GUV Trojaner / Auswertung OTL logfiles

Steve123 · 04.02.2013, 13:08

Hallo Trojaner-board team,

wie viele Andere hier habe ich mir letzte Woche auch den GUV Trojaner eingefangen. Wie im Forum vorgeschlagen habe ich mir OTL über eine Rescue Disc auf den infizierten Rechner geladen und den Scan wie beschrieben laufen lassen.

Hier der Inhalt der OTL.txt datei (eine extra.txt konnte ich auf c: leider nicht finden).

Code:

ATTFilter

OTL logfile created on: 2/4/2013 12:17:57 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 359.62 Gb Total Space | 224.36 Gb Free Space | 62.39% Space Free | Partition Type: NTFS
Drive D: | 3.80 Gb Total Space | 3.80 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/01/31 06:11:06 | 002,561,488 | ---- | M] () [Auto] -- C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
SRV - [2013/01/28 14:34:15 | 000,184,832 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Users\Nora\wgsdgsdgdsgsd.exe -- (Winmgmt)
SRV - [2012/12/13 11:31:24 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/13 11:30:34 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/10/02 06:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 07:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2010/03/18 04:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/25 07:40:16 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/21 22:33:20 | 000,303,104 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/11/05 12:32:28 | 000,203,624 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/10/21 04:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 04:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 04:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/10/17 12:16:54 | 000,415,584 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/10/17 05:28:57 | 000,102,400 | ---- | M] (Realtek Semiconductor) [Auto] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/10/01 12:18:48 | 000,369,952 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/09/19 04:06:22 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/09/18 04:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/11 13:28:26 | 000,446,464 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/09/08 03:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 03:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 03:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/08/20 10:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 10:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/07/09 08:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) [Auto] -- C:\Program Files\Common Files\AccSys\accvssvc.exe -- (accvssvc)
SRV - [2008/05/19 19:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/19 19:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/19 19:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/10 18:45:04 | 000,124,832 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/01/04 13:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/12/13 11:31:36 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/13 11:31:35 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/12/05 10:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2012/11/13 11:54:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 08:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/23 19:06:27 | 000,150,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/10/22 19:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/22 19:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/09/29 19:04:57 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/24 19:44:13 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/28 17:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/08/22 10:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/08/21 19:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/06/06 19:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/24 08:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/24 21:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/05 08:37:14 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/04/17 14:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto] -- C:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Nora_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tl=gbn193047&tt=4412_4&babsrc=HP_clro&mntrId=e6af4b2500000000000000215df0a852
IE - HKU\Nora_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKU\Nora_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\Nora_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Nora_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Nora_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Nora_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nora_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.3.48.6: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nora\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nora\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nora\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/01 08:10:10 | 000,000,000 | ---D | M]
 
[2012/10/30 13:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nora\AppData\Roaming\Mozilla\Extensions
[2012/10/30 13:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nora\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2012/10/30 12:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Program Files\Savings Sidekick\Savings Sidekick.dll (215 Apps)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKU\Nora_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Nora_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CitrixReceiver]  File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Nora_ON_C..\Run: [Facebook Update] C:\Users\Nora\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Nora_ON_C..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\Nora_ON_C..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\Nora_ON_C..\Run: [pasui]  File not found
O4 - HKU\Nora_ON_C..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - Startup: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O7 - HKU\Nora_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://xs1.nibc.com/CitrixSessionInit/ICAWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261123~1.78\{61d8b~1\browse~1.dll) - C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{cb101934-ce32-11df-81c2-001dbaadb8ff}\Shell - "" = AutoRun
O33 - MountPoints2\{cb101934-ce32-11df-81c2-001dbaadb8ff}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/23 12:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Citrix
[2013/01/23 12:51:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/20 17:39:45 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/20 17:39:43 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/20 17:39:41 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Users\Nora\AppData\Roaming\*.tmp files -> C:\Users\Nora\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/04 04:28:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/02 06:06:37 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013/02/02 05:46:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 05:46:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 04:55:49 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/02/02 04:55:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013/01/28 14:34:19 | 000,002,864 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/28 14:34:19 | 000,000,882 | ---- | M] () -- C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/28 13:54:12 | 000,002,631 | ---- | M] () -- C:\Users\Nora\Desktop\Microsoft Office Word 2007.lnk
[2013/01/28 12:39:24 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/23 12:55:06 | 000,001,193 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2013/01/23 12:50:43 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/21 07:16:11 | 000,367,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/20 21:20:10 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/20 21:20:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/20 21:20:10 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/20 21:20:10 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/20 17:13:42 | 000,002,037 | ---- | M] () -- C:\Users\Nora\Desktop\Google Chrome.lnk
[2013/01/20 16:59:53 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Nora.job
[2013/01/20 16:59:53 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Nora.job
[2013/01/20 16:59:53 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Nora.job
[1 C:\Users\Nora\AppData\Roaming\*.tmp files -> C:\Users\Nora\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/28 14:34:19 | 000,002,864 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/28 14:34:19 | 000,000,882 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/28 14:34:16 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/23 12:55:06 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2012/09/07 07:31:26 | 000,000,112 | ---- | C] () -- C:\ProgramData\58w3N8B42.dat
[2012/09/07 07:31:12 | 000,000,001 | ---- | C] () -- C:\ProgramData\LMUB1fPE.exe_.b
[2012/09/07 07:31:12 | 000,000,001 | ---- | C] () -- C:\ProgramData\LMUB1fPE.exe.b
[2012/09/01 10:12:48 | 000,000,051 | ---- | C] () -- C:\ProgramData\buzrwxbjfhfycaf
[2012/05/18 14:49:25 | 000,000,016 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\blckdom.res
[2012/04/12 13:19:37 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2012/04/10 13:06:01 | 000,025,773 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\UserTile.png
[2011/11/27 05:20:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/21 12:44:28 | 000,000,005 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\openList.awt
[2010/05/21 12:44:28 | 000,000,005 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\closedList.awt
[2010/05/13 15:27:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/13 15:27:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/01 07:48:20 | 000,011,776 | ---- | C] () -- C:\Users\Nora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 14:06:26 | 000,002,032 | ---- | C] () -- C:\Users\Nora\AppData\Local\d3d9caps.dat
[2008/12/08 08:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/12/08 08:07:41 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008/12/08 07:27:48 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/11/25 13:42:47 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/11/25 13:42:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/11/25 13:42:47 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/11/25 13:42:47 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/11/25 13:42:46 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/11/25 13:42:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/11/25 05:35:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/11/25 05:10:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/25 05:05:53 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/09/19 07:14:16 | 000,024,056 | ---- | C] () -- C:\Windows\System32\providers.bin
[2008/08/08 12:14:10 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/08 12:10:34 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/21 02:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 02:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,367,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011/05/24 06:24:05 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Amazon
[2012/10/30 12:54:38 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Babylon
[2012/07/01 14:35:14 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Bepyil
[2011/09/18 12:25:44 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Citrix
[2011/12/18 14:08:21 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\DVDVideoSoft
[2012/10/30 13:19:08 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Greyfirst
[2011/09/18 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\ICAClient
[2012/05/25 17:55:10 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Inqeby
[2011/01/15 16:47:13 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\InterVideo
[2012/05/18 14:49:28 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Kefef
[2012/05/18 14:49:11 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\kock
[2012/11/02 10:54:31 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Luvi
[2011/09/18 12:25:43 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Netscape
[2012/04/10 13:06:01 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\PeerNetworking
[2010/10/10 12:23:58 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Sony
[2012/05/18 14:48:37 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\TeamViewer
[2012/05/19 03:14:28 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\UAs
[2012/07/07 10:53:08 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Uchau
[2012/05/19 03:14:42 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\xmldm
[2012/07/05 13:15:55 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Ytub
[2012/07/23 13:55:38 | 000,000,000 | ---D | M] -- C:\ProgramData\036DFF85000932A002C8B1902F3B707C
[2012/04/12 13:19:26 | 000,000,000 | ---D | M] -- C:\ProgramData\AccSys
[2010/04/27 14:02:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/07/09 12:59:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest Bluetooth SDK
[2012/09/01 10:12:53 | 000,000,000 | ---D | M] -- C:\ProgramData\aytwtgjwbsctxrn
[2012/10/30 12:54:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2013/02/02 05:05:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager
[2013/01/23 12:55:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Citrix
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/04/27 14:02:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/04/27 14:02:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/10/30 12:54:37 | 000,000,000 | ---D | M] -- C:\ProgramData\IBUpdaterService
[2011/01/15 16:48:04 | 000,000,000 | ---D | M] -- C:\ProgramData\InterVideo
[2008/12/08 08:17:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2012/07/08 05:20:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/04/27 14:02:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/12/08 08:06:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2010/04/27 14:02:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/05/18 14:51:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Windows
[2012/06/05 11:21:59 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/09/17 16:12:33 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/11/07 12:18:01 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256999809-2769954180-380837127-1000Core.job
[2012/11/07 15:18:05 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256999809-2769954180-380837127-1000UA.job
[2013/01/20 16:59:53 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_Nora.job
[2013/01/20 16:59:53 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\ReclaimerUpdateXML_Nora.job
[2013/01/20 16:59:53 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Nora.job
[2013/01/28 12:39:29 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

Vielen Dank schonmal für eure Hilfe!!!
Gruß,
Steve

markusg · 04.02.2013, 13:47

hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - Startup: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
[2013/02/02 06:06:37 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/28 14:34:19 | 000,002,864 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/28 14:34:19 | 000,000,882 | ---- | M] () -- C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
:Files
C:\Users\Nora\wgsdgsdgdsgsd.exe
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

Steve123 · 04.02.2013, 14:05

Das hat schonmal super geklappt. Vielen Dank dafür! Allerdings hat sich die otl.txt nicht automatisch geöffnet. Wie kann ich sie alternativ finden / öffnen?

markusg · 04.02.2013, 14:17

hi
solange der Pc läuft, passt das.
Laden und ausführen:
http://download.bleepingcomputer.com...ta/Winmgmt.reg
Nachfrage bestätigen, neustarten.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

Steve123 · 04.02.2013, 14:31

Alles gemacht! Hier das log-file von TDSS:

Code:

ATTFilter

14:28:26.0405 5716  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:28:26.0590 5716  ============================================================
14:28:26.0590 5716  Current date / time: 2013/02/04 14:28:26.0590
14:28:26.0590 5716  SystemInfo:
14:28:26.0590 5716  
14:28:26.0590 5716  OS Version: 6.0.6002 ServicePack: 2.0
14:28:26.0590 5716  Product type: Workstation
14:28:26.0590 5716  ComputerName: NORA-PC
14:28:26.0591 5716  UserName: Nora
14:28:26.0591 5716  Windows directory: C:\Windows
14:28:26.0591 5716  System windows directory: C:\Windows
14:28:26.0591 5716  Processor architecture: Intel x86
14:28:26.0591 5716  Number of processors: 2
14:28:26.0591 5716  Page size: 0x1000
14:28:26.0591 5716  Boot type: Normal boot
14:28:26.0591 5716  ============================================================
14:28:27.0434 5716  Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:28:27.0439 5716  ============================================================
14:28:27.0439 5716  \Device\Harddisk0\DR0:
14:28:27.0440 5716  MBR partitions:
14:28:27.0440 5716  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x19FB800, BlocksNum 0x2CF3D0B0
14:28:27.0440 5716  ============================================================
14:28:27.0484 5716  C: <-> \Device\Harddisk0\DR0\Partition1
14:28:27.0484 5716  ============================================================
14:28:27.0484 5716  Initialize success
14:28:27.0484 5716  ============================================================
14:28:52.0947 2928  ============================================================
14:28:52.0947 2928  Scan started
14:28:52.0947 2928  Mode: Manual; SigCheck; TDLFS; 
14:28:52.0947 2928  ============================================================
14:28:54.0636 2928  ================ Scan system memory ========================
14:28:54.0637 2928  System memory - ok
14:28:54.0637 2928  ================ Scan services =============================
14:28:54.0981 2928  [ 12582C7AB2F3B80E08B33A43EF602DA3 ] accvssvc        C:\Program Files\Common Files\AccSys\AccVSSvc.exe
14:28:55.0248 2928  accvssvc ( UnsignedFile.Multi.Generic ) - warning
14:28:55.0248 2928  accvssvc - detected UnsignedFile.Multi.Generic (1)
14:28:55.0336 2928  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:28:55.0751 2928  ACDaemon - ok
14:28:55.0946 2928  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:28:55.0988 2928  ACPI - ok
14:28:56.0093 2928  [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
14:28:56.0130 2928  AdobeActiveFileMonitor6.0 - ok
14:28:56.0242 2928  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:28:56.0276 2928  AdobeFlashPlayerUpdateSvc - ok
14:28:56.0367 2928  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:28:56.0428 2928  adp94xx - ok
14:28:56.0467 2928  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:28:56.0515 2928  adpahci - ok
14:28:56.0542 2928  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:28:56.0586 2928  adpu160m - ok
14:28:56.0623 2928  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:28:56.0655 2928  adpu320 - ok
14:28:56.0737 2928  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:28:56.0844 2928  AeLookupSvc - ok
14:28:56.0917 2928  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
14:28:57.0033 2928  AFD - ok
14:28:57.0079 2928  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:28:57.0109 2928  agp440 - ok
14:28:57.0150 2928  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
14:28:57.0179 2928  aic78xx - ok
14:28:57.0226 2928  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
14:28:57.0389 2928  ALG - ok
14:28:57.0418 2928  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:28:57.0454 2928  aliide - ok
14:28:57.0527 2928  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:28:57.0566 2928  amdagp - ok
14:28:57.0613 2928  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:28:57.0648 2928  amdide - ok
14:28:57.0680 2928  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
14:28:57.0753 2928  AmdK7 - ok
14:28:57.0808 2928  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:28:57.0878 2928  AmdK8 - ok
14:28:58.0138 2928  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:28:58.0175 2928  AntiVirSchedulerService - ok
14:28:58.0245 2928  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:28:58.0281 2928  AntiVirService - ok
14:28:58.0338 2928  [ 9325E49D555D8F12CE1735227DBB3D80 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
14:28:58.0375 2928  ApfiltrService - ok
14:28:58.0440 2928  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
14:28:58.0527 2928  Appinfo - ok
14:28:58.0627 2928  [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:28:58.0661 2928  Apple Mobile Device - ok
14:28:58.0744 2928  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
14:28:58.0784 2928  arc - ok
14:28:58.0823 2928  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:28:58.0863 2928  arcsas - ok
14:28:58.0913 2928  [ 857B48965A0503B7AB795D4BFE7CBD8B ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
14:28:58.0942 2928  ArcSoftKsUFilter - ok
14:28:58.0987 2928  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:28:59.0071 2928  AsyncMac - ok
14:28:59.0138 2928  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:28:59.0172 2928  atapi - ok
14:28:59.0279 2928  [ 6455100A6CDB1DEDC551E12FD41BC519 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
14:28:59.0400 2928  Ati External Event Utility - ok
14:28:59.0694 2928  [ 9F66D1BA97911731133E46212539A08D ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:29:00.0050 2928  atikmdag - ok
14:29:00.0126 2928  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:29:00.0225 2928  AudioEndpointBuilder - ok
14:29:00.0235 2928  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:29:00.0282 2928  Audiosrv - ok
14:29:00.0336 2928  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:29:00.0372 2928  avgntflt - ok
14:29:00.0430 2928  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:29:00.0471 2928  avipbb - ok
14:29:00.0546 2928  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:29:00.0581 2928  avkmgr - ok
14:29:00.0661 2928  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:29:00.0781 2928  Beep - ok
14:29:00.0867 2928  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
14:29:00.0916 2928  BFE - ok
14:29:01.0046 2928  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
14:29:01.0145 2928  BITS - ok
14:29:01.0200 2928  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:29:01.0306 2928  blbdrive - ok
14:29:01.0442 2928  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:29:01.0489 2928  Bonjour Service - ok
14:29:01.0540 2928  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:29:01.0640 2928  bowser - ok
14:29:01.0711 2928  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:29:01.0789 2928  BrFiltLo - ok
14:29:01.0843 2928  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:29:01.0948 2928  BrFiltUp - ok
14:29:01.0977 2928  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
14:29:02.0040 2928  Browser - ok
14:29:02.0314 2928  [ B98EF68B1E3DC5AC79A432900947EA2D ] Browser Manager C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
14:29:02.0438 2928  Browser Manager - ok
14:29:02.0495 2928  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
14:29:02.0755 2928  Brserid - ok
14:29:02.0809 2928  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:29:02.0923 2928  BrSerWdm - ok
14:29:02.0958 2928  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:29:03.0065 2928  BrUsbMdm - ok
14:29:03.0112 2928  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:29:03.0196 2928  BrUsbSer - ok
14:29:03.0284 2928  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
14:29:03.0352 2928  BthEnum - ok
14:29:03.0388 2928  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:29:03.0489 2928  BTHMODEM - ok
14:29:03.0518 2928  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:29:03.0599 2928  BthPan - ok
14:29:03.0689 2928  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
14:29:03.0814 2928  BTHPORT - ok
14:29:03.0866 2928  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
14:29:03.0946 2928  BthServ - ok
14:29:04.0007 2928  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:29:04.0042 2928  BTHUSB - ok
14:29:04.0117 2928  [ 14164C0CFD9D5A2704FDAB93A9688630 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:29:04.0155 2928  btwaudio - ok
14:29:04.0206 2928  [ 94DC6E5F3F532C5054F078D845714129 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
14:29:04.0241 2928  btwavdt - ok
14:29:04.0351 2928  [ C832A3622A35CA7C595EA8CA385BA813 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
14:29:04.0436 2928  btwdins - ok
14:29:04.0497 2928  [ B9920FB30BCAFF10C111654909B275C9 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
14:29:04.0527 2928  btwl2cap - ok
14:29:04.0563 2928  [ 61E29BA977B972C9BAA847CC11D48C3D ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:29:04.0593 2928  btwrchid - ok
14:29:04.0648 2928  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:29:04.0739 2928  cdfs - ok
14:29:04.0798 2928  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:29:04.0865 2928  cdrom - ok
14:29:04.0912 2928  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:29:04.0972 2928  CertPropSvc - ok
14:29:05.0041 2928  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
14:29:05.0126 2928  circlass - ok
14:29:05.0238 2928  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
14:29:05.0312 2928  CLFS - ok
14:29:05.0425 2928  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:29:05.0462 2928  clr_optimization_v2.0.50727_32 - ok
14:29:05.0546 2928  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:29:05.0614 2928  clr_optimization_v4.0.30319_32 - ok
14:29:05.0657 2928  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:29:05.0731 2928  CmBatt - ok
14:29:05.0781 2928  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:29:05.0820 2928  cmdide - ok
14:29:05.0845 2928  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:29:05.0874 2928  Compbatt - ok
14:29:05.0883 2928  COMSysApp - ok
14:29:06.0006 2928  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:29:06.0029 2928  crcdisk - ok
14:29:06.0054 2928  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
14:29:06.0163 2928  Crusoe - ok
14:29:06.0228 2928  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:29:06.0309 2928  CryptSvc - ok
14:29:06.0364 2928  [ ECDB9665937F737A7AB26390A6C68573 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
14:29:06.0402 2928  ctxusbm - ok
14:29:06.0498 2928  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:29:06.0630 2928  DcomLaunch - ok
14:29:06.0686 2928  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:29:06.0758 2928  DfsC - ok
14:29:06.0876 2928  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
14:29:07.0045 2928  DFSR - ok
14:29:07.0104 2928  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:29:07.0190 2928  Dhcp - ok
14:29:07.0219 2928  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
14:29:07.0261 2928  disk - ok
14:29:07.0337 2928  [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall         C:\Windows\system32\DRIVERS\DMICall.sys
14:29:07.0365 2928  DMICall - ok
14:29:07.0457 2928  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:29:07.0531 2928  Dnscache - ok
14:29:07.0616 2928  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:29:07.0696 2928  dot3svc - ok
14:29:07.0729 2928  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
14:29:07.0781 2928  DPS - ok
14:29:07.0836 2928  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:29:07.0913 2928  drmkaud - ok
14:29:07.0985 2928  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:29:08.0039 2928  DXGKrnl - ok
14:29:08.0090 2928  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
14:29:08.0193 2928  E1G60 - ok
14:29:08.0267 2928  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
14:29:08.0324 2928  EapHost - ok
14:29:08.0372 2928  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:29:08.0421 2928  Ecache - ok
14:29:08.0504 2928  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:29:08.0620 2928  ehRecvr - ok
14:29:08.0654 2928  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
14:29:08.0749 2928  ehSched - ok
14:29:08.0790 2928  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
14:29:08.0854 2928  ehstart - ok
14:29:08.0915 2928  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:29:08.0968 2928  elxstor - ok
14:29:09.0043 2928  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
14:29:09.0155 2928  EMDMgmt - ok
14:29:09.0184 2928  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:29:09.0248 2928  ErrDev - ok
14:29:09.0313 2928  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
14:29:09.0388 2928  EventSystem - ok
14:29:09.0489 2928  [ BA6063E3375F9BC11A9C8450A7F61E70 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:29:09.0619 2928  EvtEng ( UnsignedFile.Multi.Generic ) - warning
14:29:09.0619 2928  EvtEng - detected UnsignedFile.Multi.Generic (1)
14:29:09.0672 2928  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
14:29:09.0790 2928  exfat - ok
14:29:09.0947 2928  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:29:10.0030 2928  fastfat - ok
14:29:10.0069 2928  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:29:10.0136 2928  fdc - ok
14:29:10.0187 2928  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:29:10.0242 2928  fdPHost - ok
14:29:10.0249 2928  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:29:10.0378 2928  FDResPub - ok
14:29:10.0432 2928  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:29:10.0469 2928  FileInfo - ok
14:29:10.0500 2928  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:29:10.0570 2928  Filetrace - ok
14:29:10.0686 2928  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:29:10.0776 2928  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:29:10.0776 2928  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:29:10.0796 2928  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:29:10.0866 2928  flpydisk - ok
14:29:10.0972 2928  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:29:11.0024 2928  FltMgr - ok
14:29:11.0202 2928  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
14:29:11.0288 2928  FontCache - ok
14:29:11.0353 2928  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:29:11.0387 2928  FontCache3.0.0.0 - ok
14:29:11.0449 2928  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:29:11.0539 2928  Fs_Rec - ok
14:29:11.0574 2928  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:29:11.0613 2928  gagp30kx - ok
14:29:11.0683 2928  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:29:11.0713 2928  GEARAspiWDM - ok
14:29:11.0841 2928  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
14:29:11.0871 2928  GoogleDesktopManager-051210-111108 - ok
14:29:11.0923 2928  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:29:12.0069 2928  gpsvc - ok
14:29:12.0165 2928  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:29:12.0190 2928  gupdate - ok
14:29:12.0197 2928  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:29:12.0221 2928  gupdatem - ok
14:29:12.0302 2928  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:29:12.0327 2928  gusvc - ok
14:29:12.0400 2928  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:29:12.0538 2928  HdAudAddService - ok
14:29:12.0687 2928  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:29:12.0785 2928  HDAudBus - ok
14:29:12.0824 2928  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:29:12.0942 2928  HidBth - ok
14:29:12.0974 2928  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:29:13.0074 2928  HidIr - ok
14:29:13.0130 2928  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
14:29:13.0194 2928  hidserv - ok
14:29:13.0230 2928  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:29:13.0302 2928  HidUsb - ok
14:29:13.0365 2928  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:29:13.0454 2928  hkmsvc - ok
14:29:13.0503 2928  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
14:29:13.0540 2928  HpCISSs - ok
14:29:13.0689 2928  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:29:13.0781 2928  HSFHWAZL - ok
14:29:13.0884 2928  [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:29:14.0115 2928  HSF_DPV - ok
14:29:14.0173 2928  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:29:14.0202 2928  HSXHWAZL - ok
14:29:14.0266 2928  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:29:14.0403 2928  HTTP - ok
14:29:14.0454 2928  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
14:29:14.0489 2928  i2omp - ok
14:29:14.0558 2928  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:29:14.0624 2928  i8042prt - ok
14:29:14.0669 2928  [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:29:14.0705 2928  iaStor - ok
14:29:14.0860 2928  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
14:29:14.0930 2928  iaStorV - ok
14:29:15.0065 2928  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:29:15.0206 2928  idsvc - ok
14:29:15.0273 2928  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:29:15.0303 2928  iirsp - ok
14:29:15.0381 2928  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:29:15.0472 2928  IKEEXT - ok
14:29:15.0629 2928  [ 4A0F260DF9A5333C07F4AB40CA9D4F4B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:29:15.0748 2928  IntcAzAudAddService - ok
14:29:15.0811 2928  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:29:15.0842 2928  intelide - ok
14:29:15.0899 2928  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:29:15.0955 2928  intelppm - ok
14:29:15.0998 2928  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:29:16.0116 2928  IPBusEnum - ok
14:29:16.0171 2928  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:29:16.0217 2928  IpFilterDriver - ok
14:29:16.0246 2928  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:29:16.0320 2928  iphlpsvc - ok
14:29:16.0325 2928  IpInIp - ok
14:29:16.0366 2928  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
14:29:16.0428 2928  IPMIDRV - ok
14:29:16.0457 2928  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
14:29:16.0508 2928  IPNAT - ok
14:29:16.0625 2928  [ 33642C17C232AA272C68E446A2619899 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:29:16.0767 2928  iPod Service - ok
14:29:16.0867 2928  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:29:16.0920 2928  IRENUM - ok
14:29:16.0969 2928  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:29:17.0008 2928  isapnp - ok
14:29:17.0085 2928  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:29:17.0118 2928  iScsiPrt - ok
14:29:17.0145 2928  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:29:17.0179 2928  iteatapi - ok
14:29:17.0243 2928  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
14:29:17.0278 2928  iteraid - ok
14:29:17.0321 2928  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:29:17.0357 2928  IviRegMgr - ok
14:29:17.0388 2928  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:29:17.0423 2928  kbdclass - ok
14:29:17.0450 2928  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:29:17.0521 2928  kbdhid - ok
14:29:17.0572 2928  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
14:29:17.0656 2928  KeyIso - ok
14:29:17.0693 2928  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:29:17.0754 2928  KSecDD - ok
14:29:17.0872 2928  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:29:17.0990 2928  KtmRm - ok
14:29:18.0048 2928  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:29:18.0105 2928  LanmanServer - ok
14:29:18.0204 2928  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:29:18.0293 2928  LanmanWorkstation - ok
14:29:18.0322 2928  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:29:18.0423 2928  lltdio - ok
14:29:18.0483 2928  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:29:18.0563 2928  lltdsvc - ok
14:29:18.0615 2928  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:29:18.0705 2928  lmhosts - ok
14:29:18.0794 2928  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:29:18.0840 2928  LSI_FC - ok
14:29:18.0883 2928  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:29:18.0929 2928  LSI_SAS - ok
14:29:19.0007 2928  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:29:19.0052 2928  LSI_SCSI - ok
14:29:19.0091 2928  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
14:29:19.0164 2928  luafv - ok
14:29:19.0194 2928  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:29:19.0254 2928  Mcx2Svc - ok
14:29:19.0321 2928  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:29:19.0345 2928  mdmxsdk - ok
14:29:19.0419 2928  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:29:19.0451 2928  megasas - ok
14:29:19.0516 2928  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
14:29:19.0597 2928  MegaSR - ok
14:29:19.0639 2928  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
14:29:19.0726 2928  MMCSS - ok
14:29:19.0757 2928  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
14:29:19.0807 2928  Modem - ok
14:29:19.0855 2928  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:29:19.0894 2928  monitor - ok
14:29:19.0930 2928  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:29:19.0953 2928  mouclass - ok
14:29:19.0968 2928  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:29:20.0039 2928  mouhid - ok
14:29:20.0060 2928  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:29:20.0091 2928  MountMgr - ok
14:29:20.0152 2928  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:29:20.0190 2928  mpio - ok
14:29:20.0265 2928  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:29:20.0349 2928  mpsdrv - ok
14:29:20.0420 2928  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:29:20.0513 2928  MpsSvc - ok
14:29:20.0581 2928  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:29:20.0610 2928  Mraid35x - ok
14:29:20.0680 2928  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:29:20.0763 2928  MRxDAV - ok
14:29:20.0809 2928  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:29:20.0863 2928  mrxsmb - ok
14:29:20.0906 2928  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:29:20.0981 2928  mrxsmb10 - ok
14:29:21.0008 2928  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:29:21.0088 2928  mrxsmb20 - ok
14:29:21.0142 2928  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
14:29:21.0170 2928  msahci - ok
14:29:21.0268 2928  [ A99D2C7E30AD63EF920A894131CAF5F7 ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
14:29:21.0287 2928  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
14:29:21.0287 2928  MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
14:29:21.0321 2928  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:29:21.0353 2928  msdsm - ok
14:29:21.0396 2928  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
14:29:21.0488 2928  MSDTC - ok
14:29:21.0540 2928  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:29:21.0613 2928  Msfs - ok
14:29:21.0656 2928  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:29:21.0693 2928  msisadrv - ok
14:29:21.0868 2928  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:29:21.0973 2928  MSiSCSI - ok
14:29:21.0980 2928  msiserver - ok
14:29:22.0038 2928  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:29:22.0106 2928  MSKSSRV - ok
14:29:22.0134 2928  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:29:22.0195 2928  MSPCLOCK - ok
14:29:22.0237 2928  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:29:22.0292 2928  MSPQM - ok
14:29:22.0426 2928  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:29:22.0467 2928  MsRPC - ok
14:29:22.0524 2928  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:29:22.0550 2928  mssmbios - ok
14:29:22.0588 2928  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:29:22.0624 2928  MSTEE - ok
14:29:22.0684 2928  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
14:29:22.0704 2928  Mup - ok
14:29:22.0778 2928  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
14:29:22.0847 2928  napagent - ok
14:29:22.0930 2928  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:29:22.0967 2928  NativeWifiP - ok
14:29:23.0143 2928  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:29:23.0233 2928  NDIS - ok
14:29:23.0265 2928  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:29:23.0339 2928  NdisTapi - ok
14:29:23.0381 2928  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:29:23.0423 2928  Ndisuio - ok
14:29:23.0455 2928  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:29:23.0498 2928  NdisWan - ok
14:29:23.0539 2928  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:29:23.0579 2928  NDProxy - ok
14:29:23.0622 2928  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:29:23.0698 2928  NetBIOS - ok
14:29:23.0735 2928  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
14:29:23.0815 2928  netbt - ok
14:29:23.0861 2928  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
14:29:23.0892 2928  Netlogon - ok
14:29:23.0996 2928  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
14:29:24.0071 2928  Netman - ok
14:29:24.0109 2928  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
14:29:24.0168 2928  netprofm - ok
14:29:24.0197 2928  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:29:24.0244 2928  NetTcpPortSharing - ok
14:29:24.0556 2928  [ BA420E8EBFCAD35581FE8E4C64F71469 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
14:29:24.0960 2928  NETw5v32 - ok
14:29:25.0001 2928  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:29:25.0037 2928  nfrd960 - ok
14:29:25.0082 2928  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:29:25.0142 2928  NlaSvc - ok
14:29:25.0286 2928  [ B15E0180C43D8B5219196D76878CC2DD ] NPF             C:\Windows\system32\drivers\npf.sys
14:29:25.0323 2928  NPF - ok
14:29:25.0368 2928  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:29:25.0448 2928  Npfs - ok
14:29:25.0493 2928  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
14:29:25.0615 2928  nsi - ok
14:29:25.0650 2928  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:29:25.0720 2928  nsiproxy - ok
14:29:25.0778 2928  [ B30F5C423B45A6668EADAD883678E2D0 ] NSUService      C:\Program Files\sony\Network Utility\NSUService.exe
14:29:25.0792 2928  NSUService ( UnsignedFile.Multi.Generic ) - warning
14:29:25.0792 2928  NSUService - detected UnsignedFile.Multi.Generic (1)
14:29:26.0039 2928  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:29:26.0203 2928  Ntfs - ok
14:29:26.0253 2928  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
14:29:26.0341 2928  ntrigdigi - ok
14:29:26.0373 2928  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
14:29:26.0437 2928  Null - ok
14:29:26.0476 2928  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:29:26.0521 2928  nvraid - ok
14:29:26.0550 2928  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:29:26.0588 2928  nvstor - ok
14:29:26.0626 2928  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:29:26.0667 2928  nv_agp - ok
14:29:26.0673 2928  NwlnkFlt - ok
14:29:26.0684 2928  NwlnkFwd - ok
14:29:26.0849 2928  [ E54AA592A65F317390EEE386A8821692 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:29:26.0911 2928  odserv - ok
14:29:26.0958 2928  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
14:29:27.0162 2928  ohci1394 - ok
14:29:27.0215 2928  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:29:27.0254 2928  ose - ok
14:29:27.0332 2928  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:29:27.0434 2928  p2pimsvc - ok
14:29:27.0451 2928  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:29:27.0499 2928  p2psvc - ok
14:29:27.0546 2928  [ 41C33FB4FD929FED732A00D2DAEF5BE0 ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
14:29:27.0564 2928  PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
14:29:27.0564 2928  PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
14:29:27.0599 2928  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
14:29:27.0689 2928  Parport - ok
14:29:27.0783 2928  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:29:27.0884 2928  partmgr - ok
14:29:27.0927 2928  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
14:29:28.0079 2928  Parvdm - ok
14:29:28.0168 2928  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:29:28.0274 2928  PcaSvc - ok
14:29:28.0304 2928  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
14:29:28.0336 2928  pci - ok
14:29:28.0427 2928  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
14:29:28.0463 2928  pciide - ok
14:29:28.0498 2928  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:29:28.0541 2928  pcmcia - ok
14:29:28.0619 2928  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:29:28.0760 2928  PEAUTH - ok
14:29:28.0965 2928  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
14:29:29.0158 2928  pla - ok
14:29:29.0206 2928  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:29:29.0290 2928  PlugPlay - ok
14:29:29.0410 2928  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
14:29:29.0459 2928  PNRPAutoReg - ok
14:29:29.0475 2928  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
14:29:29.0523 2928  PNRPsvc - ok
14:29:29.0591 2928  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:29:29.0751 2928  PolicyAgent - ok
14:29:29.0933 2928  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:29:30.0025 2928  PptpMiniport - ok
14:29:30.0060 2928  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
14:29:30.0124 2928  Processor - ok
14:29:30.0179 2928  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:29:30.0247 2928  ProfSvc - ok
14:29:30.0284 2928  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:29:30.0323 2928  ProtectedStorage - ok
14:29:30.0379 2928  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:29:30.0461 2928  PSched - ok
14:29:30.0505 2928  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
14:29:30.0552 2928  PxHelp20 - ok
14:29:30.0687 2928  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:29:30.0839 2928  ql2300 - ok
14:29:30.0901 2928  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:29:30.0919 2928  ql40xx - ok
14:29:30.0967 2928  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
14:29:31.0018 2928  QWAVE - ok
14:29:31.0047 2928  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:29:31.0083 2928  QWAVEdrv - ok
14:29:31.0100 2928  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:29:31.0176 2928  RasAcd - ok
14:29:31.0222 2928  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
14:29:31.0340 2928  RasAuto - ok
14:29:31.0433 2928  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:29:31.0501 2928  Rasl2tp - ok
14:29:31.0550 2928  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
14:29:31.0634 2928  RasMan - ok
14:29:31.0666 2928  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:29:31.0747 2928  RasPppoe - ok
14:29:31.0765 2928  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:29:31.0795 2928  RasSstp - ok
14:29:31.0873 2928  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:29:31.0958 2928  rdbss - ok
14:29:31.0985 2928  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:29:32.0039 2928  RDPCDD - ok
14:29:32.0073 2928  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
14:29:32.0131 2928  rdpdr - ok
14:29:32.0138 2928  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:29:32.0212 2928  RDPENCDD - ok
14:29:32.0267 2928  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:29:32.0356 2928  RDPWD - ok
14:29:32.0405 2928  [ 001B4278407F4303EFC902A2B16F2453 ] regi            C:\Windows\system32\drivers\regi.sys
14:29:32.0433 2928  regi - ok
14:29:32.0513 2928  [ 7EEEEC28A34516E66137F355DCC15BDB ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:29:32.0557 2928  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
14:29:32.0557 2928  RegSrvc - detected UnsignedFile.Multi.Generic (1)
14:29:32.0630 2928  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:29:32.0719 2928  RemoteAccess - ok
14:29:32.0778 2928  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:29:32.0867 2928  RemoteRegistry - ok
14:29:32.0929 2928  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:29:33.0020 2928  RFCOMM - ok
14:29:33.0044 2928  [ F7D9ECF41EBD3CF6C65944368150F66B ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
14:29:33.0091 2928  rimsptsk - ok
14:29:33.0112 2928  [ 1BE6C42767A7C67BA31AE32B293B37A3 ] risdptsk        C:\Windows\system32\DRIVERS\risdptsk.sys
14:29:33.0163 2928  risdptsk - ok
14:29:33.0194 2928  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
14:29:33.0271 2928  RpcLocator - ok
14:29:33.0311 2928  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
14:29:33.0386 2928  RpcSs - ok
14:29:33.0448 2928  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:29:33.0539 2928  rspndr - ok
14:29:33.0605 2928  [ 065A51298212455584F1811B033B617E ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
14:29:33.0641 2928  RTHDMIAzAudService - ok
14:29:33.0714 2928  [ DF1970AB067B4BA4221F0AD0AB9EBB30 ] RtkAudioService C:\Windows\RtkAudioService.exe
14:29:33.0733 2928  RtkAudioService ( UnsignedFile.Multi.Generic ) - warning
14:29:33.0733 2928  RtkAudioService - detected UnsignedFile.Multi.Generic (1)
14:29:33.0773 2928  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
14:29:33.0804 2928  SamSs - ok
14:29:33.0830 2928  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:29:33.0869 2928  sbp2port - ok
14:29:33.0941 2928  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:29:34.0007 2928  SCardSvr - ok
14:29:34.0062 2928  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
14:29:34.0181 2928  Schedule - ok
14:29:34.0202 2928  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:29:34.0246 2928  SCPolicySvc - ok
14:29:34.0302 2928  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
14:29:34.0393 2928  sdbus - ok
14:29:34.0438 2928  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:29:34.0507 2928  SDRSVC - ok
14:29:34.0523 2928  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:29:34.0630 2928  secdrv - ok
14:29:34.0691 2928  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
14:29:34.0751 2928  seclogon - ok
14:29:34.0769 2928  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
14:29:34.0841 2928  SENS - ok
14:29:34.0875 2928  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:29:34.0962 2928  Serenum - ok
14:29:35.0012 2928  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
14:29:35.0112 2928  Serial - ok
14:29:35.0146 2928  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:29:35.0209 2928  sermouse - ok
14:29:35.0325 2928  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:29:35.0379 2928  SessionEnv - ok
14:29:35.0430 2928  [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
14:29:35.0473 2928  SFEP - ok
14:29:35.0572 2928  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:29:35.0618 2928  sffdisk - ok
14:29:35.0676 2928  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:29:35.0770 2928  sffp_mmc - ok
14:29:35.0811 2928  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:29:35.0867 2928  sffp_sd - ok
14:29:35.0918 2928  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:29:36.0031 2928  sfloppy - ok
14:29:36.0067 2928  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:29:36.0179 2928  SharedAccess - ok
14:29:36.0261 2928  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:29:36.0350 2928  ShellHWDetection - ok
14:29:36.0393 2928  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:29:36.0433 2928  sisagp - ok
14:29:36.0458 2928  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:29:36.0496 2928  SiSRaid2 - ok
14:29:36.0526 2928  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:29:36.0567 2928  SiSRaid4 - ok
14:29:36.0785 2928  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:29:37.0012 2928  Skype C2C Service - ok
14:29:37.0100 2928  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:29:37.0214 2928  SkypeUpdate - ok
14:29:37.0393 2928  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
14:29:37.0765 2928  slsvc - ok
14:29:37.0822 2928  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:29:37.0886 2928  SLUINotify - ok
14:29:37.0949 2928  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:29:38.0002 2928  Smb - ok
14:29:38.0106 2928  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:29:38.0148 2928  SNMPTRAP - ok
14:29:38.0224 2928  [ 1A9DD46C547646A54CDB4065C1996A07 ] SOHCImp         C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
14:29:38.0252 2928  SOHCImp - ok
14:29:38.0283 2928  [ 2E1B0D8278BB616148DDCA13DAE87544 ] SOHDms          C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
14:29:38.0346 2928  SOHDms - ok
14:29:38.0397 2928  [ 892529EE03211C35AEA7132E119F4862 ] SOHDs           C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
14:29:38.0429 2928  SOHDs - ok
14:29:38.0564 2928  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
14:29:38.0613 2928  Sony PC Companion - ok
14:29:38.0721 2928  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
14:29:38.0771 2928  spldr - ok
14:29:38.0834 2928  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
14:29:38.0929 2928  Spooler - ok
14:29:38.0968 2928  [ F63102F289AE2039940B22E9B2A8E0BD ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
14:29:38.0994 2928  SPTISRV ( UnsignedFile.Multi.Generic ) - warning
14:29:38.0994 2928  SPTISRV - detected UnsignedFile.Multi.Generic (1)
14:29:39.0047 2928  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:29:39.0136 2928  srv - ok
14:29:39.0194 2928  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:29:39.0268 2928  srv2 - ok
14:29:39.0296 2928  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:29:39.0337 2928  srvnet - ok
14:29:39.0386 2928  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:29:39.0441 2928  SSDPSRV - ok
14:29:39.0487 2928  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
14:29:39.0532 2928  ssmdrv - ok
14:29:39.0621 2928  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:29:39.0695 2928  SstpSvc - ok
14:29:39.0750 2928  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
14:29:39.0867 2928  stisvc - ok
14:29:39.0907 2928  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:29:39.0943 2928  swenum - ok
14:29:40.0025 2928  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
14:29:40.0112 2928  swprv - ok
14:29:40.0127 2928  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
14:29:40.0163 2928  Symc8xx - ok
14:29:40.0284 2928  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:29:40.0325 2928  Sym_hi - ok
14:29:40.0359 2928  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:29:40.0393 2928  Sym_u3 - ok
14:29:40.0436 2928  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
14:29:40.0535 2928  SysMain - ok
14:29:40.0584 2928  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:29:40.0619 2928  TabletInputService - ok
14:29:40.0671 2928  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:29:40.0765 2928  TapiSrv - ok
14:29:40.0792 2928  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
14:29:40.0861 2928  TBS - ok
14:29:40.0920 2928  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:29:41.0006 2928  Tcpip - ok
14:29:41.0031 2928  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:29:41.0091 2928  Tcpip6 - ok
14:29:41.0148 2928  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:29:41.0210 2928  tcpipreg - ok
14:29:41.0274 2928  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:29:41.0358 2928  TDPIPE - ok
14:29:41.0389 2928  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:29:41.0444 2928  TDTCP - ok
14:29:41.0492 2928  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:29:41.0542 2928  tdx - ok
14:29:41.0579 2928  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:29:41.0618 2928  TermDD - ok
14:29:41.0654 2928  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
14:29:41.0719 2928  TermService - ok
14:29:41.0747 2928  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
14:29:41.0796 2928  Themes - ok
14:29:41.0809 2928  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:29:41.0861 2928  THREADORDER - ok
14:29:41.0911 2928  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
14:29:41.0974 2928  TrkWks - ok
14:29:42.0039 2928  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:29:42.0123 2928  TrustedInstaller - ok
14:29:42.0171 2928  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:29:42.0247 2928  tssecsrv - ok
14:29:42.0324 2928  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
14:29:42.0406 2928  tunmp - ok
14:29:42.0434 2928  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:29:42.0512 2928  tunnel - ok
14:29:42.0562 2928  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:29:42.0606 2928  uagp35 - ok
14:29:42.0669 2928  [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor     C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
14:29:42.0712 2928  uCamMonitor - ok
14:29:42.0765 2928  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:29:42.0810 2928  udfs - ok
14:29:42.0859 2928  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:29:42.0966 2928  UI0Detect - ok
14:29:42.0975 2928  UIUSys - ok
14:29:43.0025 2928  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:29:43.0065 2928  uliagpkx - ok
14:29:43.0098 2928  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
14:29:43.0144 2928  uliahci - ok
14:29:43.0178 2928  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:29:43.0218 2928  UlSata - ok
14:29:43.0287 2928  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
14:29:43.0330 2928  ulsata2 - ok
14:29:43.0362 2928  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:29:43.0463 2928  umbus - ok
14:29:43.0540 2928  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
14:29:43.0635 2928  upnphost - ok
14:29:43.0735 2928  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
14:29:43.0800 2928  USBAAPL - ok
14:29:43.0844 2928  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:29:43.0894 2928  usbccgp - ok
14:29:43.0946 2928  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:29:44.0066 2928  usbcir - ok
14:29:44.0115 2928  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:29:44.0172 2928  usbehci - ok
14:29:44.0207 2928  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:29:44.0297 2928  usbhub - ok
14:29:44.0351 2928  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:29:44.0437 2928  usbohci - ok
14:29:44.0484 2928  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
14:29:44.0573 2928  usbprint - ok
14:29:44.0650 2928  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:29:44.0731 2928  USBSTOR - ok
14:29:44.0783 2928  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:29:44.0829 2928  usbuhci - ok
14:29:44.0874 2928  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:29:44.0976 2928  usbvideo - ok
14:29:45.0009 2928  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
14:29:45.0062 2928  UxSms - ok
14:29:45.0175 2928  [ 2A640DC735CB0112AC1DCD1E1549B27E ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
14:29:45.0238 2928  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
14:29:45.0238 2928  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
14:29:45.0272 2928  [ 2C3DBB9B671AB95245DED1EFC5276CE9 ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
14:29:45.0312 2928  VAIO Event Service - ok
14:29:45.0432 2928  [ C1ED0F71D3B9EA8D774FC7C4CBF7EE7F ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
14:29:45.0465 2928  VAIO Power Management - ok
14:29:45.0563 2928  [ 7773EB681E99217FD92E5E8A5A199AE5 ] VCFw            C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
14:29:45.0625 2928  VCFw ( UnsignedFile.Multi.Generic ) - warning
14:29:45.0625 2928  VCFw - detected UnsignedFile.Multi.Generic (1)
14:29:45.0689 2928  [ 2686B87EDC54ED215CE479AC9B7675DE ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
14:29:45.0738 2928  VcmIAlzMgr - ok
14:29:45.0784 2928  [ BB5781ED436D3E121F85617C3BBB7AD5 ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
14:29:45.0820 2928  VcmXmlIfHelper - ok
14:29:45.0825 2928  Vcsw - ok
14:29:45.0892 2928  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
14:29:46.0033 2928  vds - ok
14:29:46.0070 2928  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:29:46.0125 2928  vga - ok
14:29:46.0155 2928  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:29:46.0213 2928  VgaSave - ok
14:29:46.0245 2928  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:29:46.0283 2928  viaagp - ok
14:29:46.0325 2928  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
14:29:46.0383 2928  ViaC7 - ok
14:29:46.0400 2928  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
14:29:46.0436 2928  viaide - ok
14:29:46.0452 2928  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:29:46.0491 2928  volmgr - ok
14:29:46.0561 2928  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:29:46.0627 2928  volmgrx - ok
14:29:46.0691 2928  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:29:46.0741 2928  volsnap - ok
14:29:46.0792 2928  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:29:46.0834 2928  vsmraid - ok
14:29:46.0975 2928  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
14:29:47.0167 2928  VSS - ok
14:29:47.0283 2928  [ 071634532066C2E29350D450C3412837 ] VzCdbSvc        C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
14:29:47.0294 2928  VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
14:29:47.0294 2928  VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
14:29:47.0342 2928  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
14:29:47.0425 2928  W32Time - ok
14:29:47.0479 2928  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:29:47.0581 2928  WacomPen - ok
14:29:47.0628 2928  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:29:47.0678 2928  Wanarp - ok
14:29:47.0684 2928  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:29:47.0726 2928  Wanarpv6 - ok
14:29:47.0781 2928  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:29:47.0827 2928  wcncsvc - ok
14:29:47.0887 2928  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:29:47.0966 2928  WcsPlugInService - ok
14:29:47.0997 2928  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
14:29:48.0033 2928  Wd - ok
14:29:48.0096 2928  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:29:48.0164 2928  Wdf01000 - ok
14:29:48.0197 2928  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:29:48.0257 2928  WdiServiceHost - ok
14:29:48.0266 2928  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:29:48.0321 2928  WdiSystemHost - ok
14:29:48.0373 2928  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
14:29:48.0410 2928  WebClient - ok
14:29:48.0474 2928  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:29:48.0555 2928  Wecsvc - ok
14:29:48.0609 2928  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:29:48.0692 2928  wercplsupport - ok
14:29:48.0764 2928  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:29:48.0810 2928  WerSvc - ok
14:29:48.0857 2928  [ 090A2B8F055343815556A01F725F6C35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
14:29:48.0889 2928  WimFltr - ok
14:29:48.0939 2928  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:29:49.0063 2928  winachsf - ok
14:29:49.0204 2928  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:29:49.0251 2928  WinDefend - ok
14:29:49.0265 2928  WinHttpAutoProxySvc - ok
14:29:49.0395 2928  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:29:49.0454 2928  Winmgmt - ok
14:29:49.0582 2928  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:29:49.0757 2928  WinRM - ok
14:29:49.0874 2928  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:29:49.0955 2928  Wlansvc - ok
14:29:50.0005 2928  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:29:50.0053 2928  WmiAcpi - ok
14:29:50.0113 2928  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:29:50.0155 2928  wmiApSrv - ok
14:29:50.0314 2928  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:29:50.0451 2928  WMPNetworkSvc - ok
14:29:50.0492 2928  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:29:50.0581 2928  WPCSvc - ok
14:29:50.0702 2928  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:29:50.0758 2928  WPDBusEnum - ok
14:29:50.0811 2928  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
14:29:50.0849 2928  WpdUsb - ok
14:29:51.0074 2928  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:29:51.0147 2928  WPFFontCache_v0400 - ok
14:29:51.0191 2928  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:29:51.0289 2928  ws2ifsl - ok
14:29:51.0353 2928  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
14:29:51.0431 2928  wscsvc - ok
14:29:51.0438 2928  WSearch - ok
14:29:51.0568 2928  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:29:51.0680 2928  wuauserv - ok
14:29:51.0744 2928  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:29:51.0826 2928  WudfPf - ok
14:29:51.0876 2928  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:29:51.0918 2928  WUDFRd - ok
14:29:51.0958 2928  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:29:52.0029 2928  wudfsvc - ok
14:29:52.0063 2928  [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
14:29:52.0140 2928  XAudio - ok
14:29:52.0194 2928  [ 15A317674A08DF26BE65164D959E9203 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
14:29:52.0321 2928  XAudioService - ok
14:29:52.0423 2928  [ 67E3D2AF24C3873E6A0CAC89DE78D63B ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
14:29:52.0491 2928  yukonwlh - ok
14:29:52.0508 2928  ================ Scan global ===============================
14:29:52.0542 2928  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:29:52.0618 2928  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:29:52.0658 2928  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:29:52.0722 2928  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:29:52.0729 2928  [Global] - ok
14:29:52.0730 2928  ================ Scan MBR ==================================
14:29:52.0787 2928  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:29:53.0730 2928  \Device\Harddisk0\DR0 - ok
14:29:53.0731 2928  ================ Scan VBR ==================================
14:29:53.0760 2928  [ 3680D8967E8093D54E8AF8B723B0A986 ] \Device\Harddisk0\DR0\Partition1
14:29:53.0762 2928  \Device\Harddisk0\DR0\Partition1 - ok
14:29:53.0763 2928  ============================================================
14:29:53.0763 2928  Scan finished
14:29:53.0763 2928  ============================================================
14:29:53.0785 4892  Detected object count: 12
14:29:53.0785 4892  Actual detected object count: 12

markusg · 04.02.2013, 16:39

hi

combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

markusg · 04.02.2013, 16:41

hi
1.
http://download.bleepingcomputer.com...ta/Winmgmt.reg
Laden, doppelklicken, Nachfrage bestätigen, neustarten.
2.
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Steve123 · 04.02.2013, 17:20

Habe alles gemacht wie beschrieben, allerdings kann ich keine combofix.txt auf c:\ finden. Dort befindet sich zwar eine Datei die combofix heißt, diese scheint jedoch "eine Art Ordner zu sein" hinter der sich wieder der Inhalt von c: befindet. Habe ich etwas falsch gemacht?

markusg · 04.02.2013, 18:01

das log geht doch automatisch auf.
lass es noch mal laufen und öffne dann zusätzlich c:\qoobox quarantained file.txt und poste deren Inhalt

Steve123 · 05.02.2013, 22:00

Hi,

also irgendwas funktioniert nicht. Hab es jetzt insg. 4 mal laufen lassen und es kam keine combofix.txt logfile. Nach 3x hat sich einfach gar nicht getan, gestern kam dann ein blaues Fenster in dem sinngemäß stand: Ihr Computer wird geprüft, dies dauert i.d.R. 10 min, bei stark verseuchten Computern kann es auch doppelt so lang dauern. Dann wurde EWIG geprüft (hab das auch über Nacht laufen lassen) und dann nach c. 12 Stunden abgebrochen.

Die einzige Datei die unter C.\qoobox\quarantine war ist catchme.txt mit folgendem Inhalt:

Code:

ATTFilter

-------- 2013-02-04 - 17:02:19  -------------


-------- 2013-02-04 - 18:09:47  -------------

error: 31

Hoffe du kannst mir weiterhelfen.

Gruß

markusg · 05.02.2013, 22:01

starte neu, drücke f8 wähle abgesicherter Modus, melde dich in deinem Konto an, versuchs dort erneut.
dann wieder in den normalen Modus starten, und log posten.

Steve123 · 05.02.2013, 23:08

hat geklappt

Code:

ATTFilter

ComboFix 13-02-03.03 - Nora 05.02.2013  22:35:09.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3038.2581 [GMT 1:00]
ausgeführt von:: c:\users\Nora\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\LMUB1fPE.exe.b
c:\programdata\Roaming
c:\programdata\windows
c:\users\Nora\AppData\Roaming\AcroIEHelpe.txt
c:\users\Nora\AppData\Roaming\Help\coredb\storage
c:\users\Nora\AppData\Roaming\Kefef
c:\users\Nora\AppData\Roaming\Kefef\maynhy.tmp
c:\users\Nora\AppData\Roaming\Kefef\maynhy.unq
c:\users\Nora\AppData\Roaming\srvblck5.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-05 bis 2013-02-05  ))))))))))))))))))))))))))))))
.
.
2013-02-05 21:46 . 2013-02-05 21:52	--------	d-----w-	c:\users\Nora\AppData\Local\temp
2013-02-05 21:46 . 2013-02-05 21:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-05 20:56 . 2013-01-18 11:17	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED53E9E7-7C80-4540-846F-82CEAF31D5F6}\mpengine.dll
2013-02-04 18:55 . 2013-02-04 18:55	--------	d-----w-	C:\_OTL
2013-02-04 18:55 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2013-02-04 15:37 . 2013-02-04 15:37	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-02-04 15:37 . 2013-02-04 15:37	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-02-04 15:37 . 2013-02-04 15:37	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-02-04 15:37 . 2013-02-04 15:37	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-02-04 15:37 . 2013-02-04 15:37	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-02-04 15:37 . 2013-02-04 15:37	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-02-04 15:37 . 2013-02-04 15:37	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-02-04 15:37 . 2013-02-04 15:37	--------	d-----w-	c:\program files\QuickTime
2013-02-04 15:20 . 2013-02-04 15:20	--------	d-----w-	c:\users\Nora\AppData\Roaming\Malwarebytes
2013-02-04 15:20 . 2013-02-04 15:20	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-04 15:19 . 2013-02-04 15:20	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-02-04 15:19 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-04 15:13 . 2012-10-30 22:51	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-02-04 15:13 . 2012-10-30 22:51	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-02-04 15:13 . 2012-10-30 22:51	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-02-04 15:13 . 2012-10-30 22:51	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2013-02-04 15:13 . 2012-10-30 22:51	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-02-04 15:13 . 2012-10-30 22:51	58680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-02-04 15:13 . 2012-10-30 22:51	41224	----a-w-	c:\windows\avastSS.scr
2013-02-04 15:13 . 2012-10-30 22:50	227648	----a-w-	c:\windows\system32\aswBoot.exe
2013-02-04 15:12 . 2013-02-04 15:12	--------	d-----w-	c:\programdata\AVAST Software
2013-02-04 15:12 . 2013-02-04 15:12	--------	d-----w-	c:\program files\AVAST Software
2013-02-04 14:17 . 2013-02-04 14:17	--------	d-----w-	c:\program files\Common Files\DivX Shared
2013-02-04 14:14 . 2013-02-04 14:19	--------	d-----w-	c:\programdata\DivX
2013-02-04 14:12 . 2013-02-04 14:11	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-04 14:06 . 2013-02-04 14:06	--------	d-----w-	c:\program files\FileHippo.com
2013-02-04 13:10 . 2013-02-04 14:11	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-01-23 17:52 . 2013-01-23 17:52	--------	d-----w-	c:\program files\Common Files\Citrix
2013-01-20 22:39 . 2013-01-03 18:34	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2013-01-20 22:39 . 2012-11-20 04:22	204288	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-20 22:39 . 2012-11-23 01:35	2048000	----a-w-	c:\windows\system32\win32k.sys
2013-01-20 22:36 . 2012-11-02 10:19	1400832	----a-w-	c:\windows\system32\msxml6.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-04 14:11 . 2010-05-21 13:47	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-04 13:25 . 2012-10-07 17:59	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-04 13:25 . 2011-06-03 21:34	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2010-05-21 17:13	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-16 13:12 . 2012-12-21 16:29	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 16:29	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-05 15:23 . 2012-12-05 15:23	73544	----a-w-	c:\windows\system32\drivers\ctxusbm.sys
2012-11-13 20:29 . 2012-11-13 20:29	354216	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-13 01:29 . 2012-12-13 16:36	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 10:42 . 2012-12-13 16:36	916992	----a-w-	c:\windows\system32\wininet.dll
2012-11-09 10:37 . 2012-12-13 16:36	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-11-09 10:36 . 2012-12-13 16:36	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-09 10:36 . 2012-12-13 16:36	71680	----a-w-	c:\windows\system32\iesetup.dll
2012-11-09 10:36 . 2012-12-13 16:36	109056	----a-w-	c:\windows\system32\iesysprep.dll
2012-11-09 09:01 . 2012-12-13 16:36	385024	----a-w-	c:\windows\system32\html.iec
2012-11-09 07:13 . 2012-12-13 16:36	133632	----a-w-	c:\windows\system32\ieUnatt.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-11-22 270336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-01-07 446648]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Facebook Update"="c:\users\Nora\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-22 138096]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-30 122880]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-12-08 24576]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-09-09 1097728]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-01 202256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
OneNote Inhaltsverzeichnis.onetoc2 [2012-7-7 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 776744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-11-05 17:32	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\browse~1\261123~1.78\{61d8b~1\browse~1.dll 
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 accvssvc;AccSys WLAN Control Service;c:\program files\Common Files\AccSys\AccVSSvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 13:25]
.
2012-11-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256999809-2769954180-380837127-1000Core.job
- c:\users\Nora\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-22 16:13]
.
2012-11-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256999809-2769954180-380837127-1000UA.job
- c:\users\Nora\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-22 16:13]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 19:20]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 19:20]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3256999809-2769954180-380837127-1000Core.job
- c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 19:10]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3256999809-2769954180-380837127-1000UA.job
- c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 19:10]
.
2013-01-20 c:\windows\Tasks\ReclaimerUpdateFiles_Nora.job
- c:\users\Nora\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-26 20:02]
.
2013-01-20 c:\windows\Tasks\ReclaimerUpdateXML_Nora.job
- c:\users\Nora\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-26 20:02]
.
2013-01-20 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Nora.job
- c:\users\Nora\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-26 20:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: nibc.com\xs4
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-pasui - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-05 22:51
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3328)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\RtkAudioService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
c:\windows\system32\schtasks.exe
c:\programdata\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\sony\Network Utility\NSUService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\sony\Sony PC Companion\PCCompanionInfo.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\program files\Citrix\Receiver\Receiver.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-05  22:58:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-05 21:58
.
Vor Suchlauf: 8 Verzeichnis(se), 244.650.868.736 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 246.552.834.048 Bytes frei
.
- - End Of File - - 857859C16C6628F333BD2AC2FD5549B0

markusg · 05.02.2013, 23:18

hi
poste mir mal alle Malwarebytes Logs mit Funden
http://www.trojaner-board.de/125889-...en-posten.html

Steve123 · 06.02.2013, 08:07

Malware log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.04.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Nora :: NORA-PC [Administrator]

05.02.2013 23:20:38
MBAM-log-2013-02-06 (08-06-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 405895
Laufzeit: 3 Stunde(n), 19 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Dateien: 4
C:\Users\Nora\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1fd07233-5908227c (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\Nora\Desktop\ssk_claro.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\02042013_135539\C_Users\Nora\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.

(Ende)

markusg · 06.02.2013, 12:53

hi,
Funde gelöscht? laut Log nicht.

06.02.2013, 12:53	#15
markusg /// Malware-holic	GUV Trojaner / Auswertung OTL logfiles hi, Funde gelöscht? laut Log nicht. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

GUV Trojaner / Auswertung OTL logfiles

Log-Analyse und Auswertung: GUV Trojaner / Auswertung OTL logfiles