1788 TsUsbGD - ok 15:12:46.0346 1788 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys 15:12:46.0377 1788 tsusbhub - ok 15:12:46.0424 1788 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:12:46.0439 1788 tunnel - ok 15:12:46.0455 1788 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:12:46.0470 1788 uagp35 - ok 15:12:46.0486 1788 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:12:46.0517 1788 udfs - ok 15:12:46.0548 1788 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:12:46.0564 1788 UI0Detect - ok 15:12:46.0595 1788 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:12:46.0611 1788 uliagpkx - ok 15:12:46.0611 1788 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:12:46.0626 1788 umbus - ok 15:12:46.0642 1788 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys 15:12:46.0673 1788 UmPass - ok 15:12:46.0689 1788 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll 15:12:46.0736 1788 UmRdpService - ok 15:12:46.0751 1788 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 15:12:46.0798 1788 upnphost - ok 15:12:46.0829 1788 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 15:12:46.0876 1788 USBAAPL - ok 15:12:46.0892 1788 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys 15:12:46.0923 1788 usbccgp - ok 15:12:46.0923 1788 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:12:46.0938 1788 usbcir - ok 15:12:46.0938 1788 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:12:46.0970 1788 usbehci - ok 15:12:47.0001 1788 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:12:47.0001 1788 usbhub - ok 15:12:47.0016 1788 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 15:12:47.0048 1788 usbohci - ok 15:12:47.0063 1788 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys 15:12:47.0094 1788 usbprint - ok 15:12:47.0126 1788 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:12:47.0157 1788 USBSTOR - ok 15:12:47.0172 1788 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 15:12:47.0204 1788 usbuhci - ok 15:12:47.0235 1788 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 15:12:47.0266 1788 usbvideo - ok 15:12:47.0297 1788 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 15:12:47.0328 1788 UxSms - ok 15:12:47.0360 1788 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 15:12:47.0360 1788 VaultSvc - ok 15:12:47.0391 1788 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:12:47.0406 1788 vdrvroot - ok 15:12:47.0422 1788 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 15:12:47.0469 1788 vds - ok 15:12:47.0484 1788 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:12:47.0500 1788 vga - ok 15:12:47.0500 1788 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 15:12:47.0531 1788 VgaSave - ok 15:12:47.0531 1788 VGPU - ok 15:12:47.0531 1788 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 15:12:47.0547 1788 vhdmp - ok 15:12:47.0578 1788 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 15:12:47.0578 1788 viaagp - ok 15:12:47.0594 1788 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 15:12:47.0625 1788 ViaC7 - ok 15:12:47.0640 1788 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 15:12:47.0656 1788 viaide - ok 15:12:47.0672 1788 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys 15:12:47.0687 1788 vmbus - ok 15:12:47.0703 1788 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 15:12:47.0734 1788 VMBusHID - ok 15:12:47.0750 1788 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:12:47.0765 1788 volmgr - ok 15:12:47.0781 1788 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:12:47.0796 1788 volmgrx - ok 15:12:47.0812 1788 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:12:47.0828 1788 volsnap - ok 15:12:47.0859 1788 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:12:47.0874 1788 vsmraid - ok 15:12:47.0906 1788 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 15:12:47.0968 1788 VSS - ok 15:12:47.0984 1788 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 15:12:47.0999 1788 vwifibus - ok 15:12:48.0015 1788 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 15:12:48.0046 1788 vwififlt - ok 15:12:48.0077 1788 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 15:12:48.0108 1788 W32Time - ok 15:12:48.0124 1788 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 15:12:48.0140 1788 WacomPen - ok 15:12:48.0171 1788 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:12:48.0202 1788 WANARP - ok 15:12:48.0202 1788 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:12:48.0233 1788 Wanarpv6 - ok 15:12:48.0280 1788 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 15:12:48.0311 1788 wbengine - ok 15:12:48.0327 1788 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:12:48.0358 1788 WbioSrvc - ok 15:12:48.0374 1788 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:12:48.0405 1788 wcncsvc - ok 15:12:48.0405 1788 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:12:48.0452 1788 WcsPlugInService - ok 15:12:48.0483 1788 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys 15:12:48.0483 1788 Wd - ok 15:12:48.0530 1788 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:12:48.0561 1788 Wdf01000 - ok 15:12:48.0576 1788 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:12:48.0608 1788 WdiServiceHost - ok 15:12:48.0623 1788 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:12:48.0623 1788 WdiSystemHost - ok 15:12:48.0639 1788 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 15:12:48.0670 1788 WebClient - ok 15:12:48.0701 1788 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:12:48.0732 1788 Wecsvc - ok 15:12:48.0748 1788 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:12:48.0764 1788 wercplsupport - ok 15:12:48.0779 1788 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 15:12:48.0826 1788 WerSvc - ok 15:12:48.0857 1788 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:12:48.0873 1788 WfpLwf - ok 15:12:48.0888 1788 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:12:48.0904 1788 WIMMount - ok 15:12:48.0935 1788 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 15:12:48.0966 1788 WinDefend - ok 15:12:48.0966 1788 WinHttpAutoProxySvc - ok 15:12:49.0013 1788 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:12:49.0044 1788 Winmgmt - ok 15:12:49.0091 1788 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 15:12:49.0154 1788 WinRM - ok 15:12:49.0200 1788 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 15:12:49.0232 1788 WinUsb - ok 15:12:49.0263 1788 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 15:12:49.0310 1788 Wlansvc - ok 15:12:49.0325 1788 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:12:49.0356 1788 WmiAcpi - ok 15:12:49.0388 1788 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:12:49.0419 1788 wmiApSrv - ok 15:12:49.0481 1788 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 15:12:49.0544 1788 WMPNetworkSvc - ok 15:12:49.0544 1788 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:12:49.0590 1788 WPCSvc - ok 15:12:49.0590 1788 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:12:49.0653 1788 WPDBusEnum - ok 15:12:49.0653 1788 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:12:49.0700 1788 ws2ifsl - ok 15:12:49.0731 1788 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 15:12:49.0746 1788 wscsvc - ok 15:12:49.0746 1788 WSearch - ok 15:12:49.0793 1788 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 15:12:49.0840 1788 wuauserv - ok 15:12:49.0887 1788 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:12:49.0902 1788 WudfPf - ok 15:12:49.0918 1788 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:12:49.0949 1788 WUDFRd - ok 15:12:49.0980 1788 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:12:49.0996 1788 wudfsvc - ok 15:12:50.0012 1788 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 15:12:50.0043 1788 WwanSvc - ok 15:12:50.0043 1788 ================ Scan global =============================== 15:12:50.0074 1788 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 15:12:50.0105 1788 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll 15:12:50.0105 1788 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll 15:12:50.0136 1788 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 15:12:50.0152 1788 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 15:12:50.0152 1788 [Global] - ok 15:12:50.0152 1788 ================ Scan MBR ================================== 15:12:50.0168 1788 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:12:50.0729 1788 \Device\Harddisk0\DR0 - ok 15:12:50.0760 1788 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 15:12:50.0854 1788 \Device\Harddisk1\DR1 - ok 15:12:50.0854 1788 ================ Scan VBR ================================== 15:12:50.0870 1788 [ 8832BEAF60B07F79C566A373B32E404C ] \Device\Harddisk0\DR0\Partition1 15:12:50.0870 1788 \Device\Harddisk0\DR0\Partition1 - ok 15:12:50.0885 1788 [ 82E872EDDE61F7112CDB9CE8B2671D0B ] \Device\Harddisk0\DR0\Partition2 15:12:50.0885 1788 \Device\Harddisk0\DR0\Partition2 - ok 15:12:50.0916 1788 [ E8D6018992C312C317DB1951DD8EF08A ] \Device\Harddisk1\DR1\Partition1 15:12:50.0916 1788 \Device\Harddisk1\DR1\Partition1 - ok 15:12:50.0916 1788 ============================================================ 15:12:50.0916 1788 Scan finished 15:12:50.0916 1788 ============================================================ 15:12:50.0932 1500 Detected object count: 3 15:12:50.0932 1500 Actual detected object count: 3 15:19:28.0092 1500 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user 15:19:28.0092 1500 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:19:28.0092 1500 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 15:19:28.0092 1500 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:19:28.0092 1500 PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user 15:19:28.0092 1500 PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip Gruß josuhasottie |
20.01.2013, 15:46 | #9 | |
/// Malware-holic | GVU trojaner combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
20.01.2013, 16:26 | #10 |
| GVU trojaner Hi, Habe mal eine Frage? Ich bin weiterhin noch im Abgesicherten Modus mit Nezzwerktreiber? Gruß Josuhasottie |
20.01.2013, 16:27 | #11 |
/// Malware-holic | GVU trojaner geh bitte in den normalen Modus
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
20.01.2013, 16:59 | #12 |
| GVU trojaner Hi, hier der Combo fix log: Combofix Logfile: Code:
ATTFilter ComboFix 13-01-17.04 - Jürgen 20.01.2013 16:44:32.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3071.2138 [GMT 1:00] ausgeführt von:: c:\users\Jürgen_2\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2012-12-20 bis 2013-01-20 )))))))))))))))))))))))))))))) . . 2013-01-20 15:51 . 2013-01-20 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-20 15:51 . 2013-01-20 15:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-01-20 15:13 . 2013-01-20 15:13 -------- d-----w- c:\users\Jürgen\AppData\Local\ElevatedDiagnostics 2013-01-18 22:35 . 2013-01-18 22:35 -------- d-----w- c:\users\Jürgen_2\AppData\Roaming\Malwarebytes 2013-01-18 22:14 . 2013-01-18 22:14 -------- d-----w- c:\users\Jürgen\AppData\Local\Programs 2013-01-18 16:32 . 2013-01-18 16:33 -------- d-----w- c:\users\Gast 2013-01-09 20:12 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 20:12 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe 2013-01-08 09:05 . 2013-01-08 09:05 -------- d-----w- c:\program files\AGEIA Technologies 2013-01-08 09:03 . 2012-12-29 10:26 8904632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-01-08 09:03 . 2012-12-29 10:26 6263784 ----a-w- c:\windows\system32\nvopencl.dll 2013-01-08 09:03 . 2012-12-29 10:26 2720696 ----a-w- c:\windows\system32\nvcuvid.dll 2013-01-08 09:03 . 2012-12-29 10:26 20450232 ----a-w- c:\windows\system32\nvoglv32.dll 2013-01-08 09:03 . 2012-12-29 10:26 201728 ----a-w- c:\windows\system32\nvinit.dll 2013-01-08 09:03 . 2012-12-29 10:26 1985976 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-01-08 09:03 . 2012-12-29 10:26 7931896 ----a-w- c:\windows\system32\nvcuda.dll 2013-01-08 09:03 . 2012-12-29 10:26 17560504 ----a-w- c:\windows\system32\nvcompiler.dll 2013-01-08 08:54 . 2012-11-28 09:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-01 19:05 . 2013-01-01 19:43 -------- d-----w- c:\users\Jürgen_2\AppData\Roaming\Creative 2013-01-01 18:59 . 1999-10-11 01:00 41984 ------w- c:\windows\Ctregrun.exe 2013-01-01 18:56 . 2004-06-03 11:10 71596 ------w- c:\windows\system32\drivers\PfModNT.sys 2013-01-01 18:56 . 1999-12-13 01:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE 2013-01-01 18:56 . 1999-11-18 01:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE 2013-01-01 18:47 . 2004-04-29 12:18 200704 ----a-w- c:\windows\system32\CTPdeSrv.exe 2013-01-01 18:47 . 2003-07-31 13:15 143360 ----a-w- c:\windows\system32\CTPmsWma.dll 2013-01-01 18:46 . 2013-01-01 18:53 -------- d-----w- c:\program files\Common Files\InstallShield 2013-01-01 17:49 . 2013-01-01 17:49 -------- d-----w- c:\programdata\Creative 2013-01-01 16:46 . 2004-05-18 00:25 16880 ----a-w- c:\windows\system32\drivers\ctpdusb.sys 2013-01-01 16:46 . 2004-05-18 00:01 28672 ----a-w- c:\windows\system32\Jb4Inst.dll 2013-01-01 16:46 . 2004-05-11 08:15 385109 ----a-w- c:\windows\system32\ctjb2sp.dll 2013-01-01 16:46 . 2004-04-29 12:21 229376 ----a-w- c:\windows\system32\CTPmsMan.dll 2013-01-01 16:46 . 2004-04-29 12:19 28672 ----a-w- c:\windows\system32\PdeSrvps.dll 2013-01-01 16:46 . 2003-11-05 00:00 49152 ----a-w- c:\windows\system32\ctpde.dll 2013-01-01 16:46 . 2003-10-30 16:33 45056 ----a-w- c:\windows\system32\Jb4Inst.crl 2013-01-01 16:46 . 2002-12-11 10:09 20480 ----a-w- c:\windows\system32\ctjb2sp.crl 2013-01-01 16:46 . 2002-02-19 00:00 32768 ----a-w- c:\windows\system32\PdePgHlp.dll 2013-01-01 16:44 . 2013-01-01 18:59 -------- d-----w- c:\program files\Creative 2013-01-01 16:44 . 1999-06-25 09:55 149504 ----a-w- c:\windows\UNWISE.EXE 2013-01-01 13:18 . 2013-01-01 17:47 -------- d-----w- c:\users\Jürgen_2\AppData\Local\Diagnostics 2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\system32\nvStreaming.exe 2012-12-21 17:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 17:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 21:17 . 2012-09-25 19:41 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-08 21:17 . 2012-09-25 19:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-29 10:26 . 2012-10-10 20:14 15129064 ----a-w- c:\windows\system32\nvd3dum.dll 2012-12-29 10:26 . 2012-09-25 19:51 958272 ----a-w- c:\windows\system32\nvumdshim.dll 2012-12-29 10:26 . 2012-09-25 19:51 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-12-29 10:26 . 2012-09-25 19:51 2504248 ----a-w- c:\windows\system32\nvapi.dll 2012-12-29 10:26 . 2012-09-25 19:51 12641120 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-12-29 10:26 . 2012-09-25 19:51 1017272 ----a-w- c:\windows\system32\nvdispco32.dll 2012-12-29 08:26 . 2012-09-25 19:51 4129720 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-29 08:26 . 2012-09-25 19:51 3001272 ----a-w- c:\windows\system32\nvsvc.dll 2012-12-29 08:25 . 2012-09-25 19:51 639928 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-29 08:25 . 2012-09-25 19:51 62904 ----a-w- c:\windows\system32\nvshext.dll 2012-12-29 08:25 . 2012-09-25 19:51 2557880 ----a-w- c:\windows\system32\nvsvcr.dll 2012-12-29 08:25 . 2012-09-25 19:51 108984 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-18 14:02 . 2012-12-18 14:02 21504 ----a-w- c:\windows\jestertb.dll 2012-12-14 15:49 . 2012-09-25 20:08 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-14 02:09 . 2012-12-12 15:47 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58 . 2012-12-12 15:47 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 15:47 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49 . 2012-12-12 15:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 15:47 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44 . 2012-12-12 15:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:42 . 2012-12-12 10:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll 2012-11-02 05:11 . 2012-12-12 10:10 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-22 17:38 . 2012-09-25 19:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-22 17:38 . 2012-09-25 19:48 746984 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-05 03:44 . 2012-11-21 16:47 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-09-28 965560] "KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-09-26 580096] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-09-28 842680] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-10-29 5178664] "NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-09-28 309688] "RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-05-27 375296] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] " Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360] " Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-12-14 1091432] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners . 2013-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 21:17] . 2013-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-25 20:07] . 2013-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-25 20:07] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = *.local IE: Free YouTube Download - c:\users\Jürgen\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\users\Jürgen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\ffnxk3nm.default\ FF - prefs.js: browser.search.selectedEngine - . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-01-20 16:53:14 ComboFix-quarantined-files.txt 2013-01-20 15:53 . Vor Suchlauf: 7 Verzeichnis(se), 135.059.046.400 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 135.037.796.352 Bytes frei . - - End Of File - - 90E50973119ED4245672AD5F7F51CD1E PS. wurde nicht aufgefordert ein Neustart zu machen, trotzdem neu starten? Gruß josuhasottie |
20.01.2013, 17:23 | #13 |
/// Malware-holic | GVU trojaner hi kannst du. dann: malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
20.01.2013, 18:01 | #14 |
| GVU trojaner Hallo, hier ist das Logfile von Malwarebytes: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.20.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Jürgen :: JÜRGEN-PC [Administrator] Schutz: Deaktiviert 20.01.2013 17:27:34 mbam-log-2013-01-20 (17-27-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 399265 Laufzeit: 29 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Jürgen_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\4a6c1a92-3643a3ec (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Gruß josuhasottie |
20.01.2013, 18:02 | #15 |
/// Malware-holic | GVU trojaner hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu GVU trojaner |
bereit, gen, gvu trojaner, kleines, problem, rechner, regelmäßig, troja, trojane, trojaner, ultima, unregelmäßig, win, win 7 |