Hilfe beim Entfernen des GVU Trojaner 2013

rocket77 · 12.05.2013, 18:17

Hallo zusammen,

mein Dad hat sich den GVU Trojaner auf seinem DELL Laptop eingefangen.
BS: Windows Vista, mehr weiß ich leider nicht.

Ich arbeite selbst auf einem Mac und kann daher die vielen möglichen Schritte, Reboot CDs etc. gar nicht erstellen, da immer nur .exe zum Donwload zur Verfügung stehen, aber nichts für einen Mac als Hilfs- bzw. Zweitrechner. Ich hoffe sehr dass ihr mir helfen könnt!!! Ich habe Schritt 1 schon erledigt und OTL per USB Stick gestartet und den Scan durchgeführt. Die beiden Logfiles hänge ich an.

Schon mal vielen Dank im Voraus!

---

Schritt 1

Lade dir auf einem Zweitrechner bitte OTL (von Oldtimer) herunter und speichere es auf einen USB-Stick (nicht in einen Unterordner!).
Schliesse diesen USB-Stick nun an den infizierten Rechner an.
Starte den infizierten Computer in den abgesicherten Modus mit Eingabeaufforderung. (Anleitung)
In der Kommandozeile gib nun notepad ein und drücke Enter.
Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Arbeitsplatz.
Lese hier nun den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
Schliesse Notepad wieder.
Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
e:\OTL.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
Es sollte sich nun das Fenster von OTL öffnen.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) angezeigt und auf den USB-Stick gespeichert.
Poste bitte auf dem Zweitrechner den Inhalt dieser Logfiles hier in den Thread.

---

markusg · 12.05.2013, 18:24

Hi,

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O20 - HKU\S-1-5-21-1561162392-1956531021-980978825-1000 Winlogon: Shell - (C:\Users\Fritz\AppData\Roaming\skype.dat) - C:\Users\Fritz\AppData\Roaming\skype.dat ()
[2013.05.12 12:44:46 | 000,000,004 | ---- | M] () -- C:\Users\Fritz\AppData\Roaming\skype.ini
:files
C:\Users\Fritz\AppData\Roaming\skype.dat
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

rocket77 · 12.05.2013, 18:47

Wow suuuper vielen Dank, hat geklappt!
Der Upload ist auch schon erledigt. Noch mal vielen Dank.

Rätst Du mir trotzdem jetzt alle Daten zu sichern und das System neu aufzusetzen?

markusg · 12.05.2013, 18:50

Hi
wir schaun mal, aber bisher sag ich mal, nein.
thx fürs hochladen
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

rocket77 · 12.05.2013, 19:21

Hier der Logfile Inhalt. 2 Threats wurden gefunden...
Weitere Anweisungen?

20:16:01.0191 3344 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:16:02.0347 3344 ============================================================
20:16:02.0347 3344 Current date / time: 2013/05/12 20:16:02.0347
20:16:02.0347 3344 SystemInfo:
20:16:02.0347 3344
20:16:02.0347 3344 OS Version: 6.0.6002 ServicePack: 2.0
20:16:02.0347 3344 Product type: Workstation
20:16:02.0347 3344 ComputerName: FRITZ-PC
20:16:02.0349 3344 UserName: Fritz
20:16:02.0349 3344 Windows directory: C:\Windows
20:16:02.0349 3344 System windows directory: C:\Windows
20:16:02.0349 3344 Processor architecture: Intel x86
20:16:02.0349 3344 Number of processors: 1
20:16:02.0349 3344 Page size: 0x1000
20:16:02.0349 3344 Boot type: Normal boot
20:16:02.0349 3344 ============================================================
20:16:03.0216 3344 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:16:03.0218 3344 ============================================================
20:16:03.0218 3344 \Device\Harddisk0\DR0:
20:16:03.0218 3344 MBR partitions:
20:16:03.0218 3344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1400000
20:16:03.0218 3344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1433000, BlocksNum 0x115E6000
20:16:03.0218 3344 ============================================================
20:16:03.0305 3344 C: <-> \Device\Harddisk0\DR0\Partition2
20:16:03.0346 3344 D: <-> \Device\Harddisk0\DR0\Partition1
20:16:03.0346 3344 ============================================================
20:16:03.0346 3344 Initialize success
20:16:03.0346 3344 ============================================================
20:16:25.0955 2584 ============================================================
20:16:25.0955 2584 Scan started
20:16:25.0955 2584 Mode: Manual; SigCheck; TDLFS;
20:16:25.0955 2584 ============================================================
20:16:26.0551 2584 ================ Scan system memory ========================
20:16:26.0551 2584 System memory - ok
20:16:26.0561 2584 ================ Scan services =============================
20:16:26.0891 2584 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:16:27.0021 2584 ACPI - ok
20:16:27.0181 2584 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:16:27.0201 2584 AdobeARMservice - ok
20:16:27.0331 2584 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:16:27.0351 2584 AdobeFlashPlayerUpdateSvc - ok
20:16:27.0451 2584 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:16:27.0511 2584 adp94xx - ok
20:16:27.0581 2584 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:16:27.0601 2584 adpahci - ok
20:16:27.0661 2584 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:16:27.0681 2584 adpu160m - ok
20:16:27.0711 2584 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:16:27.0731 2584 adpu320 - ok
20:16:27.0801 2584 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:16:27.0901 2584 AeLookupSvc - ok
20:16:27.0961 2584 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
20:16:28.0071 2584 AERTFilters - ok
20:16:28.0201 2584 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
20:16:28.0243 2584 AFD - ok
20:16:28.0297 2584 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:16:28.0313 2584 agp440 - ok
20:16:28.0369 2584 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:16:28.0387 2584 aic78xx - ok
20:16:28.0445 2584 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:16:28.0570 2584 ALG - ok
20:16:28.0588 2584 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
20:16:28.0605 2584 aliide - ok
20:16:28.0640 2584 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:16:28.0656 2584 amdagp - ok
20:16:28.0681 2584 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
20:16:28.0710 2584 amdide - ok
20:16:28.0739 2584 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:16:28.0807 2584 AmdK7 - ok
20:16:28.0875 2584 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:16:28.0905 2584 AmdK8 - ok
20:16:29.0039 2584 [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
20:16:29.0063 2584 AntiVirMailService - ok
20:16:29.0140 2584 [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:16:29.0153 2584 AntiVirSchedulerService - ok
20:16:29.0216 2584 [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:16:29.0231 2584 AntiVirService - ok
20:16:29.0292 2584 [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:16:29.0316 2584 AntiVirWebService - ok
20:16:29.0427 2584 [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
20:16:29.0474 2584 ApfiltrService - ok
20:16:29.0589 2584 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:16:29.0689 2584 Appinfo - ok
20:16:29.0810 2584 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:16:29.0826 2584 Apple Mobile Device - ok
20:16:29.0902 2584 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
20:16:29.0920 2584 arc - ok
20:16:29.0977 2584 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:16:29.0994 2584 arcsas - ok
20:16:30.0179 2584 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:16:30.0210 2584 aspnet_state - ok
20:16:30.0257 2584 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:16:30.0303 2584 AsyncMac - ok
20:16:30.0376 2584 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
20:16:30.0396 2584 atapi - ok
20:16:30.0516 2584 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:16:30.0566 2584 AudioEndpointBuilder - ok
20:16:30.0586 2584 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:16:30.0616 2584 Audiosrv - ok
20:16:30.0696 2584 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:16:30.0726 2584 avgntflt - ok
20:16:30.0866 2584 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:16:30.0886 2584 avipbb - ok
20:16:30.0926 2584 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:16:30.0946 2584 avkmgr - ok
20:16:31.0006 2584 BCM42RLY - ok
20:16:31.0086 2584 [ ABD543E555BC0453BF52664936DF4DCD ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
20:16:31.0146 2584 BCM43XX - ok
20:16:31.0296 2584 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:16:31.0366 2584 Beep - ok
20:16:31.0416 2584 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
20:16:31.0486 2584 BFE - ok
20:16:31.0626 2584 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
20:16:31.0666 2584 BITS - ok
20:16:31.0726 2584 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:16:31.0836 2584 blbdrive - ok
20:16:31.0966 2584 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:16:31.0986 2584 Bonjour Service - ok
20:16:32.0066 2584 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:16:32.0126 2584 bowser - ok
20:16:32.0176 2584 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:16:32.0236 2584 BrFiltLo - ok
20:16:32.0286 2584 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:16:32.0306 2584 BrFiltUp - ok
20:16:32.0376 2584 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:16:32.0426 2584 Browser - ok
20:16:32.0456 2584 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:16:32.0656 2584 Brserid - ok
20:16:32.0706 2584 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:16:32.0776 2584 BrSerWdm - ok
20:16:32.0816 2584 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:16:32.0876 2584 BrUsbMdm - ok
20:16:32.0906 2584 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:16:32.0986 2584 BrUsbSer - ok
20:16:33.0046 2584 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
20:16:33.0096 2584 BthEnum - ok
20:16:33.0166 2584 [ 43C96C1AC278BC22E7799C23405635A0 ] BTHFILT C:\Windows\system32\DRIVERS\BthFilt.sys
20:16:33.0196 2584 BTHFILT ( UnsignedFile.Multi.Generic ) - warning
20:16:33.0196 2584 BTHFILT - detected UnsignedFile.Multi.Generic (1)
20:16:33.0226 2584 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:16:33.0296 2584 BTHMODEM - ok
20:16:33.0352 2584 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:16:33.0385 2584 BthPan - ok
20:16:33.0484 2584 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
20:16:33.0528 2584 BTHPORT - ok
20:16:33.0590 2584 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
20:16:33.0635 2584 BthServ - ok
20:16:33.0664 2584 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
20:16:33.0722 2584 BTHUSB - ok
20:16:33.0777 2584 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:16:33.0856 2584 cdfs - ok
20:16:33.0902 2584 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:16:33.0950 2584 cdrom - ok
20:16:34.0018 2584 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
20:16:34.0068 2584 CertPropSvc - ok
20:16:34.0105 2584 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
20:16:34.0135 2584 circlass - ok
20:16:34.0210 2584 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
20:16:34.0271 2584 CLFS - ok
20:16:34.0309 2584 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:16:34.0365 2584 clr_optimization_v2.0.50727_32 - ok
20:16:34.0545 2584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:16:34.0562 2584 clr_optimization_v4.0.30319_32 - ok
20:16:34.0623 2584 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:16:34.0672 2584 CmBatt - ok
20:16:34.0715 2584 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:16:34.0731 2584 cmdide - ok
20:16:34.0746 2584 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:16:34.0763 2584 Compbatt - ok
20:16:34.0776 2584 COMSysApp - ok
20:16:34.0867 2584 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:16:34.0883 2584 crcdisk - ok
20:16:34.0905 2584 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:16:34.0965 2584 Crusoe - ok
20:16:35.0090 2584 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:16:35.0137 2584 CryptSvc - ok
20:16:35.0260 2584 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:16:35.0296 2584 DcomLaunch - ok
20:16:35.0366 2584 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:16:35.0433 2584 DfsC - ok
20:16:35.0587 2584 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
20:16:35.0747 2584 DFSR - ok
20:16:35.0857 2584 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:16:35.0877 2584 Dhcp - ok
20:16:35.0937 2584 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
20:16:35.0957 2584 disk - ok
20:16:36.0037 2584 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:16:36.0097 2584 Dnscache - ok
20:16:36.0177 2584 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:16:36.0267 2584 dot3svc - ok
20:16:36.0317 2584 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:16:36.0377 2584 DPS - ok
20:16:36.0447 2584 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:16:36.0467 2584 drmkaud - ok
20:16:36.0567 2584 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:16:36.0607 2584 DXGKrnl - ok
20:16:36.0687 2584 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
20:16:36.0727 2584 e1express - ok
20:16:36.0807 2584 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:16:36.0847 2584 E1G60 - ok
20:16:36.0867 2584 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:16:36.0897 2584 EapHost - ok
20:16:36.0987 2584 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:16:37.0007 2584 Ecache - ok
20:16:37.0067 2584 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:16:37.0117 2584 elxstor - ok
20:16:37.0207 2584 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:16:37.0297 2584 EMDMgmt - ok
20:16:37.0317 2584 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:16:37.0354 2584 ErrDev - ok
20:16:37.0455 2584 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
20:16:37.0500 2584 EventSystem - ok
20:16:37.0553 2584 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
20:16:37.0604 2584 exfat - ok
20:16:37.0693 2584 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:16:37.0729 2584 fastfat - ok
20:16:37.0761 2584 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:16:37.0798 2584 fdc - ok
20:16:37.0843 2584 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:16:37.0873 2584 fdPHost - ok
20:16:37.0915 2584 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:16:37.0979 2584 FDResPub - ok
20:16:38.0017 2584 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:16:38.0033 2584 FileInfo - ok
20:16:38.0065 2584 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:16:38.0102 2584 Filetrace - ok
20:16:38.0141 2584 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:16:38.0184 2584 flpydisk - ok
20:16:38.0250 2584 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:16:38.0278 2584 FltMgr - ok
20:16:38.0401 2584 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
20:16:38.0562 2584 FontCache - ok
20:16:38.0679 2584 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:16:38.0720 2584 FontCache3.0.0.0 - ok
20:16:38.0779 2584 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:16:38.0850 2584 Fs_Rec - ok
20:16:38.0913 2584 [ AAE37F0F2F613218DCE17B42A18C38DB ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
20:16:38.0944 2584 FTDIBUS - ok
20:16:39.0022 2584 [ 48BFD1BA45C9C9E7AB339E25ABFBA1D2 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
20:16:39.0069 2584 FTSER2K - ok
20:16:39.0115 2584 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:16:39.0125 2584 gagp30kx - ok
20:16:39.0185 2584 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:16:39.0195 2584 GEARAspiWDM - ok
20:16:39.0275 2584 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
20:16:39.0385 2584 gpsvc - ok
20:16:39.0555 2584 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:16:39.0565 2584 gupdate - ok
20:16:39.0585 2584 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:16:39.0605 2584 gupdatem - ok
20:16:39.0655 2584 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:16:39.0665 2584 gusvc - ok
20:16:39.0745 2584 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:16:39.0805 2584 HdAudAddService - ok
20:16:39.0895 2584 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:16:40.0025 2584 HDAudBus - ok
20:16:40.0075 2584 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:16:40.0155 2584 HidBth - ok
20:16:40.0225 2584 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:16:40.0285 2584 HidIr - ok
20:16:40.0352 2584 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
20:16:40.0380 2584 hidserv - ok
20:16:40.0431 2584 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:16:40.0456 2584 HidUsb - ok
20:16:40.0514 2584 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:16:40.0546 2584 hkmsvc - ok
20:16:40.0576 2584 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:16:40.0592 2584 HpCISSs - ok
20:16:40.0670 2584 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:16:40.0762 2584 HTTP - ok
20:16:40.0886 2584 [ 19E6885A061011D8DABE8F64498423FA ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:16:40.0913 2584 hwdatacard - ok
20:16:40.0959 2584 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:16:40.0974 2584 i2omp - ok
20:16:41.0018 2584 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:16:41.0059 2584 i8042prt - ok
20:16:41.0101 2584 [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iaStor C:\Windows\system32\drivers\iastor.sys
20:16:41.0119 2584 iaStor - ok
20:16:41.0173 2584 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:16:41.0196 2584 iaStorV - ok
20:16:41.0326 2584 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:16:41.0427 2584 idsvc - ok
20:16:41.0577 2584 [ C134E69CE901422D1F2D7EA8D69098FE ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:16:41.0764 2584 igfx - ok
20:16:41.0811 2584 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:16:41.0826 2584 iirsp - ok
20:16:41.0958 2584 [ A06EFD4965F8A3F97A8C9A291D032678 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
20:16:41.0968 2584 IJPLMSVC - ok
20:16:42.0048 2584 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
20:16:42.0128 2584 IKEEXT - ok
20:16:42.0278 2584 [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:16:42.0418 2584 IntcAzAudAddService - ok
20:16:42.0498 2584 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:16:42.0508 2584 intelide - ok
20:16:42.0548 2584 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:16:42.0578 2584 intelppm - ok
20:16:42.0618 2584 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:16:42.0688 2584 IPBusEnum - ok
20:16:42.0728 2584 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:16:42.0788 2584 IpFilterDriver - ok
20:16:42.0888 2584 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:16:42.0988 2584 iphlpsvc - ok
20:16:42.0998 2584 IpInIp - ok
20:16:43.0028 2584 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:16:43.0068 2584 IPMIDRV - ok
20:16:43.0118 2584 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:16:43.0158 2584 IPNAT - ok
20:16:43.0228 2584 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:16:43.0248 2584 iPod Service - ok
20:16:43.0288 2584 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:16:43.0338 2584 IRENUM - ok
20:16:43.0378 2584 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:16:43.0388 2584 isapnp - ok
20:16:43.0488 2584 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:16:43.0508 2584 iScsiPrt - ok
20:16:43.0568 2584 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:16:43.0578 2584 iteatapi - ok
20:16:43.0608 2584 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:16:43.0638 2584 iteraid - ok
20:16:43.0658 2584 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:16:43.0678 2584 kbdclass - ok
20:16:43.0728 2584 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:16:43.0758 2584 kbdhid - ok
20:16:43.0801 2584 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
20:16:43.0856 2584 KeyIso - ok
20:16:43.0944 2584 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:16:43.0971 2584 KSecDD - ok
20:16:44.0052 2584 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:16:44.0125 2584 KtmRm - ok
20:16:44.0213 2584 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
20:16:44.0251 2584 LanmanServer - ok
20:16:44.0343 2584 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:16:44.0413 2584 LanmanWorkstation - ok
20:16:44.0459 2584 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:16:44.0511 2584 lltdio - ok
20:16:44.0542 2584 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:16:44.0616 2584 lltdsvc - ok
20:16:44.0675 2584 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:16:44.0749 2584 lmhosts - ok
20:16:44.0795 2584 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:16:44.0813 2584 LSI_FC - ok
20:16:44.0850 2584 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:16:44.0900 2584 LSI_SAS - ok
20:16:44.0990 2584 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:16:45.0009 2584 LSI_SCSI - ok
20:16:45.0053 2584 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:16:45.0104 2584 luafv - ok
20:16:45.0152 2584 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
20:16:45.0167 2584 megasas - ok
20:16:45.0260 2584 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:16:45.0298 2584 MegaSR - ok
20:16:45.0441 2584 [ 3412A454FDF9F68341AB80F3EE79EDAB ] MHIKEY10 C:\Windows\system32\Drivers\MHIKEY10.sys
20:16:45.0480 2584 MHIKEY10 - ok
20:16:45.0519 2584 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:16:45.0561 2584 MMCSS - ok
20:16:45.0593 2584 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:16:45.0633 2584 Modem - ok
20:16:45.0670 2584 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:16:45.0716 2584 monitor - ok
20:16:45.0749 2584 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:16:45.0767 2584 mouclass - ok
20:16:45.0792 2584 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:16:45.0848 2584 mouhid - ok
20:16:45.0871 2584 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:16:45.0901 2584 MountMgr - ok
20:16:45.0942 2584 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
20:16:45.0958 2584 mpio - ok
20:16:46.0005 2584 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:16:46.0050 2584 mpsdrv - ok
20:16:46.0146 2584 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:16:46.0180 2584 MpsSvc - ok
20:16:46.0212 2584 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:16:46.0226 2584 Mraid35x - ok
20:16:46.0290 2584 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:16:46.0336 2584 MRxDAV - ok
20:16:46.0383 2584 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:16:46.0480 2584 mrxsmb - ok
20:16:46.0618 2584 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:16:46.0722 2584 mrxsmb10 - ok
20:16:46.0777 2584 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:16:46.0834 2584 mrxsmb20 - ok
20:16:46.0897 2584 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
20:16:46.0912 2584 msahci - ok
20:16:46.0959 2584 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:16:46.0975 2584 msdsm - ok
20:16:47.0006 2584 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:16:47.0100 2584 MSDTC - ok
20:16:47.0146 2584 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:16:47.0209 2584 Msfs - ok
20:16:47.0234 2584 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:16:47.0254 2584 msisadrv - ok
20:16:47.0334 2584 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:16:47.0424 2584 MSiSCSI - ok
20:16:47.0434 2584 msiserver - ok
20:16:47.0484 2584 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:16:47.0534 2584 MSKSSRV - ok
20:16:47.0574 2584 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:16:47.0614 2584 MSPCLOCK - ok
20:16:47.0704 2584 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:16:47.0754 2584 MSPQM - ok
20:16:47.0824 2584 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:16:47.0844 2584 MsRPC - ok
20:16:47.0874 2584 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:16:47.0884 2584 mssmbios - ok
20:16:47.0914 2584 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:16:47.0944 2584 MSTEE - ok
20:16:48.0034 2584 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
20:16:48.0054 2584 Mup - ok
20:16:48.0154 2584 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
20:16:48.0184 2584 napagent - ok
20:16:48.0284 2584 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:16:48.0374 2584 NativeWifiP - ok
20:16:48.0454 2584 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:16:48.0484 2584 NDIS - ok
20:16:48.0534 2584 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:16:48.0574 2584 NdisTapi - ok
20:16:48.0614 2584 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:16:48.0654 2584 Ndisuio - ok
20:16:48.0734 2584 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:16:48.0764 2584 NdisWan - ok
20:16:48.0784 2584 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:16:48.0820 2584 NDProxy - ok
20:16:48.0850 2584 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:16:48.0905 2584 NetBIOS - ok
20:16:49.0012 2584 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:16:49.0041 2584 netbt - ok
20:16:49.0083 2584 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
20:16:49.0104 2584 Netlogon - ok
20:16:49.0152 2584 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:16:49.0192 2584 Netman - ok
20:16:49.0226 2584 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:16:49.0263 2584 netprofm - ok
20:16:49.0334 2584 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:16:49.0363 2584 NetTcpPortSharing - ok
20:16:49.0396 2584 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:16:49.0417 2584 nfrd960 - ok
20:16:49.0452 2584 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:16:49.0497 2584 NlaSvc - ok
20:16:49.0592 2584 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:16:49.0680 2584 Npfs - ok
20:16:49.0726 2584 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:16:49.0773 2584 nsi - ok
20:16:49.0788 2584 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:16:49.0829 2584 nsiproxy - ok
20:16:49.0932 2584 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:16:49.0993 2584 Ntfs - ok
20:16:50.0044 2584 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:16:50.0181 2584 ntrigdigi - ok
20:16:50.0207 2584 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:16:50.0261 2584 Null - ok
20:16:50.0299 2584 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:16:50.0317 2584 nvraid - ok
20:16:50.0371 2584 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:16:50.0386 2584 nvstor - ok
20:16:50.0435 2584 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:16:50.0454 2584 nv_agp - ok
20:16:50.0474 2584 NwlnkFlt - ok
20:16:50.0489 2584 NwlnkFwd - ok
20:16:50.0551 2584 [ D51942F12090FC947CA8AA01736DADE2 ] O2MDRDR C:\Windows\system32\DRIVERS\o2media.sys
20:16:50.0562 2584 O2MDRDR - ok
20:16:50.0599 2584 [ 97E494165CE16EA3762114BA64FAF332 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sd.sys
20:16:50.0611 2584 O2SDRDR - ok
20:16:50.0739 2584 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:16:50.0866 2584 odserv - ok
20:16:50.0913 2584 [ 86326062A90494BDD79CE383511D7D69 ] OEM13Vfx C:\Windows\system32\DRIVERS\OEM13Vfx.sys
20:16:50.0955 2584 OEM13Vfx - ok
20:16:51.0007 2584 [ 8D9D3B1B24105796C9B9B1473DEC2D70 ] OEM13Vid C:\Windows\system32\DRIVERS\OEM13Vid.sys
20:16:51.0028 2584 OEM13Vid - ok
20:16:51.0089 2584 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:16:51.0159 2584 ohci1394 - ok
20:16:51.0227 2584 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:16:51.0241 2584 ose - ok
20:16:51.0352 2584 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:16:51.0459 2584 p2pimsvc - ok
20:16:51.0485 2584 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
20:16:51.0576 2584 p2psvc - ok
20:16:51.0633 2584 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:16:51.0719 2584 Parport - ok
20:16:51.0804 2584 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:16:51.0821 2584 partmgr - ok
20:16:51.0869 2584 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:16:51.0915 2584 Parvdm - ok
20:16:51.0962 2584 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:16:52.0009 2584 PcaSvc - ok
20:16:52.0087 2584 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
20:16:52.0103 2584 pci - ok
20:16:52.0181 2584 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
20:16:52.0212 2584 pciide - ok
20:16:52.0243 2584 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:16:52.0259 2584 pcmcia - ok
20:16:52.0305 2584 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:16:52.0446 2584 PEAUTH - ok
20:16:52.0636 2584 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:16:52.0846 2584 pla - ok
20:16:52.0956 2584 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:16:52.0996 2584 PlugPlay - ok
20:16:53.0066 2584 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:16:53.0136 2584 PNRPAutoReg - ok
20:16:53.0156 2584 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:16:53.0206 2584 PNRPsvc - ok
20:16:53.0286 2584 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:16:53.0396 2584 PolicyAgent - ok
20:16:53.0496 2584 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:16:53.0556 2584 PptpMiniport - ok
20:16:53.0596 2584 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
20:16:53.0636 2584 Processor - ok
20:16:53.0706 2584 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
20:16:53.0756 2584 ProfSvc - ok
20:16:53.0806 2584 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:16:53.0826 2584 ProtectedStorage - ok
20:16:53.0896 2584 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:16:53.0926 2584 PSched - ok
20:16:53.0996 2584 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
20:16:54.0016 2584 PxHelp20 - ok
20:16:54.0106 2584 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:16:54.0246 2584 ql2300 - ok
20:16:54.0366 2584 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:16:54.0376 2584 ql40xx - ok
20:16:54.0446 2584 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:16:54.0486 2584 QWAVE - ok
20:16:54.0516 2584 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:16:54.0536 2584 QWAVEdrv - ok
20:16:54.0726 2584 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
20:16:54.0936 2584 R300 - ok
20:16:55.0006 2584 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:16:55.0092 2584 RasAcd - ok
20:16:55.0181 2584 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:16:55.0231 2584 RasAuto - ok
20:16:55.0297 2584 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:16:55.0343 2584 Rasl2tp - ok
20:16:55.0436 2584 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
20:16:55.0468 2584 RasMan - ok
20:16:55.0550 2584 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:16:55.0587 2584 RasPppoe - ok
20:16:55.0656 2584 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:16:55.0675 2584 RasSstp - ok
20:16:55.0749 2584 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:16:55.0791 2584 rdbss - ok
20:16:55.0910 2584 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:16:55.0978 2584 RDPCDD - ok
20:16:56.0035 2584 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:16:56.0068 2584 rdpdr - ok
20:16:56.0135 2584 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:16:56.0180 2584 RDPENCDD - ok
20:16:56.0304 2584 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:16:56.0368 2584 RDPWD - ok
20:16:56.0421 2584 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:16:56.0452 2584 RemoteAccess - ok
20:16:56.0516 2584 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:16:56.0585 2584 RemoteRegistry - ok
20:16:56.0647 2584 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:16:56.0694 2584 RFCOMM - ok
20:16:56.0725 2584 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:16:56.0772 2584 RpcLocator - ok
20:16:56.0803 2584 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
20:16:56.0834 2584 RpcSs - ok
20:16:56.0881 2584 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:16:56.0912 2584 rspndr - ok
20:16:56.0973 2584 [ CB0BD9E10E3E244D312C106DEE1BBB93 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
20:16:57.0053 2584 RTL8169 - ok
20:16:57.0073 2584 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
20:16:57.0093 2584 SamSs - ok
20:16:57.0143 2584 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:16:57.0153 2584 sbp2port - ok
20:16:57.0243 2584 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:16:57.0333 2584 SCardSvr - ok
20:16:57.0443 2584 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
20:16:57.0553 2584 Schedule - ok
20:16:57.0583 2584 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:16:57.0603 2584 SCPolicySvc - ok
20:16:57.0663 2584 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:16:57.0703 2584 SDRSVC - ok
20:16:57.0733 2584 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:16:57.0793 2584 secdrv - ok
20:16:57.0903 2584 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:16:57.0953 2584 seclogon - ok
20:16:57.0973 2584 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
20:16:58.0033 2584 SENS - ok
20:16:58.0084 2584 [ 6CD8DC61304BF5CA16FE48DC3039CC05 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
20:16:58.0125 2584 Ser2pl - ok
20:16:58.0191 2584 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:16:58.0257 2584 Serenum - ok
20:16:58.0314 2584 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:16:58.0417 2584 Serial - ok
20:16:58.0499 2584 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:16:58.0530 2584 sermouse - ok
20:16:58.0593 2584 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
20:16:58.0627 2584 SessionEnv - ok
20:16:58.0750 2584 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:16:58.0791 2584 sffdisk - ok
20:16:58.0817 2584 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:16:58.0860 2584 sffp_mmc - ok
20:16:58.0897 2584 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:16:58.0926 2584 sffp_sd - ok
20:16:58.0947 2584 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:16:59.0014 2584 sfloppy - ok
20:16:59.0057 2584 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:16:59.0094 2584 SharedAccess - ok
20:16:59.0213 2584 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:16:59.0271 2584 ShellHWDetection - ok
20:16:59.0302 2584 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:16:59.0318 2584 sisagp - ok
20:16:59.0358 2584 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:16:59.0373 2584 SiSRaid2 - ok
20:16:59.0410 2584 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:16:59.0436 2584 SiSRaid4 - ok
20:16:59.0613 2584 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
20:16:59.0801 2584 slsvc - ok
20:16:59.0855 2584 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:16:59.0881 2584 SLUINotify - ok
20:16:59.0954 2584 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:17:00.0010 2584 Smb - ok
20:17:00.0078 2584 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:17:00.0108 2584 SNMPTRAP - ok
20:17:00.0146 2584 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
20:17:00.0162 2584 spldr - ok
20:17:00.0239 2584 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:17:00.0285 2584 Spooler - ok
20:17:00.0377 2584 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:17:00.0428 2584 srv - ok
20:17:00.0507 2584 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:17:00.0550 2584 srv2 - ok
20:17:00.0576 2584 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:17:00.0608 2584 srvnet - ok
20:17:00.0665 2584 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:17:00.0711 2584 SSDPSRV - ok
20:17:00.0781 2584 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:17:00.0792 2584 ssmdrv - ok
20:17:00.0823 2584 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:17:00.0851 2584 SstpSvc - ok
20:17:00.0952 2584 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
20:17:00.0998 2584 stisvc - ok
20:17:01.0076 2584 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:17:01.0092 2584 swenum - ok
20:17:01.0186 2584 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
20:17:01.0248 2584 swprv - ok
20:17:01.0279 2584 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:17:01.0299 2584 Symc8xx - ok
20:17:01.0329 2584 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:17:01.0349 2584 Sym_hi - ok
20:17:01.0379 2584 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:17:01.0389 2584 Sym_u3 - ok
20:17:01.0489 2584 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
20:17:01.0579 2584 SysMain - ok
20:17:01.0639 2584 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:17:01.0659 2584 TabletInputService - ok
20:17:01.0749 2584 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:17:01.0799 2584 TapiSrv - ok
20:17:01.0839 2584 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
20:17:01.0929 2584 TBS - ok
20:17:02.0039 2584 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:17:02.0089 2584 Tcpip - ok
20:17:02.0129 2584 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:17:02.0209 2584 Tcpip6 - ok
20:17:02.0289 2584 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:17:02.0339 2584 tcpipreg - ok
20:17:02.0389 2584 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:17:02.0429 2584 TDPIPE - ok
20:17:02.0459 2584 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:17:02.0509 2584 TDTCP - ok
20:17:02.0589 2584 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:17:02.0619 2584 tdx - ok
20:17:02.0699 2584 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:17:02.0709 2584 TermDD - ok
20:17:02.0749 2584 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
20:17:02.0849 2584 TermService - ok
20:17:02.0919 2584 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
20:17:02.0939 2584 Themes - ok
20:17:02.0949 2584 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
20:17:02.0989 2584 THREADORDER - ok
20:17:03.0049 2584 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
20:17:03.0089 2584 TrkWks - ok
20:17:03.0199 2584 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:17:03.0249 2584 TrustedInstaller - ok
20:17:03.0289 2584 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:17:03.0339 2584 tssecsrv - ok
20:17:03.0389 2584 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:17:03.0429 2584 tunmp - ok
20:17:03.0499 2584 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:17:03.0529 2584 tunnel - ok
20:17:03.0569 2584 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:17:03.0599 2584 uagp35 - ok
20:17:03.0629 2584 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:17:03.0659 2584 udfs - ok
20:17:03.0719 2584 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:17:03.0749 2584 UI0Detect - ok
20:17:03.0799 2584 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:17:03.0819 2584 uliagpkx - ok
20:17:03.0869 2584 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:17:03.0889 2584 uliahci - ok
20:17:03.0939 2584 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:17:03.0979 2584 UlSata - ok
20:17:04.0009 2584 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:17:04.0029 2584 ulsata2 - ok
20:17:04.0069 2584 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:17:04.0113 2584 umbus - ok
20:17:04.0168 2584 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
20:17:04.0223 2584 upnphost - ok
20:17:04.0398 2584 [ 47D967B6F4C3870DA6859824FEFC3829 ] USB28xxBGA C:\Windows\system32\DRIVERS\emBDA.sys
20:17:04.0433 2584 USB28xxBGA - ok
20:17:04.0505 2584 [ 8B5ADDD61FB0F415337F04CAE2A5F532 ] USB28xxOEM C:\Windows\system32\DRIVERS\emOEM.sys
20:17:04.0545 2584 USB28xxOEM - ok
20:17:04.0640 2584 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:17:04.0647 2584 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
20:17:04.0647 2584 USBAAPL - detected UnsignedFile.Multi.Generic (1)
20:17:04.0730 2584 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:17:04.0779 2584 usbaudio - ok
20:17:04.0832 2584 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:17:04.0871 2584 usbccgp - ok
20:17:04.0911 2584 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:17:04.0983 2584 usbcir - ok
20:17:05.0042 2584 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:17:05.0074 2584 usbehci - ok
20:17:05.0103 2584 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:17:05.0148 2584 usbhub - ok
20:17:05.0184 2584 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:17:05.0235 2584 usbohci - ok
20:17:05.0302 2584 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:17:05.0350 2584 usbprint - ok
20:17:05.0433 2584 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:17:05.0457 2584 usbscan - ok
20:17:05.0502 2584 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:17:05.0542 2584 USBSTOR - ok
20:17:05.0565 2584 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:17:05.0590 2584 usbuhci - ok
20:17:05.0664 2584 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
20:17:05.0712 2584 UxSms - ok
20:17:05.0814 2584 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
20:17:05.0936 2584 vds - ok
20:17:05.0994 2584 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:17:06.0043 2584 vga - ok
20:17:06.0065 2584 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:17:06.0109 2584 VgaSave - ok
20:17:06.0149 2584 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:17:06.0165 2584 viaagp - ok
20:17:06.0207 2584 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:17:06.0238 2584 ViaC7 - ok
20:17:06.0272 2584 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
20:17:06.0300 2584 viaide - ok
20:17:06.0323 2584 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:17:06.0341 2584 volmgr - ok
20:17:06.0432 2584 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:17:06.0459 2584 volmgrx - ok
20:17:06.0566 2584 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:17:06.0591 2584 volsnap - ok
20:17:06.0625 2584 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:17:06.0662 2584 vsmraid - ok
20:17:06.0760 2584 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
20:17:06.0813 2584 VSS - ok
20:17:06.0872 2584 [ C466021D31FF6C0A6069D12299D80C0B ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
20:17:06.0971 2584 VSTHWBS2 - ok
20:17:07.0066 2584 [ EC36F1D542ED4252390D446BF6D4DFD0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:17:07.0278 2584 VST_DPV - ok
20:17:07.0354 2584 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
20:17:07.0398 2584 W32Time - ok
20:17:07.0455 2584 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:17:07.0520 2584 WacomPen - ok
20:17:07.0548 2584 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:17:07.0585 2584 Wanarp - ok
20:17:07.0598 2584 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:17:07.0623 2584 Wanarpv6 - ok
20:17:07.0702 2584 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:17:07.0767 2584 wcncsvc - ok
20:17:07.0837 2584 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:17:07.0932 2584 WcsPlugInService - ok
20:17:07.0965 2584 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
20:17:07.0981 2584 Wd - ok
20:17:08.0065 2584 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:17:08.0143 2584 Wdf01000 - ok
20:17:08.0200 2584 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:17:08.0245 2584 WdiServiceHost - ok
20:17:08.0260 2584 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:17:08.0300 2584 WdiSystemHost - ok
20:17:08.0373 2584 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
20:17:08.0396 2584 WebClient - ok
20:17:08.0474 2584 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:17:08.0528 2584 Wecsvc - ok
20:17:08.0559 2584 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:17:08.0604 2584 wercplsupport - ok
20:17:08.0676 2584 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
20:17:08.0705 2584 WerSvc - ok
20:17:08.0900 2584 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:17:08.0960 2584 winachsf - ok
20:17:09.0051 2584 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:17:09.0074 2584 WinDefend - ok
20:17:09.0097 2584 WinHttpAutoProxySvc - ok
20:17:09.0227 2584 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:17:09.0255 2584 Winmgmt - ok
20:17:09.0385 2584 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
20:17:09.0477 2584 WinRM - ok
20:17:09.0597 2584 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:17:09.0657 2584 Wlansvc - ok
20:17:09.0667 2584 wltrysvc - ok
20:17:09.0767 2584 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:17:09.0817 2584 WmiAcpi - ok
20:17:09.0917 2584 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:17:09.0947 2584 wmiApSrv - ok
20:17:10.0037 2584 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:17:10.0187 2584 WMPNetworkSvc - ok
20:17:10.0317 2584 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:17:10.0347 2584 WPCSvc - ok
20:17:10.0427 2584 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:17:10.0477 2584 WPDBusEnum - ok
20:17:10.0527 2584 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:17:10.0547 2584 WpdUsb - ok
20:17:10.0807 2584 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:17:10.0837 2584 WPFFontCache_v0400 - ok
20:17:10.0887 2584 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:17:10.0927 2584 ws2ifsl - ok
20:17:10.0997 2584 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
20:17:11.0027 2584 wscsvc - ok
20:17:11.0037 2584 WSearch - ok
20:17:11.0167 2584 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:17:11.0337 2584 wuauserv - ok
20:17:11.0527 2584 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:17:11.0537 2584 WudfPf - ok
20:17:11.0627 2584 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:17:11.0737 2584 WUDFRd - ok
20:17:11.0807 2584 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:17:11.0837 2584 wudfsvc - ok
20:17:11.0867 2584 ================ Scan global ===============================
20:17:11.0907 2584 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:17:11.0987 2584 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
20:17:12.0007 2584 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
20:17:12.0107 2584 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:17:12.0127 2584 [Global] - ok
20:17:12.0137 2584 ================ Scan MBR ==================================
20:17:12.0197 2584 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:17:12.0955 2584 \Device\Harddisk0\DR0 - ok
20:17:12.0960 2584 ================ Scan VBR ==================================
20:17:13.0000 2584 [ CF98A14ED9D91BEA6AB35E8CD0897592 ] \Device\Harddisk0\DR0\Partition1
20:17:13.0002 2584 \Device\Harddisk0\DR0\Partition1 - ok
20:17:13.0022 2584 [ A393B52E6A1ABDF9A03AAA0523E8EED8 ] \Device\Harddisk0\DR0\Partition2
20:17:13.0024 2584 \Device\Harddisk0\DR0\Partition2 - ok
20:17:13.0029 2584 ============================================================
20:17:13.0029 2584 Scan finished
20:17:13.0029 2584 ============================================================
20:17:13.0053 3576 Detected object count: 2
20:17:13.0053 3576 Actual detected object count: 2
20:17:27.0468 3576 BTHFILT ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:27.0468 3576 BTHFILT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:17:27.0468 3576 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
20:17:27.0468 3576 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 12.05.2013, 19:22

Hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

rocket77 · 12.05.2013, 20:16

Done! Aber mit einer Windows Fehlermeldung nach Stufe 50.

"PEV.exe funktioniert nicht mehr.
Das Programm wird aufgrund eines Fehlers geschlossen..."

Windows startet neu.

ComboFix Konsole:
1.) Bitte warten...
Kein Zugriff.

2.) Bereite Logdatei vor.
Starte keine anderen Programme, bevor ComboFix fertig ist.

Dann maulte nach dem Neustart natürlich erst mal mein Virenscanner und ich musste den Mauszeiger bewegen und 3x klicken bis alles wieder deaktiviert war.

Letztendlich wurde aber ein Logfile erstellt und ich habe es auch auf dem Desktop speichern können, aber jetzt kommt grad bei allem die Fehlermeldung bzgl. Registrierungsschlüssel. Internetexplorer geht nicht mehr auf, Outlook auch nicht.... Das Logfile auch nicht....

Fehlertext bei allem was ich anklicke: "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigem Vorgang zu unterziehen, der zum Löschen markiert wurde"

... ???

So hier also das Logfile:

Code:

ATTFilter

ComboFix 13-05-12.01 - Fritz 12.05.2013  20:41:35.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.2038.1045 [GMT 2:00]
ausgeführt von:: c:\users\Fritz\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
c:\users\Fritz\AppData\Local\assembly\tmp
c:\users\Fritz\AppData\Local\Skype\SkypePM.exe
c:\users\Fritz\AppData\Roaming\Help\coredb\storage
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-12 bis 2013-05-12  ))))))))))))))))))))))))))))))
.
.
2013-05-12 18:05 . 2012-08-21 11:01	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-05-12 18:04 . 2013-05-12 18:04	--------	d-----w-	c:\program files\iPod
2013-05-12 18:04 . 2013-05-12 18:05	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-12 18:04 . 2013-05-12 18:05	--------	d-----w-	c:\program files\iTunes
2013-05-12 17:54 . 2013-05-12 17:54	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-05-12 17:54 . 2013-05-12 17:54	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-05-12 17:54 . 2013-05-12 17:54	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-12 17:54 . 2013-05-12 17:54	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-12 17:54 . 2013-05-12 17:54	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-12 17:54 . 2013-05-12 17:54	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-12 17:54 . 2013-05-12 17:54	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-12 17:53 . 2013-05-12 17:54	--------	d-----w-	c:\program files\quicktime
2013-05-11 14:37 . 2013-04-10 03:08	6906960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6C23079-6D32-4726-B631-954266453581}\mpengine.dll
2013-04-24 10:15 . 2013-03-03 19:07	1082232	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-16 07:22 . 2013-03-05 01:40	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-04-16 07:22 . 2013-03-08 03:52	2067968	----a-w-	c:\windows\system32\mstscax.dll
2013-04-16 07:22 . 2013-03-08 03:53	376320	----a-w-	c:\windows\system32\winsrv.dll
2013-04-16 07:22 . 2013-03-11 13:25	3603816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-16 07:22 . 2013-03-11 13:25	3551080	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-16 07:22 . 2013-03-09 03:45	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-16 07:22 . 2013-03-09 01:28	64000	----a-w-	c:\windows\system32\smss.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2009-10-03 08:08	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-02 14:09 . 2013-04-02 14:09	4550656	----a-w-	c:\windows\system32\GPhotos.scr
2013-03-13 09:32 . 2012-05-02 16:27	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-13 09:32 . 2011-07-14 09:27	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 01:57 . 2013-03-22 07:57	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-21 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files\quicktime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\T-Online\DSL-Manager\DslMgr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Fritz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"HeavyWeatherPublisher"=c:\heavyweather\HeavyWeatherPublisher.exe -minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-16 21:05	1642448	----a-w-	c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 09:32]
.
2013-05-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-21 08:43]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 15:55]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 15:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-SkypePM - c:\users\Fritz\AppData\Local\Skype\SkypePM.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-HeavyWeatherPublisher - c:\heavyweather\HeavyWeatherPublisher.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-12 20:54
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\avmailc.exe
c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
c:\windows\system32\conime.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-12  21:03:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-12 19:03
.
Vor Suchlauf: 15 Verzeichnis(se), 27.257.442.304 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 27.164.667.904 Bytes frei
.
- - End Of File - - 93725956BB7AD699025267A222BCB27A

markusg · 13.05.2013, 12:18

Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Hilfe beim Entfernen des GVU Trojaner 2013

Plagegeister aller Art und deren Bekämpfung: Hilfe beim Entfernen des GVU Trojaner 2013