| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner / PaySafeCard ErpressungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.01.2013, 18:42
| #1 |
 |  GVU Trojaner / PaySafeCard Erpressung Sieht so aus als wenn sich mein Vater den GVU Trojaner mit 100€ Paysafecard Erpressung eingefangen hat.  Nach dem zweiten Bild habe ich einen über STRG+ALT+ENTF einen Reboot in den Abgesicherten Modus probiert was auch geklappt hat. Wo mach ich nun weiter?  edit: Im abgesicherten Modus habe ich mal ins Log von Microsoft Security Essentials geguckt: Trojan:Win32/Tobfy.G Trojan:Win32/Reveton.P Trojan:JS/Reveton.A Trojan:Win32/Reveton!lnk Exploit:Win32/Pdfjsc.AFE Also wohl vermutlich die Java ZeroDay Exploit Lücke als Einfallstor genutzt  edit2: erfolgreich in abgesicherten Modus mit Netzwerk gebootet, MBAM 1.70 Full Scan läuft gerade. Geändert von koaschten (18.01.2013 um 18:59 Uhr) |
|
18.01.2013, 19:17
| #2 |
| /// Malware-holic   | GVU Trojaner / PaySafeCard Erpressung hi
__________________poste die Meldungen vom mse komplett. es muss nicht java 0day sein, gibt auch noch andere lücken, die möglich währen. poste mbam log wenn fertig. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
18.01.2013, 19:36
| #3 |
| | GVU Trojaner / PaySafeCard Erpressung MBAM hat nichts gefunden.
__________________ Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.18.08 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Arno :: ARNO-PC [Administrator] 18.01.2013 18:57:24 MBAM-log-2013-01-18 (19-26-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 333738 Laufzeit: 23 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL Runtergeladen und macht scan sobald ich den IE nach diesem Post geschlossen habe. EDIT: OTL.txt Code:
ATTFilter OTL logfile created on: 18.01.2013 19:36:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 76,53% Memory free 7,81 Gb Paging File | 7,01 Gb Available in Paging File | 89,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,42 Gb Total Space | 414,25 Gb Free Space | 90,96% Space Free | Partition Type: NTFS Drive E: | 15,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ARNO-PC | User Name: Arno | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.18 19:33:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.11.09 19:58:48 | 000,126,520 | ---- | M] (HP) [Auto | Stopped] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.09 06:26:33 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.10.22 17:40:30 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.02.29 04:20:04 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.29 04:19:58 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.29 04:19:48 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Stopped] -- C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate) SRV - [2011.02.28 09:16:38 | 000,011,776 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Dell\PowerNap\PowerNap.Service.exe -- (dell_power_nap_service) SRV - [2010.12.18 17:56:34 | 000,291,384 | ---- | M] (EnTech Taiwan) [Auto | Stopped] -- C:\Program Files (x86)\softOSD\softOSD.exe -- (softOSD) SRV - [2010.11.19 14:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.21 00:18:43 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.11.21 00:18:40 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.11.21 00:18:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.10.22 17:40:12 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.09.25 10:52:10 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews) DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.19 07:40:52 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.10 12:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.06.10 23:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.05 00:34:24 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.04.08 23:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.08.31 08:55:58 | 000,120,064 | ---- | M] (Gemalto) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GKUPRO2D.sys -- (GKUPRO2D) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.05.03 17:19:38 | 000,014,032 | ---- | M] (EnTech Taiwan) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\se64a.sys -- (se64a) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.05.03 17:19:38 | 000,014,032 | ---- | M] (EnTech Taiwan) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\se64a.sys -- (se64a) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{FB4592D2-7429-4709-8E46-65DF8F116356}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {FB4592D2-7429-4709-8E46-65DF8F116356} IE - HKLM\..\SearchScopes\{FB4592D2-7429-4709-8E46-65DF8F116356}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13-comm.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www1.hi-tier.de/HitCom/login.asp IE - HKCU\..\SearchScopes,DefaultScope = {5C3BB9E6-DC0F-4B44-8E82-C16C92868077} IE - HKCU\..\SearchScopes\{03A77BB0-46A4-411F-B8CF-FCC0EB6E1576}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{5C3BB9E6-DC0F-4B44-8E82-C16C92868077}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1D56F27-80AD-4E89-B5F3-78219C6B0265}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.05.04 22:47:20 | 000,000,100 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{fec2bff3-4783-11e2-9cff-7845c427461b}\Shell - "" = AutoRun O33 - MountPoints2\{fec2bff3-4783-11e2-9cff-7845c427461b}\Shell\AutoRun\command - "" = E:\SISetup.exe -- [2009.11.09 20:00:32 | 000,607,800 | R--- | M] (HP) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SISetup.exe -- [2009.11.09 20:00:32 | 000,607,800 | R--- | M] (HP) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2013.01.18 18:55:53 | 000,000,000 | ---D | C] -- C:\Users\Arno\AppData\Roaming\Malwarebytes [2013.01.18 18:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.18 18:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.18 18:55:47 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.18 18:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.18 18:55:20 | 000,000,000 | ---D | C] -- C:\Users\Arno\AppData\Local\Programs [2012.12.24 18:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2012.12.24 10:48:21 | 000,000,000 | ---D | C] -- C:\Users\Arno\AppData\Roaming\vlc [2012.12.24 10:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.12.24 10:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012.12.19 21:27:32 | 000,000,000 | ---D | C] -- C:\Users\Arno\AppData\Roaming\LibreOffice [2012.12.19 21:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6 [2012.12.19 21:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 3.6 [2012.12.19 20:23:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.18 19:35:27 | 000,007,596 | ---- | M] () -- C:\Users\Arno\AppData\Local\Resmon.ResmonCfg [2013.01.18 18:47:53 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.18 18:47:53 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.18 18:47:53 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.18 18:47:53 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.18 18:47:53 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.18 18:43:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.18 18:43:28 | 3144,216,576 | -HS- | M] () -- C:\hiberfil.sys [2013.01.18 18:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.18 01:41:21 | 095,023,320 | ---- | M] () -- C:\ProgramData\9yIjFC7.pad [2013.01.17 12:19:19 | 000,000,153 | ---- | M] () -- C:\ProgramData\9yIjFC7.reg [2013.01.17 12:19:19 | 000,000,078 | ---- | M] () -- C:\ProgramData\9yIjFC7.bat [2013.01.13 16:03:31 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 16:03:31 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.11 03:24:19 | 000,316,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.11 03:07:37 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.24 19:19:38 | 000,024,623 | ---- | M] () -- C:\Users\Arno\Desktop\energy-report.html [2012.12.24 19:04:41 | 000,017,762 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012.12.24 17:11:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf [2012.12.24 10:48:03 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.12.19 21:23:54 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.6.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.17 12:19:19 | 000,000,153 | ---- | C] () -- C:\ProgramData\9yIjFC7.reg [2013.01.17 12:19:19 | 000,000,078 | ---- | C] () -- C:\ProgramData\9yIjFC7.bat [2013.01.17 12:19:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\9yIjFC7.pad [2012.12.24 19:04:41 | 000,017,762 | ---- | C] () -- C:\Windows\SysNative\results.xml [2012.12.24 17:11:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf [2012.12.24 16:47:42 | 000,024,623 | ---- | C] () -- C:\Users\Arno\Desktop\energy-report.html [2012.12.24 10:48:03 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.12.19 21:23:54 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.6.lnk [2012.12.16 15:15:05 | 000,000,849 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.12.16 15:15:05 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.12.16 15:14:45 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.12.16 15:14:45 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT [2012.12.16 15:14:12 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.12.16 15:14:12 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.12.16 15:14:11 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.12.16 15:14:07 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.12.16 15:14:03 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.12.15 13:03:41 | 000,000,342 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2012.12.08 22:15:25 | 000,007,596 | ---- | C] () -- C:\Users\Arno\AppData\Local\Resmon.ResmonCfg [2012.11.21 00:13:17 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.11.21 00:13:16 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.10.22 17:40:28 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.22 17:40:04 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.22 17:40:00 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.02.11 18:45:27 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.11.21 00:18:44 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.11.21 00:18:44 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.19 21:27:32 | 000,000,000 | ---D | M] -- C:\Users\Arno\AppData\Roaming\LibreOffice [2012.12.19 18:22:17 | 000,000,000 | ---D | M] -- C:\Users\Arno\AppData\Roaming\OpenOffice.org [2012.12.18 19:51:23 | 000,000,000 | ---D | M] -- C:\Users\Arno\AppData\Roaming\PC-FAX TX [2012.12.15 14:05:12 | 000,000,000 | ---D | M] -- C:\Users\Arno\AppData\Roaming\TeamViewer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.08 20:40:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.08 22:58:52 | 000,000,000 | ---D | M] -- C:\170dadd76817fb861e3adf54f5e53808 [2012.11.20 16:41:43 | 000,000,000 | ---D | M] -- C:\Apps [2013.01.18 18:38:57 | 000,000,000 | ---D | M] -- C:\Bestand [2012.12.08 19:46:15 | 000,000,000 | ---D | M] -- C:\dell [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.12.08 20:39:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.01.18 19:33:09 | 000,000,000 | ---D | M] -- C:\downloads [2012.12.08 23:02:44 | 000,000,000 | ---D | M] -- C:\downloads_old [2012.11.21 00:13:39 | 000,000,000 | ---D | M] -- C:\Drivers [2012.12.24 19:00:59 | 000,000,000 | ---D | M] -- C:\Intel [2012.12.08 21:40:53 | 000,000,000 | ---D | M] -- C:\Logs [2012.12.24 17:59:19 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.18 18:55:47 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.01.18 18:55:48 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.12.08 20:39:51 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.08 23:04:03 | 000,000,000 | ---D | M] -- C:\PV-Anlage_old [2013.01.18 18:21:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.08 20:39:58 | 000,000,000 | R--D | M] -- C:\Users [2013.01.18 18:39:39 | 000,000,000 | ---D | M] -- C:\Windows [2012.12.08 23:04:09 | 000,000,000 | ---D | M] -- C:\~MSSETUP.T < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,010,962 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.11.20 16:29:39 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2012.11.21 00:18:45 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2012.11.21 00:18:45 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2012.11.21 00:18:45 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2012.11.21 00:18:45 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2012.11.21 00:18:45 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2012.11.21 00:18:45 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2012.11.21 00:18:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2012.11.21 00:18:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2012.11.21 00:18:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2012.11.21 00:18:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2012.11.21 00:18:40 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2012.11.21 00:18:40 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2012.11.21 00:18:40 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2012.11.21 00:18:40 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.18 19:38:31 | 001,310,720 | -HS- | M] () -- C:\Users\Arno\NTUSER.DAT [2013.01.18 19:38:31 | 000,262,144 | -HS- | M] () -- C:\Users\Arno\ntuser.dat.LOG1 [2012.12.08 20:40:03 | 000,000,000 | -HS- | M] () -- C:\Users\Arno\ntuser.dat.LOG2 [2012.12.08 19:44:45 | 000,065,536 | -HS- | M] () -- C:\Users\Arno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.12.08 19:44:45 | 000,524,288 | -HS- | M] () -- C:\Users\Arno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.12.08 19:44:45 | 000,524,288 | -HS- | M] () -- C:\Users\Arno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.12.08 20:40:03 | 000,000,020 | -HS- | M] () -- C:\Users\Arno\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.01.2013 19:36:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 76,53% Memory free
7,81 Gb Paging File | 7,01 Gb Available in Paging File | 89,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,42 Gb Total Space | 414,25 Gb Free Space | 90,96% Space Free | Partition Type: NTFS
Drive E: | 15,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ARNO-PC | User Name: Arno | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BF4F09-7380-4EC1-8D21-1E10B42986A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{177DB65A-2CD6-4008-B1CE-4FD359EF446F}" = rport=445 | protocol=6 | dir=out | app=system |
"{2757BC6F-28C4-4D86-8DBB-F31CF8E070BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{29F8C565-C976-4B9F-A92A-B8605F77FC87}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{2B201B12-C85D-41FF-B2A7-0DA843CA7EC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{334849B1-AA67-4E3F-8586-0FDE893A6FB4}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{347D4BFA-21FA-4F0B-991A-3112DAA18B78}" = lport=445 | protocol=6 | dir=in | app=system |
"{388155E5-351E-46C7-BBDB-53B55D76DC4D}" = lport=137 | protocol=17 | dir=in | app=system |
"{3E241BB2-2C63-4498-B39F-9B4ADD5899C8}" = lport=3389 | protocol=6 | dir=in | app=system |
"{4D6EC9DE-5E40-4890-A576-C57F01289755}" = rport=137 | protocol=17 | dir=out | app=system |
"{53C6202A-FB51-4604-8B45-26E44F8877A5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5C5A6455-A53C-4F67-A5AA-9422B19D4BD0}" = rport=138 | protocol=17 | dir=out | app=system |
"{83A154CE-0479-43F2-88E2-C0A8DBC59AC8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8A875B9B-7995-4406-9D67-3FA9FB17EB4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A064675B-C868-43D5-A5D4-E22EB9B2ACE5}" = rport=139 | protocol=6 | dir=out | app=system |
"{FCE0A71A-B245-448F-B1A3-6ADB8ED25DD1}" = lport=139 | protocol=6 | dir=in | app=system |
"{FE49D2E1-CA67-4AA2-9BEE-AAB92133E75B}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21746608-C167-4CB2-B6A8-A9DE6B9D6DA4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{28D40E49-A92D-453E-9BDB-C3D090034846}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe |
"{2CE7BF61-9CF3-4B17-B4A6-3E8F64B4EEED}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{3617EA13-A1D5-4D79-A9A2-2D91F6278D2F}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0 s-edition\app\starmoney.exe |
"{3E1DE486-E617-4F60-90AD-3389A29C3CF2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{51D11AEB-52F4-497B-B6F7-855986721114}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61AA03DC-279C-4861-82B7-72E5CB96978B}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{6BEAF0F6-FB57-48E5-8DA4-F2902D6013BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E7CC975-AD0E-461A-A6AA-B408CA5C27DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{84DA0006-E164-4935-AAA9-4E2D07BA7F3B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{8C81432D-C856-4AF4-B9FC-58C89749E7D1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{95AF2F63-D399-40A4-873E-EB64E99CA774}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe |
"{9FCC04B8-D89F-40FD-98C7-90861CA30BC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A47EE3A0-9578-4006-A505-F0A788B3C314}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{BF7FBE09-8F2D-46F2-9534-6AE4A62AA90A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDCE7670-EFE3-46BF-8A48-37A256649A92}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D54F02D1-6CE9-43B5-9D4F-6EFD1FB9B5E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E8DD9F15-D273-4FF5-8930-F2CD0BDA9425}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{ED0F7A04-5C20-49F0-BB2F-1C5374E697BA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{EDCEFFCC-5E13-45C7-ACA7-56294C5D9642}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0 s-edition\app\starmoney.exe |
"{F1665964-3397-41FF-B75F-F6DE3B54FAEF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7D1C44A-892D-46BB-A415-E832E0608C60}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{FA316010-2143-44B2-838C-0ACD2D2A22A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"cAudioFilterAgent" = Conexant Audio Filter Agent
"CNXT_AUDIO_HDA" = Conexant HD Audio
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"SAII" = Conexant SmartAudio
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436940B-1C2C-4FB4-A703-0EE9B1350791}" = PowerNap
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37B45CB0-981B-4A66-8414-C404D02A2C86}" = StarMoney 7.0 S-Edition
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7840W
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60B2F25C-22CB-4CD9-9168-8C63708DC1A1}" = LibreOffice 3.6
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB0B862A-1391-4FAA-8255-8775FA9D6D84}" = Gemalto SmartDiag v2.3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"RiBe" = RiBe
"softOSD Client" = softOSD Client (Build 1445)
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.12.2012 12:36:04 | Computer Name = Arno-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 24.12.2012 14:05:15 | Computer Name = Arno-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 25.12.2012 02:57:39 | Computer Name = Arno-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 25.12.2012 10:13:20 | Computer Name = Arno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSACCESS.EXE, Version: 8.0.0.4122,
Zeitstempel: 0x338b1981 Name des fehlerhaften Moduls: MSACCESS.EXE, Version: 8.0.0.4122,
Zeitstempel: 0x338b1981 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000234fd ID des fehlerhaften
Prozesses: 0xe40 Startzeit der fehlerhaften Anwendung: 0x01cde2a3d8d864b1 Pfad der
fehlerhaften Anwendung: C:\Bestand\MSACCESS.EXE Pfad des fehlerhaften Moduls: C:\Bestand\MSACCESS.EXE
Berichtskennung:
3bfc2964-4e9d-11e2-b5fe-7845c427461b
Error - 28.12.2012 18:12:16 | Computer Name = Arno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSACCESS.EXE, Version: 8.0.0.4122,
Zeitstempel: 0x338b1981 Name des fehlerhaften Moduls: MSACCESS.EXE, Version: 8.0.0.4122,
Zeitstempel: 0x338b1981 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000234fd ID des fehlerhaften
Prozesses: 0x124 Startzeit der fehlerhaften Anwendung: 0x01cde2a327b17bd9 Pfad der
fehlerhaften Anwendung: C:\Bestand\MSACCESS.EXE Pfad des fehlerhaften Moduls: C:\Bestand\MSACCESS.EXE
Berichtskennung:
a34eaa75-513b-11e2-b5fe-7845c427461b
Error - 28.12.2012 18:18:55 | Computer Name = Arno-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 05.01.2013 13:37:55 | Computer Name = Arno-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 10.01.2013 22:04:56 | Computer Name = Arno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: softLCP.exe, Version: 1.6.0.255,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dbe50 Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x13b0 Startzeit der fehlerhaften Anwendung: 0x01cdeb6b5adf057b Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\softLCP.exe Pfad des fehlerhaften Moduls:
C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 4b55af74-5b93-11e2-80fd-7845c427461b
Error - 10.01.2013 22:25:48 | Computer Name = Arno-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 12.01.2013 11:12:27 | Computer Name = Arno-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MSACCESS.EXE, Version: 8.0.0.4122,
Zeitstempel: 0x338b1981 Name des fehlerhaften Moduls: MSACCESS.EXE, Version: 8.0.0.4122,
Zeitstempel: 0x338b1981 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000234fd ID des fehlerhaften
Prozesses: 0xd44 Startzeit der fehlerhaften Anwendung: 0x01cdf0d5853b07a5 Pfad der
fehlerhaften Anwendung: C:\Bestand\MSACCESS.EXE Pfad des fehlerhaften Moduls: C:\Bestand\MSACCESS.EXE
Berichtskennung:
793a767a-5cca-11e2-bb17-7845c427461b
[ System Events ]
Error - 19.12.2012 15:39:51 | Computer Name = Arno-PC | Source = BROWSER | ID = 8032
Description =
Error - 22.12.2012 03:16:57 | Computer Name = Arno-PC | Source = SCardSvr | ID = 610
Description =
Error - 22.12.2012 03:16:57 | Computer Name = Arno-PC | Source = SCardSvr | ID = 610
Description =
Error - 22.12.2012 03:16:57 | Computer Name = Arno-PC | Source = SCardSvr | ID = 610
Description =
Error - 22.12.2012 10:36:28 | Computer Name = Arno-PC | Source = BROWSER | ID = 8032
Description =
Error - 22.12.2012 13:05:42 | Computer Name = Arno-PC | Source = BROWSER | ID = 8032
Description =
Error - 23.12.2012 04:17:51 | Computer Name = Arno-PC | Source = BROWSER | ID = 8032
Description =
Error - 26.12.2012 15:19:02 | Computer Name = Arno-PC | Source = BROWSER | ID = 8032
Description =
Error - 26.12.2012 17:31:02 | Computer Name = Arno-PC | Source = BROWSER | ID = 8032
Description =
Error - 27.12.2012 10:48:23 | Computer Name = Arno-PC | Source = BROWSER | ID = 8032
Description =
< End of report >
-> Ich würde sagen, C:\ProgramData\9yIjFC7.bat/reg/pad sind die Übeltäter? .bat Inhalt: Code:
ATTFilter START "ok" rundll32.exe C:\Users\Arno\AppData\Local\Temp\7CFjIy9.exe,H1N1 /B
Code:
ATTFilter Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="C:\\PROGRA~3\\9yIjFC7.bat"
-> Keine Ahnung ist 90.6MB gross Geändert von koaschten (18.01.2013 um 19:52 Uhr) |
|
18.01.2013, 20:28
| #4 |
| /// Malware-holic | GVU Trojaner / PaySafeCard Erpressung hi ich weis schon, was gelöscht werden muss :-) dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2013.01.17 12:19:19 | 000,000,153 | ---- | C] () -- C:\ProgramData\9yIjFC7.reg
[2013.01.17 12:19:19 | 000,000,078 | ---- | C] () -- C:\ProgramData\9yIjFC7.bat
[2013.01.17 12:19:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\9yIjFC7.pad
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.01.2013, 20:43
| #5 |
| | GVU Trojaner / PaySafeCard Erpressung OTL hat neugestartet und ich habe normal hochfahren lassen, siehe da, normaler Desktop.  Code:
ATTFilter All processes killed
========== OTL ==========
C:\ProgramData\9yIjFC7.reg moved successfully.
C:\ProgramData\9yIjFC7.bat moved successfully.
C:\ProgramData\9yIjFC7.pad moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Arno
->Flash cache emptied: 20914 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Arno
->Temp folder emptied: 787446339 bytes
->Temporary Internet Files folder emptied: 356634140 bytes
->Java cache emptied: 229474 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 275012735 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 512070771 bytes
Total Files Cleaned = 1.842,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01182013_203755
Files\Folders moved on Reboot...
C:\Users\Arno\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Kann ich die Microsoft Security Essentials Quarantäne leeren? Trojan:Win32/Reveton!lnk Code:
ATTFilter Kategorie: Trojaner
Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente:
startup:C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
file:C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
Online weitere Informationen zu diesem Element abrufen
Code:
ATTFilter Kategorie: Trojaner
Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente:
file:C:\Users\Arno\wgsdgsdgdsgsd.exe
runkey:HKCU@S-1-5-21-483578834-1902177125-4131701361-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\svñhîst
regkey:HKCU@S-1-5-21-483578834-1902177125-4131701361-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\svñhîst
Online weitere Informationen zu diesem Element abrufen
Code:
ATTFilter Kategorie: Exploit
Beschreibung: Dieses Programm ist gefährlich. Es nutzt die Sicherheitslücken eines Computers aus.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente:
file:C:\Users\Arno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33I4YIRF\5308[1].pdf
Online weitere Informationen zu diesem Element abrufen
Code:
ATTFilter Kategorie: Trojaner
Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente:
file:C:\ProgramData\9yIjFC7.js
Online weitere Informationen zu diesem Element abrufen
Code:
ATTFilter Kategorie: Trojaner
Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente:
startup:C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
file:C:\Users\Arno\AppData\Local\Temp\7CFjIy9.exe
file:C:\Users\Arno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
Online weitere Informationen zu diesem Element abrufen
Geändert von koaschten (18.01.2013 um 20:50 Uhr) |
|
19.01.2013, 18:32
| #6 |
| /// Malware-holic | GVU Trojaner / PaySafeCard Erpressung Hi die Files aus der MSE Quara können weg. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ --> GVU Trojaner / PaySafeCard Erpressung |
|
19.01.2013, 20:50
| #7 |
| | GVU Trojaner / PaySafeCard Erpressung TDSS LOG Code:
ATTFilter 20:48:28.0449 5400 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:48:29.0379 5400 ============================================================
20:48:29.0379 5400 Current date / time: 2013/01/19 20:48:29.0379
20:48:29.0379 5400 SystemInfo:
20:48:29.0379 5400
20:48:29.0379 5400 OS Version: 6.1.7601 ServicePack: 1.0
20:48:29.0379 5400 Product type: Workstation
20:48:29.0379 5400 ComputerName: ARNO-PC
20:48:29.0379 5400 UserName: Arno
20:48:29.0379 5400 Windows directory: C:\Windows
20:48:29.0379 5400 System windows directory: C:\Windows
20:48:29.0379 5400 Running under WOW64
20:48:29.0379 5400 Processor architecture: Intel x64
20:48:29.0379 5400 Number of processors: 4
20:48:29.0379 5400 Page size: 0x1000
20:48:29.0379 5400 Boot type: Normal boot
20:48:29.0379 5400 ============================================================
20:48:30.0074 5400 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:48:30.0089 5400 ============================================================
20:48:30.0089 5400 \Device\Harddisk0\DR0:
20:48:30.0089 5400 MBR partitions:
20:48:30.0089 5400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1498000
20:48:30.0089 5400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14AC000, BlocksNum 0x38ED8000
20:48:30.0089 5400 ============================================================
20:48:30.0134 5400 C: <-> \Device\Harddisk0\DR0\Partition2
20:48:30.0134 5400 ============================================================
20:48:30.0134 5400 Initialize success
20:48:30.0134 5400 ============================================================
20:48:39.0019 4560 ============================================================
20:48:39.0019 4560 Scan started
20:48:39.0019 4560 Mode: Manual; SigCheck; TDLFS;
20:48:39.0019 4560 ============================================================
20:48:39.0209 4560 ================ Scan system memory ========================
20:48:39.0209 4560 System memory - ok
20:48:39.0209 4560 ================ Scan services =============================
20:48:39.0324 4560 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:48:39.0379 4560 1394ohci - ok
20:48:39.0399 4560 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:48:39.0409 4560 ACPI - ok
20:48:39.0414 4560 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:48:39.0419 4560 AcpiPmi - ok
20:48:39.0489 4560 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:48:39.0499 4560 AdobeARMservice - ok
20:48:39.0584 4560 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:48:39.0599 4560 AdobeFlashPlayerUpdateSvc - ok
20:48:39.0629 4560 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:48:39.0649 4560 adp94xx - ok
20:48:39.0674 4560 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:48:39.0684 4560 adpahci - ok
20:48:39.0689 4560 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:48:39.0704 4560 adpu320 - ok
20:48:39.0729 4560 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:48:39.0759 4560 AeLookupSvc - ok
20:48:39.0779 4560 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:48:39.0789 4560 AFD - ok
20:48:39.0799 4560 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:48:39.0804 4560 agp440 - ok
20:48:39.0824 4560 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:48:39.0829 4560 ALG - ok
20:48:39.0839 4560 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:48:39.0844 4560 aliide - ok
20:48:39.0849 4560 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:48:39.0854 4560 amdide - ok
20:48:39.0854 4560 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:48:39.0864 4560 AmdK8 - ok
20:48:39.0869 4560 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:48:39.0874 4560 AmdPPM - ok
20:48:39.0884 4560 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:48:39.0894 4560 amdsata - ok
20:48:39.0899 4560 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:48:39.0904 4560 amdsbs - ok
20:48:39.0924 4560 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:48:39.0929 4560 amdxata - ok
20:48:39.0939 4560 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:48:39.0964 4560 AppID - ok
20:48:39.0984 4560 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:48:40.0004 4560 AppIDSvc - ok
20:48:40.0024 4560 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:48:40.0044 4560 Appinfo - ok
20:48:40.0069 4560 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:48:40.0074 4560 AppMgmt - ok
20:48:40.0079 4560 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:48:40.0084 4560 arc - ok
20:48:40.0094 4560 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:48:40.0104 4560 arcsas - ok
20:48:40.0159 4560 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:48:40.0174 4560 aspnet_state - ok
20:48:40.0179 4560 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:48:40.0219 4560 AsyncMac - ok
20:48:40.0239 4560 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:48:40.0254 4560 atapi - ok
20:48:40.0284 4560 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:48:40.0309 4560 AudioEndpointBuilder - ok
20:48:40.0319 4560 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:48:40.0339 4560 AudioSrv - ok
20:48:40.0374 4560 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:48:40.0394 4560 AxInstSV - ok
20:48:40.0429 4560 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:48:40.0444 4560 b06bdrv - ok
20:48:40.0464 4560 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:48:40.0469 4560 b57nd60a - ok
20:48:40.0479 4560 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:48:40.0489 4560 BDESVC - ok
20:48:40.0504 4560 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:48:40.0524 4560 Beep - ok
20:48:40.0564 4560 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:48:40.0604 4560 BFE - ok
20:48:40.0634 4560 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:48:40.0664 4560 BITS - ok
20:48:40.0689 4560 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:48:40.0699 4560 blbdrive - ok
20:48:40.0714 4560 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:48:40.0729 4560 bowser - ok
20:48:40.0754 4560 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:48:40.0764 4560 BrFiltLo - ok
20:48:40.0769 4560 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:48:40.0779 4560 BrFiltUp - ok
20:48:40.0794 4560 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:48:40.0809 4560 Browser - ok
20:48:40.0814 4560 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:48:40.0824 4560 Brserid - ok
20:48:40.0829 4560 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:48:40.0839 4560 BrSerWdm - ok
20:48:40.0839 4560 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:48:40.0849 4560 BrUsbMdm - ok
20:48:40.0854 4560 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:48:40.0859 4560 BrUsbSer - ok
20:48:40.0869 4560 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:48:40.0879 4560 BTHMODEM - ok
20:48:40.0904 4560 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:48:40.0934 4560 bthserv - ok
20:48:40.0949 4560 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:48:40.0974 4560 cdfs - ok
20:48:40.0989 4560 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:48:40.0999 4560 cdrom - ok
20:48:41.0024 4560 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:48:41.0044 4560 CertPropSvc - ok
20:48:41.0054 4560 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:48:41.0064 4560 circlass - ok
20:48:41.0074 4560 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:48:41.0084 4560 CLFS - ok
20:48:41.0124 4560 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:48:41.0134 4560 clr_optimization_v2.0.50727_32 - ok
20:48:41.0164 4560 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:48:41.0174 4560 clr_optimization_v2.0.50727_64 - ok
20:48:41.0214 4560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:48:41.0229 4560 clr_optimization_v4.0.30319_32 - ok
20:48:41.0254 4560 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:48:41.0259 4560 clr_optimization_v4.0.30319_64 - ok
20:48:41.0289 4560 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
20:48:41.0294 4560 CmBatt - ok
20:48:41.0299 4560 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:48:41.0304 4560 cmdide - ok
20:48:41.0344 4560 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
20:48:41.0369 4560 CNG - ok
20:48:41.0414 4560 [ 50ACFD725574448FB6E769FCD321FA2D ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
20:48:41.0439 4560 CnxtHdAudService - ok
20:48:41.0444 4560 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:48:41.0449 4560 Compbatt - ok
20:48:41.0469 4560 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:48:41.0474 4560 CompositeBus - ok
20:48:41.0484 4560 COMSysApp - ok
20:48:41.0594 4560 [ 7324EC715932A12B09715B50891396F7 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:48:41.0604 4560 cphs - ok
20:48:41.0639 4560 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:48:41.0654 4560 crcdisk - ok
20:48:41.0679 4560 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:48:41.0694 4560 CryptSvc - ok
20:48:41.0714 4560 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:48:41.0729 4560 CSC - ok
20:48:41.0739 4560 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:48:41.0754 4560 CscService - ok
20:48:41.0779 4560 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:48:41.0804 4560 DcomLaunch - ok
20:48:41.0824 4560 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:48:41.0854 4560 defragsvc - ok
20:48:41.0879 4560 [ 4B36F7F6968C394FBC330CE4F4C2E010 ] dell_power_nap_service C:\Program Files (x86)\Dell\PowerNap\PowerNap.Service.exe
20:48:41.0884 4560 dell_power_nap_service ( UnsignedFile.Multi.Generic ) - warning
20:48:41.0884 4560 dell_power_nap_service - detected UnsignedFile.Multi.Generic (1)
20:48:41.0894 4560 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:48:41.0919 4560 DfsC - ok
20:48:41.0939 4560 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:48:41.0949 4560 Dhcp - ok
20:48:41.0959 4560 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:48:41.0984 4560 discache - ok
20:48:41.0994 4560 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:48:41.0999 4560 Disk - ok
20:48:42.0029 4560 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
20:48:42.0039 4560 dmvsc - ok
20:48:42.0059 4560 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:48:42.0064 4560 Dnscache - ok
20:48:42.0089 4560 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:48:42.0134 4560 dot3svc - ok
20:48:42.0149 4560 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:48:42.0174 4560 DPS - ok
20:48:42.0194 4560 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:48:42.0204 4560 drmkaud - ok
20:48:42.0239 4560 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:48:42.0269 4560 DXGKrnl - ok
20:48:42.0284 4560 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:48:42.0314 4560 EapHost - ok
20:48:42.0369 4560 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:48:42.0404 4560 ebdrv - ok
20:48:42.0424 4560 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:48:42.0429 4560 EFS - ok
20:48:42.0474 4560 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:48:42.0499 4560 ehRecvr - ok
20:48:42.0509 4560 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:48:42.0519 4560 ehSched - ok
20:48:42.0544 4560 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:48:42.0554 4560 elxstor - ok
20:48:42.0559 4560 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:48:42.0569 4560 ErrDev - ok
20:48:42.0599 4560 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:48:42.0624 4560 EventSystem - ok
20:48:42.0634 4560 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:48:42.0654 4560 exfat - ok
20:48:42.0669 4560 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:48:42.0694 4560 fastfat - ok
20:48:42.0709 4560 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:48:42.0724 4560 Fax - ok
20:48:42.0724 4560 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:48:42.0734 4560 fdc - ok
20:48:42.0749 4560 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:48:42.0769 4560 fdPHost - ok
20:48:42.0779 4560 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:48:42.0799 4560 FDResPub - ok
20:48:42.0799 4560 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:48:42.0809 4560 FileInfo - ok
20:48:42.0814 4560 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:48:42.0834 4560 Filetrace - ok
20:48:42.0834 4560 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:48:42.0844 4560 flpydisk - ok
20:48:42.0849 4560 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:48:42.0859 4560 FltMgr - ok
20:48:42.0899 4560 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:48:42.0924 4560 FontCache - ok
20:48:42.0959 4560 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:48:42.0969 4560 FontCache3.0.0.0 - ok
20:48:42.0974 4560 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:48:42.0984 4560 FsDepends - ok
20:48:43.0009 4560 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:48:43.0019 4560 Fs_Rec - ok
20:48:43.0034 4560 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:48:43.0044 4560 fvevol - ok
20:48:43.0059 4560 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:48:43.0069 4560 gagp30kx - ok
20:48:43.0094 4560 [ 1A2D1C54C3731A8D511032884EC53339 ] GKUPRO2D C:\Windows\system32\Drivers\GKUPRO2D.sys
20:48:43.0099 4560 GKUPRO2D - ok
20:48:43.0134 4560 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:48:43.0174 4560 gpsvc - ok
20:48:43.0184 4560 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:48:43.0194 4560 hcw85cir - ok
20:48:43.0209 4560 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:48:43.0219 4560 HDAudBus - ok
20:48:43.0224 4560 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:48:43.0229 4560 HidBatt - ok
20:48:43.0234 4560 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:48:43.0244 4560 HidBth - ok
20:48:43.0244 4560 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:48:43.0254 4560 HidIr - ok
20:48:43.0259 4560 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:48:43.0284 4560 hidserv - ok
20:48:43.0289 4560 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:48:43.0299 4560 HidUsb - ok
20:48:43.0314 4560 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:48:43.0334 4560 hkmsvc - ok
20:48:43.0349 4560 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:48:43.0359 4560 HomeGroupListener - ok
20:48:43.0379 4560 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:48:43.0394 4560 HomeGroupProvider - ok
20:48:43.0409 4560 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:48:43.0424 4560 HpSAMD - ok
20:48:43.0449 4560 [ D70DAE4D3ACBF4ACB99E50BA960CB9F7 ] HPSIService C:\Windows\system32\HPSIsvc.exe
20:48:43.0459 4560 HPSIService - ok
20:48:43.0479 4560 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:48:43.0499 4560 HTTP - ok
20:48:43.0514 4560 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:48:43.0519 4560 hwpolicy - ok
20:48:43.0524 4560 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:48:43.0534 4560 i8042prt - ok
20:48:43.0569 4560 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:48:43.0579 4560 iaStorV - ok
20:48:43.0619 4560 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:48:43.0644 4560 idsvc - ok
20:48:43.0739 4560 [ FCAA07539A6137EF78AAB39CC455CC5E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:48:43.0784 4560 igfx - ok
20:48:43.0804 4560 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:48:43.0814 4560 iirsp - ok
20:48:43.0839 4560 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:48:43.0869 4560 IKEEXT - ok
20:48:43.0889 4560 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:48:43.0899 4560 IntcDAud - ok
20:48:43.0969 4560 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
20:48:43.0989 4560 Intel(R) Capability Licensing Service Interface - ok
20:48:44.0024 4560 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:48:44.0034 4560 intelide - ok
20:48:44.0054 4560 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:48:44.0069 4560 intelppm - ok
20:48:44.0099 4560 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:48:44.0144 4560 IPBusEnum - ok
20:48:44.0159 4560 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:48:44.0179 4560 IpFilterDriver - ok
20:48:44.0204 4560 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:48:44.0219 4560 iphlpsvc - ok
20:48:44.0224 4560 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:48:44.0234 4560 IPMIDRV - ok
20:48:44.0239 4560 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:48:44.0259 4560 IPNAT - ok
20:48:44.0264 4560 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:48:44.0274 4560 IRENUM - ok
20:48:44.0279 4560 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:48:44.0284 4560 isapnp - ok
20:48:44.0294 4560 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:48:44.0304 4560 iScsiPrt - ok
20:48:44.0369 4560 [ 09CA717536671E0896E07D239EE6740F ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:48:44.0379 4560 jhi_service - ok
20:48:44.0399 4560 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:48:44.0414 4560 kbdclass - ok
20:48:44.0424 4560 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:48:44.0429 4560 kbdhid - ok
20:48:44.0444 4560 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:48:44.0454 4560 KeyIso - ok
20:48:44.0469 4560 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:48:44.0474 4560 KSecDD - ok
20:48:44.0489 4560 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:48:44.0494 4560 KSecPkg - ok
20:48:44.0499 4560 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:48:44.0519 4560 ksthunk - ok
20:48:44.0549 4560 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:48:44.0569 4560 KtmRm - ok
20:48:44.0589 4560 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:48:44.0609 4560 LanmanServer - ok
20:48:44.0629 4560 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:48:44.0649 4560 LanmanWorkstation - ok
20:48:44.0664 4560 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:48:44.0684 4560 lltdio - ok
20:48:44.0699 4560 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:48:44.0724 4560 lltdsvc - ok
20:48:44.0734 4560 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:48:44.0759 4560 lmhosts - ok
20:48:44.0779 4560 [ A60D56228FF3EE7EC1A56A908924680E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:48:44.0784 4560 LMS - ok
20:48:44.0819 4560 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:48:44.0839 4560 LSI_FC - ok
20:48:44.0844 4560 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:48:44.0854 4560 LSI_SAS - ok
20:48:44.0854 4560 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:48:44.0864 4560 LSI_SAS2 - ok
20:48:44.0869 4560 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:48:44.0874 4560 LSI_SCSI - ok
20:48:44.0884 4560 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:48:44.0909 4560 luafv - ok
20:48:44.0929 4560 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:48:44.0939 4560 Mcx2Svc - ok
20:48:44.0944 4560 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:48:44.0949 4560 megasas - ok
20:48:44.0959 4560 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:48:44.0969 4560 MegaSR - ok
20:48:45.0004 4560 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:48:45.0009 4560 MEIx64 - ok
20:48:45.0039 4560 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:48:45.0069 4560 MMCSS - ok
20:48:45.0084 4560 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:48:45.0104 4560 Modem - ok
20:48:45.0114 4560 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:48:45.0124 4560 monitor - ok
20:48:45.0139 4560 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:48:45.0144 4560 mouclass - ok
20:48:45.0159 4560 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:48:45.0164 4560 mouhid - ok
20:48:45.0189 4560 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:48:45.0199 4560 mountmgr - ok
20:48:45.0209 4560 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:48:45.0219 4560 MpFilter - ok
20:48:45.0224 4560 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:48:45.0234 4560 mpio - ok
20:48:45.0234 4560 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:48:45.0254 4560 mpsdrv - ok
20:48:45.0279 4560 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:48:45.0304 4560 MpsSvc - ok
20:48:45.0309 4560 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:48:45.0319 4560 MRxDAV - ok
20:48:45.0349 4560 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:48:45.0359 4560 mrxsmb - ok
20:48:45.0369 4560 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:48:45.0384 4560 mrxsmb10 - ok
20:48:45.0399 4560 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:48:45.0404 4560 mrxsmb20 - ok
20:48:45.0429 4560 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:48:45.0434 4560 msahci - ok
20:48:45.0449 4560 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:48:45.0464 4560 msdsm - ok
20:48:45.0479 4560 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:48:45.0494 4560 MSDTC - ok
20:48:45.0514 4560 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:48:45.0544 4560 Msfs - ok
20:48:45.0559 4560 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:48:45.0579 4560 mshidkmdf - ok
20:48:45.0584 4560 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:48:45.0589 4560 msisadrv - ok
20:48:45.0609 4560 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:48:45.0629 4560 MSiSCSI - ok
20:48:45.0634 4560 msiserver - ok
20:48:45.0639 4560 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:48:45.0664 4560 MSKSSRV - ok
20:48:45.0699 4560 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:48:45.0704 4560 MsMpSvc - ok
20:48:45.0709 4560 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:48:45.0729 4560 MSPCLOCK - ok
20:48:45.0734 4560 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:48:45.0754 4560 MSPQM - ok
20:48:45.0769 4560 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:48:45.0779 4560 MsRPC - ok
20:48:45.0784 4560 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:48:45.0789 4560 mssmbios - ok
20:48:45.0789 4560 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:48:45.0809 4560 MSTEE - ok
20:48:45.0814 4560 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:48:45.0819 4560 MTConfig - ok
20:48:45.0824 4560 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:48:45.0834 4560 Mup - ok
20:48:45.0854 4560 [ E590F14F36617533091BC1DDCF80E8AE ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys
20:48:45.0864 4560 mvusbews - ok
20:48:45.0889 4560 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:48:45.0929 4560 napagent - ok
20:48:45.0944 4560 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:48:45.0959 4560 NativeWifiP - ok
20:48:45.0994 4560 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:48:46.0009 4560 NDIS - ok
20:48:46.0019 4560 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:48:46.0039 4560 NdisCap - ok
20:48:46.0059 4560 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:48:46.0079 4560 NdisTapi - ok
20:48:46.0084 4560 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:48:46.0104 4560 Ndisuio - ok
20:48:46.0109 4560 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:48:46.0134 4560 NdisWan - ok
20:48:46.0139 4560 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:48:46.0159 4560 NDProxy - ok
20:48:46.0159 4560 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:48:46.0184 4560 NetBIOS - ok
20:48:46.0189 4560 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:48:46.0209 4560 NetBT - ok
20:48:46.0219 4560 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:48:46.0224 4560 Netlogon - ok
20:48:46.0249 4560 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:48:46.0274 4560 Netman - ok
20:48:46.0299 4560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:46.0309 4560 NetMsmqActivator - ok
20:48:46.0314 4560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:46.0319 4560 NetPipeActivator - ok
20:48:46.0334 4560 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:48:46.0359 4560 netprofm - ok
20:48:46.0364 4560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:46.0369 4560 NetTcpActivator - ok
20:48:46.0374 4560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:48:46.0379 4560 NetTcpPortSharing - ok
20:48:46.0399 4560 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
20:48:46.0409 4560 netvsc - ok
20:48:46.0429 4560 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:48:46.0434 4560 nfrd960 - ok
20:48:46.0454 4560 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:48:46.0464 4560 NisDrv - ok
20:48:46.0489 4560 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:48:46.0499 4560 NisSrv - ok
20:48:46.0524 4560 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:48:46.0534 4560 NlaSvc - ok
20:48:46.0539 4560 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:48:46.0559 4560 Npfs - ok
20:48:46.0584 4560 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:48:46.0604 4560 nsi - ok
20:48:46.0609 4560 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:48:46.0629 4560 nsiproxy - ok
20:48:46.0709 4560 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:48:46.0739 4560 Ntfs - ok
20:48:46.0779 4560 [ 77EB11DA191D12D12E28D7BD8905C42C ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
20:48:46.0789 4560 NuidFltr - ok
20:48:46.0799 4560 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:48:46.0829 4560 Null - ok
20:48:46.0854 4560 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:48:46.0864 4560 nvraid - ok
20:48:46.0889 4560 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:48:46.0899 4560 nvstor - ok
20:48:46.0919 4560 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:48:46.0934 4560 nv_agp - ok
20:48:46.0944 4560 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:48:46.0949 4560 ohci1394 - ok
20:48:46.0969 4560 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:48:46.0984 4560 p2pimsvc - ok
20:48:46.0999 4560 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:48:47.0014 4560 p2psvc - ok
20:48:47.0019 4560 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:48:47.0029 4560 Parport - ok
20:48:47.0049 4560 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:48:47.0054 4560 partmgr - ok
20:48:47.0069 4560 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:48:47.0079 4560 PcaSvc - ok
20:48:47.0099 4560 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:48:47.0114 4560 pci - ok
20:48:47.0134 4560 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:48:47.0139 4560 pciide - ok
20:48:47.0159 4560 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:48:47.0169 4560 pcmcia - ok
20:48:47.0184 4560 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:48:47.0189 4560 pcw - ok
20:48:47.0199 4560 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:48:47.0229 4560 PEAUTH - ok
20:48:47.0264 4560 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:48:47.0279 4560 PeerDistSvc - ok
20:48:47.0304 4560 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:48:47.0314 4560 PerfHost - ok
20:48:47.0344 4560 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:48:47.0374 4560 pla - ok
20:48:47.0399 4560 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:48:47.0409 4560 PlugPlay - ok
20:48:47.0419 4560 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:48:47.0429 4560 PNRPAutoReg - ok
20:48:47.0444 4560 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:48:47.0454 4560 PNRPsvc - ok
20:48:47.0479 4560 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:48:47.0504 4560 PolicyAgent - ok
20:48:47.0519 4560 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
20:48:47.0529 4560 Power - ok
20:48:47.0554 4560 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:48:47.0579 4560 PptpMiniport - ok
20:48:47.0594 4560 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:48:47.0599 4560 Processor - ok
20:48:47.0619 4560 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:48:47.0634 4560 ProfSvc - ok
20:48:47.0649 4560 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:48:47.0664 4560 ProtectedStorage - ok
20:48:47.0679 4560 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:48:47.0704 4560 Psched - ok
20:48:47.0734 4560 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:48:47.0754 4560 ql2300 - ok
20:48:47.0759 4560 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:48:47.0764 4560 ql40xx - ok
20:48:47.0789 4560 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:48:47.0804 4560 QWAVE - ok
20:48:47.0804 4560 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:48:47.0814 4560 QWAVEdrv - ok
20:48:47.0819 4560 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:48:47.0839 4560 RasAcd - ok
20:48:47.0859 4560 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:48:47.0879 4560 RasAgileVpn - ok
20:48:47.0889 4560 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:48:47.0909 4560 RasAuto - ok
20:48:47.0914 4560 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:48:47.0934 4560 Rasl2tp - ok
20:48:47.0954 4560 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:48:47.0974 4560 RasMan - ok
20:48:47.0989 4560 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:48:48.0009 4560 RasPppoe - ok
20:48:48.0014 4560 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:48:48.0034 4560 RasSstp - ok
20:48:48.0039 4560 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:48:48.0064 4560 rdbss - ok
20:48:48.0064 4560 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:48:48.0074 4560 rdpbus - ok
20:48:48.0084 4560 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:48:48.0104 4560 RDPCDD - ok
20:48:48.0124 4560 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:48:48.0134 4560 RDPDR - ok
20:48:48.0139 4560 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:48:48.0159 4560 RDPENCDD - ok
20:48:48.0164 4560 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:48:48.0184 4560 RDPREFMP - ok
20:48:48.0199 4560 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:48:48.0204 4560 RdpVideoMiniport - ok
20:48:48.0224 4560 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:48:48.0234 4560 RDPWD - ok
20:48:48.0239 4560 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:48:48.0249 4560 rdyboost - ok
20:48:48.0274 4560 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:48:48.0299 4560 RemoteAccess - ok
20:48:48.0314 4560 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:48:48.0334 4560 RemoteRegistry - ok
20:48:48.0349 4560 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:48:48.0369 4560 RpcEptMapper - ok
20:48:48.0379 4560 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:48:48.0389 4560 RpcLocator - ok
20:48:48.0404 4560 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:48:48.0429 4560 RpcSs - ok
20:48:48.0454 4560 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:48:48.0499 4560 rspndr - ok
20:48:48.0529 4560 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:48:48.0544 4560 RTL8167 - ok
20:48:48.0559 4560 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:48:48.0569 4560 s3cap - ok
20:48:48.0584 4560 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:48:48.0594 4560 SamSs - ok
20:48:48.0604 4560 SAService - ok
20:48:48.0619 4560 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:48:48.0629 4560 sbp2port - ok
20:48:48.0649 4560 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:48:48.0689 4560 SCardSvr - ok
20:48:48.0699 4560 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:48:48.0724 4560 scfilter - ok
20:48:48.0739 4560 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:48:48.0769 4560 Schedule - ok
20:48:48.0789 4560 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:48:48.0814 4560 SCPolicySvc - ok
20:48:48.0829 4560 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:48:48.0839 4560 SDRSVC - ok
20:48:48.0864 4560 [ 0A6A1C9A7F80A2A5DCCED5C4C0473765 ] se64a C:\Windows\system32\Drivers\se64a.sys
20:48:48.0879 4560 se64a - ok
20:48:48.0889 4560 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:48:48.0909 4560 secdrv - ok
20:48:48.0919 4560 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:48:48.0939 4560 seclogon - ok
20:48:48.0959 4560 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:48:48.0979 4560 SENS - ok
20:48:48.0989 4560 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:48:48.0999 4560 SensrSvc - ok
20:48:49.0009 4560 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:48:49.0014 4560 Serenum - ok
20:48:49.0024 4560 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:48:49.0034 4560 Serial - ok
20:48:49.0054 4560 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:48:49.0064 4560 sermouse - ok
20:48:49.0079 4560 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:48:49.0099 4560 SessionEnv - ok
20:48:49.0099 4560 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:48:49.0109 4560 sffdisk - ok
20:48:49.0114 4560 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:48:49.0119 4560 sffp_mmc - ok
20:48:49.0124 4560 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:48:49.0134 4560 sffp_sd - ok
20:48:49.0134 4560 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:48:49.0139 4560 sfloppy - ok
20:48:49.0164 4560 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:48:49.0189 4560 SharedAccess - ok
20:48:49.0204 4560 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:48:49.0229 4560 ShellHWDetection - ok
20:48:49.0239 4560 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:48:49.0244 4560 SiSRaid2 - ok
20:48:49.0249 4560 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:48:49.0254 4560 SiSRaid4 - ok
20:48:49.0269 4560 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:48:49.0289 4560 Smb - ok
20:48:49.0304 4560 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:48:49.0309 4560 SNMPTRAP - ok
20:48:49.0344 4560 [ CAFD8337F594F341A18BD82545122469 ] softOSD C:\Program Files (x86)\softOSD\softOSD.exe
20:48:49.0364 4560 softOSD - ok
20:48:49.0379 4560 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:48:49.0389 4560 spldr - ok
20:48:49.0414 4560 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:48:49.0424 4560 Spooler - ok
20:48:49.0484 4560 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:48:49.0534 4560 sppsvc - ok
20:48:49.0539 4560 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:48:49.0564 4560 sppuinotify - ok
20:48:49.0584 4560 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:48:49.0594 4560 srv - ok
20:48:49.0614 4560 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:48:49.0624 4560 srv2 - ok
20:48:49.0639 4560 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:48:49.0644 4560 srvnet - ok
20:48:49.0669 4560 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:48:49.0704 4560 SSDPSRV - ok
20:48:49.0709 4560 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:48:49.0734 4560 SstpSvc - ok
20:48:49.0809 4560 [ E8606BF6BE3B7481D95F1DD2E4F3FCBA ] StarMoney 7.0 OnlineUpdate C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
20:48:49.0829 4560 StarMoney 7.0 OnlineUpdate - ok
20:48:49.0849 4560 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:48:49.0859 4560 stexstor - ok
20:48:49.0879 4560 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
20:48:49.0894 4560 StillCam - ok
20:48:49.0919 4560 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:48:49.0939 4560 stisvc - ok
20:48:49.0964 4560 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
20:48:49.0974 4560 StorSvc - ok
20:48:49.0994 4560 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:48:50.0004 4560 storvsc - ok
20:48:50.0014 4560 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:48:50.0024 4560 swenum - ok
20:48:50.0044 4560 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:48:50.0069 4560 swprv - ok
20:48:50.0084 4560 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
20:48:50.0089 4560 SynthVid - ok
20:48:50.0119 4560 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:48:50.0159 4560 SysMain - ok
20:48:50.0164 4560 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:48:50.0179 4560 TabletInputService - ok
20:48:50.0194 4560 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:48:50.0219 4560 TapiSrv - ok
20:48:50.0229 4560 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:48:50.0254 4560 TBS - ok
20:48:50.0294 4560 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:48:50.0314 4560 Tcpip - ok
20:48:50.0349 4560 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:48:50.0374 4560 TCPIP6 - ok
20:48:50.0384 4560 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:48:50.0389 4560 tcpipreg - ok
20:48:50.0414 4560 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:48:50.0419 4560 TDPIPE - ok
20:48:50.0439 4560 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:48:50.0444 4560 TDTCP - ok
20:48:50.0459 4560 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:48:50.0479 4560 tdx - ok
20:48:50.0574 4560 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
20:48:50.0624 4560 TeamViewer8 - ok
20:48:50.0629 4560 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:48:50.0634 4560 TermDD - ok
20:48:50.0659 4560 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:48:50.0684 4560 TermService - ok
20:48:50.0694 4560 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:48:50.0709 4560 Themes - ok
20:48:50.0719 4560 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:48:50.0739 4560 THREADORDER - ok
20:48:50.0764 4560 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:48:50.0784 4560 TrkWks - ok
20:48:50.0824 4560 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:48:50.0854 4560 TrustedInstaller - ok
20:48:50.0869 4560 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:48:50.0889 4560 tssecsrv - ok
20:48:50.0919 4560 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:48:50.0924 4560 TsUsbFlt - ok
20:48:50.0939 4560 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:48:50.0954 4560 TsUsbGD - ok
20:48:50.0969 4560 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:48:50.0999 4560 tunnel - ok
20:48:51.0009 4560 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:48:51.0019 4560 uagp35 - ok
20:48:51.0039 4560 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:48:51.0059 4560 udfs - ok
20:48:51.0079 4560 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:48:51.0089 4560 UI0Detect - ok
20:48:51.0099 4560 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:48:51.0109 4560 uliagpkx - ok
20:48:51.0119 4560 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:48:51.0129 4560 umbus - ok
20:48:51.0159 4560 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:48:51.0169 4560 UmPass - ok
20:48:51.0184 4560 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:48:51.0194 4560 UmRdpService - ok
20:48:51.0269 4560 [ A0153CC9D28568A10BDAEE5EC612CFC8 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:48:51.0284 4560 UNS - ok
20:48:51.0314 4560 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:48:51.0354 4560 upnphost - ok
20:48:51.0379 4560 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:48:51.0394 4560 usbccgp - ok
20:48:51.0419 4560 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:48:51.0439 4560 usbcir - ok
20:48:51.0444 4560 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:48:51.0464 4560 usbehci - ok
20:48:51.0489 4560 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:48:51.0499 4560 usbhub - ok
20:48:51.0519 4560 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:48:51.0524 4560 usbohci - ok
20:48:51.0549 4560 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:48:51.0554 4560 usbprint - ok
20:48:51.0569 4560 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:48:51.0574 4560 USBSTOR - ok
20:48:51.0594 4560 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:48:51.0609 4560 usbuhci - ok
20:48:51.0629 4560 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:48:51.0664 4560 UxSms - ok
20:48:51.0674 4560 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:48:51.0679 4560 VaultSvc - ok
20:48:51.0684 4560 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:48:51.0694 4560 vdrvroot - ok
20:48:51.0709 4560 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:48:51.0734 4560 vds - ok
20:48:51.0739 4560 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:48:51.0749 4560 vga - ok
20:48:51.0749 4560 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:48:51.0769 4560 VgaSave - ok
20:48:51.0784 4560 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:48:51.0789 4560 vhdmp - ok
20:48:51.0804 4560 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:48:51.0809 4560 viaide - ok
20:48:51.0839 4560 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:48:51.0854 4560 VMBusHID - ok
20:48:51.0864 4560 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:48:51.0874 4560 volmgr - ok
20:48:51.0879 4560 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:48:51.0889 4560 volmgrx - ok
20:48:51.0909 4560 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:48:51.0919 4560 volsnap - ok
20:48:51.0939 4560 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:48:51.0949 4560 vsmraid - ok
20:48:51.0989 4560 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:48:52.0034 4560 VSS - ok
20:48:52.0044 4560 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:48:52.0054 4560 vwifibus - ok
20:48:52.0079 4560 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:48:52.0104 4560 W32Time - ok
20:48:52.0114 4560 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:48:52.0124 4560 WacomPen - ok
20:48:52.0139 4560 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:48:52.0159 4560 WANARP - ok
20:48:52.0164 4560 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:48:52.0184 4560 Wanarpv6 - ok
20:48:52.0219 4560 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:48:52.0249 4560 wbengine - ok
20:48:52.0254 4560 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:48:52.0274 4560 WbioSrvc - ok
20:48:52.0279 4560 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:48:52.0294 4560 wcncsvc - ok
20:48:52.0304 4560 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:48:52.0314 4560 WcsPlugInService - ok
20:48:52.0314 4560 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:48:52.0319 4560 Wd - ok
20:48:52.0349 4560 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:48:52.0374 4560 Wdf01000 - ok
20:48:52.0384 4560 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:48:52.0394 4560 WdiServiceHost - ok
20:48:52.0394 4560 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:48:52.0409 4560 WdiSystemHost - ok
20:48:52.0419 4560 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:48:52.0429 4560 WebClient - ok
20:48:52.0454 4560 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:48:52.0459 4560 Wecsvc - ok
20:48:52.0474 4560 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:48:52.0499 4560 wercplsupport - ok
20:48:52.0509 4560 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:48:52.0534 4560 WerSvc - ok
20:48:52.0564 4560 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:48:52.0584 4560 WfpLwf - ok
20:48:52.0599 4560 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:48:52.0604 4560 WIMMount - ok
20:48:52.0614 4560 WinDefend - ok
20:48:52.0619 4560 WinHttpAutoProxySvc - ok
20:48:52.0659 4560 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:48:52.0679 4560 Winmgmt - ok
20:48:52.0744 4560 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
20:48:52.0779 4560 WinRM - ok
20:48:52.0814 4560 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
20:48:52.0824 4560 WinUsb - ok
20:48:52.0854 4560 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:48:52.0884 4560 Wlansvc - ok
20:48:52.0904 4560 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:48:52.0909 4560 wlcrasvc - ok
20:48:52.0984 4560 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:48:53.0019 4560 wlidsvc - ok
20:48:53.0039 4560 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:48:53.0044 4560 WmiAcpi - ok
20:48:53.0069 4560 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:48:53.0089 4560 wmiApSrv - ok
20:48:53.0104 4560 WMPNetworkSvc - ok
20:48:53.0129 4560 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:48:53.0139 4560 WPCSvc - ok
20:48:53.0149 4560 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:48:53.0159 4560 WPDBusEnum - ok
20:48:53.0169 4560 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:48:53.0189 4560 ws2ifsl - ok
20:48:53.0194 4560 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:48:53.0209 4560 wscsvc - ok
20:48:53.0234 4560 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:48:53.0244 4560 WSDPrintDevice - ok
20:48:53.0249 4560 WSearch - ok
20:48:53.0314 4560 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:48:53.0354 4560 wuauserv - ok
20:48:53.0369 4560 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:48:53.0379 4560 WudfPf - ok
20:48:53.0404 4560 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:48:53.0414 4560 WUDFRd - ok
20:48:53.0434 4560 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:48:53.0444 4560 wudfsvc - ok
20:48:53.0464 4560 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:48:53.0484 4560 WwanSvc - ok
20:48:53.0494 4560 ================ Scan global ===============================
20:48:53.0514 4560 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:48:53.0534 4560 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:48:53.0544 4560 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:48:53.0569 4560 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:48:53.0584 4560 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:48:53.0584 4560 [Global] - ok
20:48:53.0589 4560 ================ Scan MBR ==================================
20:48:53.0604 4560 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:48:53.0834 4560 \Device\Harddisk0\DR0 - ok
20:48:53.0834 4560 ================ Scan VBR ==================================
20:48:53.0839 4560 [ ED691466F70D9DA8BFA00420019EC36F ] \Device\Harddisk0\DR0\Partition1
20:48:53.0839 4560 \Device\Harddisk0\DR0\Partition1 - ok
20:48:53.0874 4560 [ 96F0AEC983441C9CC1C327B5C9135CA8 ] \Device\Harddisk0\DR0\Partition2
20:48:53.0874 4560 \Device\Harddisk0\DR0\Partition2 - ok
20:48:53.0874 4560 ============================================================
20:48:53.0874 4560 Scan finished
20:48:53.0874 4560 ============================================================
20:48:53.0889 5880 Detected object count: 1
20:48:53.0889 5880 Actual detected object count: 1
20:48:57.0774 5880 dell_power_nap_service ( UnsignedFile.Multi.Generic ) - skipped by user
20:48:57.0774 5880 dell_power_nap_service ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von koaschten (19.01.2013 um 20:55 Uhr) |
|
20.01.2013, 20:41
| #8 | |
| /// Malware-holic | GVU Trojaner / PaySafeCard Erpressung hi, er wird ja auch als nicht signiert angezeigt, ist keine Malwaremeldung sondern nur ein Hinweis. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 18:55
| #9 |
| | GVU Trojaner / PaySafeCard Erpressung Hmmmmm Code:
ATTFilter Suche nach infizierten Dateien....
Dies dauert normalerweise nicht l„nger als 10 Minuten.
Die Scanzeit fr stark infizierte Rechner kann sich leicht verdoppeln.
Syntaxfehler.
Code:
ATTFilter ComboFix 13-01-21.04 - Arno 21.01.2013 19:06:15.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3998.2765 [GMT 1:00]
ausgeführt von:: c:\users\Arno\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-21 bis 2013-01-21 ))))))))))))))))))))))))))))))
.
.
2013-01-21 18:08 . 2013-01-21 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-20 05:49 . 2013-01-20 05:49 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C094738-E46D-4378-A837-0CD5BC75B16A}\offreg.dll
2013-01-20 05:48 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C094738-E46D-4378-A837-0CD5BC75B16A}\mpengine.dll
2013-01-19 12:57 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-18 19:46 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-18 19:37 . 2013-01-18 19:37 -------- d-----w- C:\_OTL
2013-01-18 17:55 . 2013-01-18 17:55 -------- d-----w- c:\users\Arno\AppData\Roaming\Malwarebytes
2013-01-18 17:55 . 2013-01-18 17:55 -------- d-----w- c:\programdata\Malwarebytes
2013-01-18 17:55 . 2013-01-18 17:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-18 17:55 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-18 17:55 . 2013-01-18 17:55 -------- d-----w- c:\users\Arno\AppData\Local\Programs
2012-12-24 17:12 . 2012-12-24 17:12 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-12-24 09:48 . 2012-12-24 09:57 -------- d-----w- c:\users\Arno\AppData\Roaming\vlc
2012-12-24 09:47 . 2012-12-24 09:47 -------- d-----w- c:\program files (x86)\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 02:04 . 2012-12-08 19:59 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 05:26 . 2012-11-20 15:29 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 05:26 . 2012-11-20 15:29 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-22 16:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 16:35 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 16:35 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 16:35 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-15 12:24 . 2012-12-15 12:24 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-15 12:24 . 2012-12-15 12:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-08 19:40 . 2010-06-24 11:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-12-08 19:26 . 2012-12-08 19:26 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7BE98B0-7E66-44D5-969D-3D2AFD8FC3D5}\gapaengine.dll
2012-11-30 04:45 . 2013-01-10 06:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-20 23:18 . 2012-11-20 23:18 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-11-20 23:18 . 2012-11-20 23:18 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-11-20 23:18 . 2012-11-20 23:18 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2012-11-20 23:18 . 2012-11-20 23:18 778752 ----a-w- c:\windows\system32\mssvp.dll
2012-11-20 23:18 . 2012-11-20 23:18 75264 ----a-w- c:\windows\system32\msscntrs.dll
2012-11-20 23:18 . 2012-11-20 23:18 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2012-11-20 23:18 . 2012-11-20 23:18 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2012-11-20 23:18 . 2012-11-20 23:18 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-11-20 23:18 . 2012-11-20 23:18 491520 ----a-w- c:\windows\system32\mssph.dll
2012-11-20 23:18 . 2012-11-20 23:18 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2012-11-20 23:18 . 2012-11-20 23:18 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2012-11-20 23:18 . 2012-11-20 23:18 288256 ----a-w- c:\windows\system32\mssphtb.dll
2012-11-20 23:18 . 2012-11-20 23:18 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-11-20 23:18 . 2012-11-20 23:18 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-11-20 23:18 . 2012-11-20 23:18 2223616 ----a-w- c:\windows\system32\mssrch.dll
2012-11-20 23:18 . 2012-11-20 23:18 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2012-11-20 23:18 . 2012-11-20 23:18 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2012-11-20 23:18 . 2012-11-20 23:18 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-11-20 23:18 . 2012-11-20 23:18 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2012-11-20 23:18 . 2012-11-20 23:18 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-11-20 23:18 . 2012-11-20 23:18 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-11-20 23:18 . 2012-11-20 23:18 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-11-20 23:18 . 2012-11-20 23:18 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-11-20 23:18 . 2012-11-20 23:18 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-11-20 23:18 . 2012-11-20 23:18 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-11-20 23:18 . 2012-11-20 23:18 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-11-20 23:18 . 2012-11-20 23:18 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-11-20 23:18 . 2012-11-20 23:18 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-11-20 23:18 . 2012-11-20 23:18 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-11-20 23:18 . 2012-11-20 23:18 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-11-20 23:18 . 2012-11-20 23:18 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-11-20 23:18 . 2012-11-20 23:18 59392 ----a-w- c:\windows\system32\browcli.dll
2012-11-20 23:18 . 2012-11-20 23:18 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-11-20 23:18 . 2012-11-20 23:18 136704 ----a-w- c:\windows\system32\browser.dll
2012-11-20 23:18 . 2012-11-20 23:18 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-11-20 23:18 . 2012-11-20 23:18 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-11-20 23:18 . 2012-11-20 23:18 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-11-20 23:18 . 2012-11-20 23:18 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-11-20 23:18 . 2012-11-20 23:18 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-11-20 23:18 . 2012-11-20 23:18 31232 ----a-w- c:\windows\system32\lsass.exe
2012-11-20 23:18 . 2012-11-20 23:18 29184 ----a-w- c:\windows\system32\sspisrv.dll
2012-11-20 23:18 . 2012-11-20 23:18 28160 ----a-w- c:\windows\system32\secur32.dll
2012-11-20 23:18 . 2012-11-20 23:18 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-11-20 23:18 . 2012-11-20 23:18 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-11-20 23:18 . 2012-11-20 23:18 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-11-20 23:18 . 2012-11-20 23:18 77312 ----a-w- c:\windows\system32\packager.dll
2012-11-20 23:18 . 2012-11-20 23:18 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-11-20 23:18 . 2012-11-20 23:18 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-11-20 23:18 . 2012-11-20 23:18 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-11-20 23:18 . 2012-11-20 23:18 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-11-20 23:18 . 2012-11-20 23:18 67072 ----a-w- c:\windows\splwow64.exe
2012-11-20 23:18 . 2012-11-20 23:18 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-11-20 23:18 . 2012-11-20 23:18 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-11-20 23:18 . 2012-11-20 23:18 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-11-20 23:18 . 2012-11-20 23:18 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-11-20 23:18 . 2012-11-20 23:18 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-11-20 23:18 . 2012-11-20 23:18 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-11-20 23:18 . 2012-11-20 23:18 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-11-20 23:18 . 2012-11-20 23:18 2871808 ----a-w- c:\windows\explorer.exe
2012-11-20 23:18 . 2012-11-20 23:18 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-11-20 23:18 . 2012-11-20 23:18 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-11-20 23:18 . 2012-11-20 23:18 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-11-20 23:18 . 2012-11-20 23:18 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-11-20 23:18 . 2012-11-20 23:18 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-11-20 23:18 . 2012-11-20 23:18 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-11-20 23:18 . 2012-11-20 23:18 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-11-20 23:18 . 2012-11-20 23:18 956928 ----a-w- c:\windows\system32\localspl.dll
2012-11-20 23:18 . 2012-11-20 23:18 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-11-20 23:18 . 2012-11-20 23:18 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-11-20 23:18 . 2012-11-20 23:18 3216384 ----a-w- c:\windows\system32\msi.dll
2012-11-20 23:18 . 2012-11-20 23:18 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-11-20 23:18 . 2012-11-20 23:18 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-11-20 23:18 . 2012-11-20 23:18 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-11-20 23:18 . 2012-11-20 23:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-11-20 23:18 . 2012-11-20 23:18 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-11-20 23:18 . 2012-11-20 23:18 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-11-20 23:18 . 2012-11-20 23:18 5120 ----a-w- c:\windows\system32\wmi.dll
2012-11-20 23:18 . 2012-11-20 23:18 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-11-20 23:18 . 2012-11-20 23:18 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-11-20 23:18 . 2012-11-20 23:18 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-11-20 23:18 . 2012-11-20 23:18 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-20 23:18 . 2012-11-20 23:18 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-11-20 23:18 . 2012-11-20 23:18 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-11-20 23:18 . 2012-11-20 23:18 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-20 23:18 . 2012-11-20 23:18 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-11-20 23:18 . 2012-11-20 23:18 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-11-20 23:18 . 2012-11-20 23:18 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-11-20 23:18 . 2012-11-20 23:18 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PowerNap.lnk - c:\windows\Installer\{2436940B-1C2C-4FB4-A703-0EE9B1350791}\_35E0567647C2420371B885.exe [2012-12-8 372526]
PowerNapWatcher.lnk - c:\windows\Installer\{2436940B-1C2C-4FB4-A703-0EE9B1350791}\_18B4EACA6AED157B14F49D.exe [2012-12-8 10134]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se64a.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 se64a;EnTech softEngine;c:\windows\system32\Drivers\se64a.sys [2007-05-03 14032]
S2 dell_power_nap_service;Dell Power Nap Service;c:\program files (x86)\Dell\PowerNap\PowerNap.Service.exe [2011-02-28 11776]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2009-11-09 126520]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-29 161560]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 softOSD;softOSD;c:\program files (x86)\softOSD\softOSD.exe [2010-12-18 291384]
S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
S3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [2009-08-31 120064]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2012-09-25 20480]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 25014652
*NewlyCreated* - 51079703
*NewlyCreated* - 77936351
*Deregistered* - 25014652
*Deregistered* - 51079703
*Deregistered* - 77936351
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-20 05:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-12-15 564352]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-06-24 310912]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-22 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-22 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-22 441888]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www1.hi-tier.de/HitCom/login.asp
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-21 19:09:37
ComboFix-quarantined-files.txt 2013-01-21 18:09
.
Vor Suchlauf: 17 Verzeichnis(se), 447.104.049.152 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 446.611.681.280 Bytes frei
.
- - End Of File - - 34592292731B4D0F96647E1CDC05FC92
Geändert von koaschten (21.01.2013 um 19:38 Uhr) |
|
21.01.2013, 20:40
| #10 |
| /// Malware-holic | GVU Trojaner / PaySafeCard Erpressung hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.01.2013, 19:56
| #11 |
| | GVU Trojaner / PaySafeCard Erpressung Jede Software in der Liste ist bekannt und benötigt, der PC ist neu und erst im Dezember aufgesetzt worden. Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 Adobe Reader XI (11.0.01) - Deutsch Adobe Systems Incorporated 11.01.2013 132MB 11.0.01 Brother MFL-Pro Suite MFC-7840W Brother Industries, Ltd. 16.12.2012 1.0.1.0 CCleaner Piriform 19.12.2012 3.26 Conexant Audio Filter Agent Conexant Systems 20.11.2012 1.7.36.0 Conexant HD Audio Conexant 20.11.2012 8.50.5.51 Conexant SmartAudio Conexant Systems 20.11.2012 6.0.109.0 Dell Backup and Recovery Manager Dell Inc. 20.11.2012 1.3.1 Dell Client System Update Dell Inc. 20.11.2012 26,8MB 1.2.3 Gemalto SmartDiag v2.3 Gemalto 08.12.2012 2.3.0.0 HP LaserJet Professional P1100-P1560-P1600 Series 16.12.2012 Intel(R) Management Engine Components Intel Corporation 21.11.2012 8.0.3.1427 Intel(R) Processor Graphics Intel Corporation 24.12.2012 9.17.10.2875 Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel Corporation 24.12.2012 2.0.0.37149 Intel® Trusted Connect Service Client Intel Corporation 20.11.2012 10,6MB 1.23.605.1 Java 7 Update 11 Oracle 15.12.2012 128MB 7.0.110 LibreOffice 3.6 The Document Foundation 19.12.2012 378MB 3.6.4.3 Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 18.01.2013 18,4MB 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.02.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 11.02.2011 51,9MB 4.0.30319 Microsoft Security Essentials Microsoft Corporation 08.12.2012 4.1.522.0 Microsoft Silverlight Microsoft Corporation 08.12.2012 40,3MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 20.11.2012 1,69MB 3.1.0000 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 19.12.2012 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.12.2012 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 20.11.2012 13,8MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 20.11.2012 11,1MB 10.0.40219 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16.12.2012 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 16.12.2012 1,33MB 4.20.9876.0 PowerNap Dell 08.12.2012 7,80MB 1.3.1 Realtek Ethernet Controller All-In-One Windows Driver Realtek 20.11.2012 1.12.0019 RiBe 18.12.2012 softOSD Client (Build 1445) 08.12.2012 StarMoney 7.0 S-Edition Star Finanz GmbH 15.12.2012 7.0 System Requirements Lab for Intel Husdawg, LLC 24.12.2012 1,02MB 4.5.11.0 TeamViewer 8 TeamViewer 24.12.2012 8.0.16642 VLC media player 2.0.5 VideoLAN 24.12.2012 2.0.5 Windows Live Essentials Microsoft Corporation 20.11.2012 15.4.3508.1109 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 20.11.2012 5,57MB 15.4.5722.2 |
|
22.01.2013, 19:58
| #12 |
| /// Malware-holic | GVU Trojaner / PaySafeCard Erpressung 46.166.169.103/paneldeinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: StarMoney warum kein starmoney 8? bitte upgrad einspielen. TeamViewer : würde ich nur bei Bedarf instaliren. Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.01.2013, 17:40
| #13 |
| | GVU Trojaner / PaySafeCard Erpressung Adobe Produkte deinstalliert, neu installiert und konfiguriert. Teamviewer ist drauf weil ich nicht jedes mal 50km zu dem PC fahren will  CCleaner ausgeführt und neugestartet AdwCleaner liefert folgenden output: Code:
ATTFilter # AdwCleaner v2.108 - Datei am 26/01/2013 um 17:38:40 erstellt
# Aktualisiert am 24/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Arno - ARNO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [552 octets] - [26/01/2013 17:38:40]
########## EOF - C:\AdwCleaner[R1].txt - [611 octets] ##########
|
|
28.01.2013, 16:17
| #14 |
| /// Malware-holic | GVU Trojaner / PaySafeCard Erpressung dann kann man teamviewer ja neu instalieren, wenn nötig, aber es bringt auch nicht veraltete fernsoftware aktiv auf einem PC laufen zu lassen. Gibts noch Probleme mit dem Gerät?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.01.2013, 18:56
| #15 | |
| | GVU Trojaner / PaySafeCard ErpressungZitat:
und laut update check ist es noch immer die neuste version Nein, keine Probleme mehr, zumindest was ich feststellen kann.  |
|
| Themen zu GVU Trojaner / PaySafeCard Erpressung |
| 100€ paysafecard, abgesicherte, abgesicherten, abgesicherten modus, bild, eingefangen, erpressung, gefangen, geklappt, gen, gvu trojaner, modus, paysafecard, probiert, reboot, strg, troja, trojaner, vater |
Linear-Darstellung
