GVU Trojaner, Vista 32bit

PCkaputt · 04.06.2013, 15:43

Ich habe seit gestern Abend den GVU Trojaner ähnlich der Version 2.07: botfrei.de - Die BKA-Trojaner Galerie
Lade gerade die OTLPENET version von Oldtimer runter, wie bereits oft gelesen.
Nachdem ich sie auf eine CD gebrannt habe wie beschrieben, und sich ein hilfsbereiter Computerspezialist gemeldet hat, würde ich meinen infizierten Rechner mit der CD booten und die logdatein hier hochladen...

Vielen Dank im Vorraus

edit: verlinkung krieg ich leider nicht hin, deshalb hier nochmals normal: hxxp://bka-trojaner.de/

markusg · 04.06.2013, 15:45

Hi
eig währe es besser gewesen, das log zu posten, denn wenn du es jetzt angehangen hättest, hätte es passieren können, dass du deinen beitrag selbst beantwortest und so länger warten musst.
Also, Log erstellen, und anhängen bitte :-)

PCkaputt · 05.06.2013, 15:16

Danke dass du dich dem Problem annimmst, tut mir leid das es so lange mit der antwort gedauert hat..
Hab leider nur ein logfile von OTL bekommen und nicht Extras.txt , ist das normal??
Wenn ich was falsch gemacht hab, bessere ich mich gerne

OTL.txt Logfile:

Code:

ATTFilter

OTL logfile created on: 6/5/2013 5:56:55 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Ultimate Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.14 Gb Total Space | 9.54 Gb Free Space | 12.21% Space Free | Partition Type: NTFS
Drive D: | 219.73 Gb Total Space | 78.12 Gb Free Space | 35.55% Space Free | Partition Type: NTFS
Drive E: | 167.89 Gb Total Space | 55.45 Gb Free Space | 33.03% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/16 15:10:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 07:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/10 16:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/04 07:34:11 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/02 08:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/18 08:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2009/11/16 21:12:00 | 003,596,060 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\System32\GameMon.des -- (npggsvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (XDva380)
DRV - File not found [Kernel | On_Demand] --  -- (XDva347)
DRV - File not found [Kernel | On_Demand] --  -- (XDva309)
DRV - File not found [Kernel | Auto] --  -- (TVicPort)
DRV - File not found [Kernel | On_Demand] --  -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand] --  -- (RTL8192cu)
DRV - File not found [Kernel | On_Demand] --  -- (Profos)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (NTACCESS)
DRV - File not found [Kernel | On_Demand] --  -- (NPF)
DRV - File not found [Kernel | On_Demand] --  -- (netr28u)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand] --  -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] --  -- (EagleNT)
DRV - File not found [Kernel | On_Demand] --  -- (ByakkoDriver)
DRV - File not found [Kernel | On_Demand] --  -- (BVRPMPR5)
DRV - File not found [Kernel | On_Demand] --  -- (BCMH43XX)
DRV - [2013/02/10 13:19:31 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2013/02/10 13:19:31 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012/10/10 16:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/01 09:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/17 11:02:02 | 000,335,872 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rt61.sys -- (RT61)
DRV - [2009/03/18 12:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/15 21:12:20 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/05/11 13:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2007/04/23 04:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/04/03 04:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007/03/26 13:46:00 | 000,827,776 | ---- | M] (Hauppauge Computer Works inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HCW713x.sys -- (HCW713x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\MeinName_ON_C\Software\Microsoft\Internet Explorer\Main,Default Download Directory = E:\Downloads
IE - HKU\MeinName_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.die-staemme.de/
IE - HKU\MeinName_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\MeinName_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\MeinName_ON_C\..\URLSearchHook: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677} - Reg Error: Key error. File not found
IE - HKU\MeinName_ON_C\..\URLSearchHook: {e0dcd7a1-949c-490a-bd7b-d733c2bda820} - Reg Error: Key error. File not found
IE - HKU\MeinName_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/?gl=DE&hl=de"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "107.7.144.62"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "107.7.144.62"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "107.7.144.62"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "107.7.144.62"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame:  File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: D:\Sonstiges\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\MeinName\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012/12/06 09:27:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Firefox\plugins
 
[2012/03/29 11:21:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MeinName\AppData\Roaming\Mozilla\Extensions
[2013/03/03 10:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MeinName\AppData\Roaming\Mozilla\Firefox\Profiles\zoll99kt.default\extensions
File not found (No name found) -- 
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\MeinName_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\MeinName_ON_C\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\MeinName_ON_C\..\Toolbar\WebBrowser: (no name) - {C7478D43-2BD5-4844-98B8-C2A6AA9ED677} - No CLSID value found.
O3 - HKU\MeinName_ON_C\..\Toolbar\WebBrowser: (no name) - {E0DCD7A1-949C-490A-BD7B-D733C2BDA820} - No CLSID value found.
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\MeinName_ON_C..\Run: [Facebook Update] C:\Users\MeinName\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\MeinName_ON_C..\Run: [noc] C:\Users\MeinName\AppData\Roaming\noc\dan.bat ()
O4 - HKU\MeinName_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\MeinName\hu17hbdupes80.exe (Adobe Systems Incorporated)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\MeinName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Free YouTube Download - C:\Users\MeinName\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\MeinName\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - d:\Office2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - d:\Office2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\MeinName_ON_C Winlogon: Shell - (cmd.exe) - C:\Windows\System32\cmd.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: E:\Pictures\Hangman.jpg
O24 - Desktop BackupWallPaper: E:\Pictures\Hangman.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5e8267c1-4259-11df-9305-001cc047260a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe
O33 - MountPoints2\{5e8267c1-4259-11df-9305-001cc047260a}\Shell\Open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe
O33 - MountPoints2\{a164cd5e-dce4-11dd-8d58-001cc047260a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe
O33 - MountPoints2\{a164cd5e-dce4-11dd-8d58-001cc047260a}\Shell\Open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe
O33 - MountPoints2\{b035b39f-d2bc-11de-a7d0-001cc047260a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe
O33 - MountPoints2\{b035b39f-d2bc-11de-a7d0-001cc047260a}\Shell\Open\command - "" = H:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\svhost.exe
O33 - MountPoints2\{d1b67929-adb7-11dd-a546-001cc047260a}\Shell - "" = AutoRun
O33 - MountPoints2\{d1b67929-adb7-11dd-a546-001cc047260a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{efc5e14b-87f8-11e1-8c93-001cc047260a}\Shell - "" = AutoRun
O33 - MountPoints2\{efc5e14b-87f8-11e1-8c93-001cc047260a}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/05 17:49:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/03 09:49:20 | 000,000,000 | ---D | C] -- C:\Users\MeinName\AppData\Roaming\noc
[44 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/03 10:42:20 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 10:42:20 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 10:42:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/03 10:42:15 | 3481,755,648 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/03 10:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/03 09:49:41 | 000,393,534 | ---- | M] () -- C:\Users\MeinName\AppData\Roaming\2433f433
[2013/06/03 09:49:41 | 000,393,466 | ---- | M] () -- C:\Users\MeinName\AppData\Local\2433f433
[2013/06/03 09:49:41 | 000,393,463 | ---- | M] () -- C:\ProgramData\2433f433
[2013/06/03 09:17:05 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1610313911-269736585-3878416149-1000UA.job
[2013/06/02 12:17:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1610313911-269736585-3878416149-1000Core.job
[2013/05/30 08:04:36 | 000,001,144 | ---- | M] () -- C:\Users\MeinName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013/05/20 12:04:48 | 000,000,627 | ---- | M] () -- C:\Users\MeinName\Desktop\Seyonin.lnk
[2013/05/18 21:56:09 | 000,094,912 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/18 21:56:09 | 000,083,002 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/05/18 21:56:09 | 000,082,360 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2013/05/18 21:56:09 | 000,058,768 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/18 21:56:09 | 000,032,584 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/05/18 21:56:09 | 000,032,274 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2013/05/18 21:56:09 | 000,025,690 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/18 21:56:09 | 000,023,452 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/16 15:10:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/16 15:10:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013/06/03 10:42:15 | 3481,755,648 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/03 09:49:41 | 000,393,534 | ---- | C] () -- C:\Users\MeinName\AppData\Roaming\2433f433
[2013/06/03 09:49:41 | 000,393,466 | ---- | C] () -- C:\Users\MeinName\AppData\Local\2433f433
[2013/06/03 09:49:41 | 000,393,463 | ---- | C] () -- C:\ProgramData\2433f433
[2013/05/14 10:00:44 | 000,000,627 | ---- | C] () -- C:\Users\MeinName\Desktop\Seyonin.lnk
[2011/06/17 09:29:21 | 000,172,032 | ---- | C] () -- C:\Windows\WsBtn.dll
[2011/04/12 15:54:22 | 000,000,128 | ---- | C] () -- C:\ProgramData\~39706376r
[2011/04/12 15:54:22 | 000,000,096 | ---- | C] () -- C:\ProgramData\~39706376
[2011/04/12 15:51:24 | 000,000,336 | ---- | C] () -- C:\ProgramData\39706376
[2011/03/23 16:20:18 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010/02/04 17:39:33 | 000,004,096 | -H-- | C] () -- C:\Users\MeinName\AppData\Local\keyfile3.drm
[2009/12/30 18:45:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ImageSearchDLL.dll
[2009/08/02 16:52:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/02 16:52:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/02 16:51:59 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/07 07:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009/05/15 12:14:08 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/04/18 17:51:02 | 000,000,060 | -H-- | C] () -- C:\Users\MeinName\AppData\Roaming\AVSMediaPlayer.m3u
[2009/01/12 15:16:15 | 000,253,052 | -H-- | C] () -- C:\Users\MeinName\AppData\Local\wyuskiq_nav.dat
[2009/01/12 15:16:15 | 000,003,004 | -H-- | C] () -- C:\Users\MeinName\AppData\Local\wyuskiq.dat
[2009/01/12 15:16:15 | 000,000,330 | -H-- | C] () -- C:\Users\MeinName\AppData\Local\wyuskiq_navps.dat
[2008/12/19 11:33:00 | 000,253,052 | -H-- | C] () -- C:\Users\MeinName\AppData\Local\wuaiukc_nav.dat
[2008/12/19 11:33:00 | 000,005,694 | -H-- | C] () -- C:\Users\MeinName\AppData\Local\wuaiukc.dat
[2008/12/19 11:33:00 | 000,000,833 | -H-- | C] () -- C:\Users\MeinName\AppData\Local\wuaiukc_navps.dat
[2008/12/10 16:10:53 | 000,000,090 | ---- | C] () -- C:\Users\MeinName\AppData\Local\asmare.bat
[2008/12/03 05:46:55 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
[2008/11/26 16:02:37 | 000,002,041 | -H-- | C] () -- C:\Users\MeinName\AppData\Local\yioiqyo.dat
[2008/11/26 16:02:37 | 000,000,092 | ---- | C] () -- C:\Users\MeinName\AppData\Local\yioiqyo.bat
[2008/11/26 16:02:19 | 000,000,092 | ---- | C] () -- C:\Users\MeinName\AppData\Local\lcawcaqp.bat
[2008/11/08 18:49:54 | 000,000,552 | ---- | C] () -- C:\Users\MeinName\AppData\Local\d3d8caps.dat
[2008/10/07 15:13:34 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2008/10/07 15:13:34 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2008/10/07 15:13:34 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2008/10/07 15:13:34 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2008/10/07 15:13:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/09/07 12:26:47 | 000,130,560 | ---- | C] () -- C:\Users\MeinName\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/06 10:21:46 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/09/06 10:21:45 | 000,083,002 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/09/06 10:21:45 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2008/09/06 10:21:45 | 000,032,584 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/09/06 09:48:12 | 000,331,172 | ---- | C] () -- C:\Windows\System32\perfi010.dat
[2008/09/06 09:48:12 | 000,082,360 | ---- | C] () -- C:\Windows\System32\perfh010.dat
[2008/09/06 09:48:12 | 000,036,614 | ---- | C] () -- C:\Windows\System32\perfd010.dat
[2008/09/06 09:48:12 | 000,032,274 | ---- | C] () -- C:\Windows\System32\perfc010.dat
[2008/09/06 08:55:20 | 000,000,020 | -H-- | C] () -- C:\Users\MeinName\AppData\Roaming\AVSDVDPlayer.m3u
[2008/09/06 08:52:31 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/09/06 08:52:31 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/09/03 15:30:17 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/09/03 15:30:12 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008/09/03 15:29:50 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008/09/03 15:15:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/03 14:52:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/03 13:57:49 | 000,000,248 | ---- | C] () -- C:\Windows\HCWBlast_sav.ini
[2008/09/03 13:57:49 | 000,000,248 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2008/09/03 13:57:36 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2008/09/03 13:56:49 | 000,032,845 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/09/03 13:56:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2008/09/03 13:56:12 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/03 13:56:12 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/09/03 13:56:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2008/09/03 13:54:52 | 000,006,507 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2008/09/03 11:29:06 | 000,013,840 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2008/09/03 11:28:10 | 000,483,328 | ---- | C] () -- C:\Windows\System32\HookShield.dll
[2008/09/03 11:28:10 | 000,134,504 | ---- | C] () -- C:\Windows\System32\smdll.dll
[2008/09/03 11:28:10 | 000,040,960 | ---- | C] () -- C:\Windows\System32\executeosd.exe
[2008/09/03 11:28:10 | 000,036,200 | ---- | C] () -- C:\Windows\System32\Auxiliary.dll
[2008/09/03 11:28:09 | 000,462,848 | ---- | C] () -- C:\Windows\System32\HookMap.dll
[2008/09/03 11:25:34 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2008/09/03 11:16:00 | 000,001,356 | ---- | C] () -- C:\Users\MeinName\AppData\Local\d3d9caps.dat
[2008/01/21 04:24:09 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 04:24:09 | 000,094,912 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 04:24:09 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/01/21 04:24:09 | 000,025,690 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/20 22:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 08:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:46:27 | 000,375,224 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,058,768 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:33:01 | 000,023,452 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011/04/13 07:47:30 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Dev-Cpp
[2011/04/13 07:47:30 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\DNA
[2013/03/08 12:07:36 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Dropbox
[2012/05/18 05:39:09 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\DS-Timer
[2012/12/06 09:28:34 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\DVDVideoSoft
[2012/12/06 09:28:34 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/04/07 14:19:31 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Epizy
[2009/03/19 09:30:11 | 000,000,000 | -H-D | M] -- C:\Users\MeinName\AppData\Roaming\FOG Downloader
[2013/04/07 17:11:22 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Ilibop
[2008/11/02 06:29:47 | 000,000,000 | -H-D | M] -- C:\Users\MeinName\AppData\Roaming\IrfanView
[2008/12/28 15:40:24 | 000,000,000 | -H-D | M] -- C:\Users\MeinName\AppData\Roaming\Leadertech
[2010/05/04 10:23:58 | 000,000,000 | -H-D | M] -- C:\Users\MeinName\AppData\Roaming\letstunes
[2010/05/29 09:32:11 | 000,000,000 | -H-D | M] -- C:\Users\MeinName\AppData\Roaming\Locktime
[2010/11/26 14:57:00 | 000,000,000 | -H-D | M] -- C:\Users\MeinName\AppData\Roaming\LolClient
[2012/05/31 11:36:07 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\LolClient2
[2013/03/25 08:32:37 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Lyec
[2011/03/23 16:24:58 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\MAGIX
[2010/12/06 07:44:55 | 000,000,000 | -H-D | M] -- C:\Users\MeinName\AppData\Roaming\mathegrafix
[2011/04/13 07:47:30 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2013/01/03 13:13:13 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2013/06/03 09:49:27 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\noc
[2010/05/04 12:38:16 | 000,000,000 | -H-D | M] -- C:\Users\MeinName\AppData\Roaming\OfferBox
[2008/10/24 12:28:19 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\OpenOffice.org
[2011/09/25 12:08:50 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Opera
[2012/12/24 17:01:20 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Origin
[2011/05/22 11:57:03 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\PeerNetworking
[2013/04/07 14:19:31 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Sefyik
[2012/04/28 08:07:25 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Sony
[2010/07/25 13:08:42 | 000,000,000 | RHSD | M] -- C:\Users\MeinName\AppData\Roaming\sys32
[2012/06/14 09:56:39 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\TeamViewer
[2012/11/02 12:28:05 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\TS3Client
[2010/09/19 10:47:32 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Ubisoft
[2013/03/07 08:27:05 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Xiypqu
[2013/04/05 10:08:40 | 000,000,000 | ---D | M] -- C:\Users\MeinName\AppData\Roaming\Xyug
[2008/09/03 11:14:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/09/03 11:14:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/10/25 11:55:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2012/12/24 18:19:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008/09/03 11:14:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/07/30 15:08:15 | 000,000,000 | ---D | M] -- C:\ProgramData\GamesCampus
[2010/05/29 09:31:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Locktime
[2011/03/23 16:24:58 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2012/08/02 12:08:37 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2011/09/15 11:28:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Nexon
[2011/10/20 11:33:35 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonEU
[2012/12/24 18:19:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2009/05/15 12:14:08 | 000,000,000 | ---D | M] -- C:\ProgramData\SlySoft
[2012/04/16 16:47:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/09/03 11:14:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010/05/07 19:06:01 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:00:38 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/12/02 09:04:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2008/09/03 11:14:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/03/09 20:41:33 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/09/03 15:45:38 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2011/04/13 14:50:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\{FB59A495-CD75-474E-A13D-505D3850E85C}
[2013/06/02 12:17:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1610313911-269736585-3878416149-1000Core.job
[2013/06/03 09:17:05 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1610313911-269736585-3878416149-1000UA.job
[2013/06/02 12:20:10 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:B027501FFFF59A21
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

--- --- ---

markusg · 05.06.2013, 17:59

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - HKU\MeinName_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\MeinName\hu17hbdupes80.exe (Adobe Systems Incorporated)
O4 - HKU\MeinName_ON_C..\Run: [noc] C:\Users\MeinName\AppData\Roaming\noc\dan.bat ()
[2013/06/03 09:49:20 | 000,000,000 | ---D | C] -- C:\Users\MeinName\AppData\Roaming\noc
[2013/06/03 09:49:41 | 000,393,534 | ---- | M] () -- C:\Users\MeinName\AppData\Roaming\2433f433
[2013/06/03 09:49:41 | 000,393,466 | ---- | M] () -- C:\Users\MeinName\AppData\Local\2433f433
[2013/06/03 09:49:41 | 000,393,463 | ---- | C] () -- C:\ProgramData\2433f433
[2011/04/12 15:54:22 | 000,000,128 | ---- | C] () -- C:\ProgramData\~39706376r
[2011/04/12 15:54:22 | 000,000,096 | ---- | C] () -- C:\ProgramData\~39706376
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

du wirst jetzt ein Fehler der CMD.exe sehen, lass dich davon nicht verwirren.
öffne den Taskmanager via strg+alt+entf, gehe auf Anwendung, neuer Task, tippe:
Regedit.exe
enter
drücke f3, dort öffnet sich ein suchen feld. kopiere:
hu17hbdupes80
enter.
es sollte auf der rechten seite ein eintrag markiert werden klicke den passenen Eintrag auf der linken seite an, rechtsklick, exportieren.
speichere ihn zb auf dem desktop.
dann öffnest du wieder den taskmanager, neuer Task, startest firefox.exe
oder iexplore.exe
und lädst mir das .regfile hoch:
Trojaner-Board Upload Channel

PCkaputt · 06.06.2013, 14:46

Hab es nur bis zum fixfile hinbekommen, mein pc hat sich dann nicht neu gestartet und hat keinen cmd.exe fehlercode ausgespuckt.
Daraufhin hab ich das fixfile nochmals in den Benutzer Scan kopiert und abermals gefixt. Ist womöglich ein fehler gewesen?!? Aber hatte das so verstanden, als wenn der pc automatisch auf windows umspringt/neustartet??

Erstes Log:

Zitat:

========== OTL ==========
Registry key HKEY_USERS\MeinName_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Users\MeinName\hu17hbdupes80.exe not found.
Registry key HKEY_USERS\MeinName_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Users\MeinName\AppData\Roaming\noc\dan.bat not found.
Folder C:\Users\MeinName\AppData\Roaming\noc\ not found.
File C:\Users\MeinName\AppData\Roaming\2433f433 not found.
File C:\Users\MeinName\AppData\Local\2433f433 not found.
C:\ProgramData\2433f433 moved successfully.
C:\ProgramData\~39706376r moved successfully.
C:\ProgramData\~39706376 moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jacob

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jacob

User: Public

User: UpdatusUser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89733920 bytes

Total Files Cleaned = 86.00 mb

OTLPE by OldTimer - Version 3.1.48.0 log created on 06062013_182055

edit: Zweiter Log:

Zitat:

========== OTL ==========
Registry key HKEY_USERS\MeinName_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Users\MeinName\hu17hbdupes80.exe not found.
Registry key HKEY_USERS\MeinName_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Users\MeinName\AppData\Roaming\noc\dan.bat not found.
Folder C:\Users\MeinName\AppData\Roaming\noc\ not found.
File C:\Users\MeinName\AppData\Roaming\2433f433 not found.
File C:\Users\MeinName\AppData\Local\2433f433 not found.
File C:\ProgramData\2433f433 not found.
File C:\ProgramData\~39706376r not found.
File C:\ProgramData\~39706376 not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jacob

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jacob

User: Public

User: UpdatusUser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb

OTLPE by OldTimer - Version 3.1.48.0 log created on 06062013_183332

markusg · 08.06.2013, 16:24

heißt, pc startet im normalen Nutzeraccount?
dann:
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

PCkaputt · 08.06.2013, 17:44

Nein, startet sowohl unter abgesichertem Modus als auch unter normalem Start nicht unter dem Nutzernamen.
es kam keine cmd.exe Fehlermeldung, deswegen hab ich die registry Daten noch nicht wie beschrieben durchsucht.

markusg · 08.06.2013, 17:45

dann durchsuche die Registry mal bitte

PCkaputt · 08.06.2013, 20:23

Hab´s hochgeladen, müsste angekommen sein?!?

markusg · 08.06.2013, 20:27

wunderbar
navigiere zu:
[HKEY_USERS\Jacob_ON_C\Software\Microsoft\Command Processor]
auf der rechten Seite:
"AutoRun"="\"C:\\Users\\Jacob\\hu17hbdupes80.exe\""
rechtsklick, löschen, pc neustarten, Desktop sollte geladen werden

PCkaputt · 09.06.2013, 17:20

hab den pc jetzt im Desktop Menü gestartet, funktioniert alles soweit.
danke soweit schonmal, was muss ich als nächstes tun?

markusg · 09.06.2013, 17:23

Hi,
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

PCkaputt · 09.06.2013, 17:24

pc ist jetzt normal auf Desktop Version gestartet
danke soweit :-):-)
was muss ich als nächstes tun?

edit: alles klar poste den Log gleich hier, sry für den repost, mein Handy hat nicht schnell genug aktualisiert

markusg · 09.06.2013, 17:28

steht doch da.

PCkaputt · 09.06.2013, 17:42

hier das logfile:

Zitat:

01:36:58.0620 3180 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:36:58.0635 3180 ============================================================
01:36:58.0635 3180 Current date / time: 2013/06/10 01:36:58.0635
01:36:58.0636 3180 SystemInfo:
01:36:58.0636 3180
01:36:58.0636 3180 OS Version: 6.0.6002 ServicePack: 2.0
01:36:58.0636 3180 Product type: Workstation
01:36:58.0636 3180 ComputerName: GAMING-PC
01:36:58.0636 3180 UserName: Jacob
01:36:58.0636 3180 Windows directory: C:\Windows
01:36:58.0636 3180 System windows directory: C:\Windows
01:36:58.0636 3180 Processor architecture: Intel x86
01:36:58.0636 3180 Number of processors: 4
01:36:58.0636 3180 Page size: 0x1000
01:36:58.0636 3180 Boot type: Normal boot
01:36:58.0636 3180 ============================================================
01:36:59.0467 3180 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:36:59.0470 3180 Drive \Device\Harddisk1\DR2 - Size: 0xEE200000 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:36:59.0472 3180 ============================================================
01:36:59.0472 3180 \Device\Harddisk0\DR0:
01:36:59.0472 3180 MBR partitions:
01:36:59.0472 3180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C45999
01:36:59.0480 3180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C45A17, BlocksNum 0x1B7760C8
01:36:59.0499 3180 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x253BBB23, BlocksNum 0x14FC911E
01:36:59.0499 3180 \Device\Harddisk1\DR2:
01:36:59.0500 3180 MBR partitions:
01:36:59.0500 3180 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x468, BlocksNum 0x770B98
01:36:59.0500 3180 ============================================================
01:36:59.0521 3180 C: <-> \Device\Harddisk0\DR0\Partition1
01:36:59.0541 3180 D: <-> \Device\Harddisk0\DR0\Partition2
01:36:59.0564 3180 E: <-> \Device\Harddisk0\DR0\Partition3
01:36:59.0564 3180 ============================================================
01:36:59.0564 3180 Initialize success
01:36:59.0564 3180 ============================================================
01:37:05.0992 2908 ============================================================
01:37:05.0992 2908 Scan started
01:37:05.0992 2908 Mode: Manual; SigCheck; TDLFS;
01:37:05.0992 2908 ============================================================
01:37:06.0530 2908 ================ Scan system memory ========================
01:37:06.0530 2908 System memory - ok
01:37:06.0530 2908 ================ Scan services =============================
01:37:06.0676 2908 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
01:37:06.0771 2908 ACPI - ok
01:37:06.0835 2908 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
01:37:06.0846 2908 AdobeARMservice - ok
01:37:06.0903 2908 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:37:06.0914 2908 AdobeFlashPlayerUpdateSvc - ok
01:37:06.0948 2908 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:37:06.0966 2908 adp94xx - ok
01:37:06.0985 2908 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:37:06.0998 2908 adpahci - ok
01:37:07.0009 2908 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
01:37:07.0021 2908 adpu160m - ok
01:37:07.0032 2908 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:37:07.0043 2908 adpu320 - ok
01:37:07.0071 2908 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:37:07.0110 2908 AeLookupSvc - ok
01:37:07.0143 2908 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
01:37:07.0182 2908 AFD - ok
01:37:07.0210 2908 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:37:07.0220 2908 agp440 - ok
01:37:07.0230 2908 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
01:37:07.0242 2908 aic78xx - ok
01:37:07.0257 2908 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
01:37:07.0295 2908 ALG - ok
01:37:07.0332 2908 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
01:37:07.0342 2908 aliide - ok
01:37:07.0358 2908 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
01:37:07.0369 2908 amdagp - ok
01:37:07.0397 2908 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
01:37:07.0407 2908 amdide - ok
01:37:07.0432 2908 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
01:37:07.0473 2908 AmdK7 - ok
01:37:07.0484 2908 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:37:07.0525 2908 AmdK8 - ok
01:37:07.0554 2908 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
01:37:07.0578 2908 Appinfo - ok
01:37:07.0610 2908 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
01:37:07.0647 2908 AppMgmt - ok
01:37:07.0666 2908 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
01:37:07.0677 2908 arc - ok
01:37:07.0692 2908 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:37:07.0703 2908 arcsas - ok
01:37:07.0729 2908 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:37:07.0792 2908 AsyncMac - ok
01:37:07.0816 2908 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
01:37:07.0828 2908 atapi - ok
01:37:07.0855 2908 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:37:07.0890 2908 AudioEndpointBuilder - ok
01:37:07.0897 2908 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
01:37:07.0915 2908 Audiosrv - ok
01:37:07.0934 2908 BCMH43XX - ok
01:37:07.0965 2908 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
01:37:07.0996 2908 Beep - ok
01:37:08.0015 2908 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
01:37:08.0050 2908 blbdrive - ok
01:37:08.0088 2908 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:37:08.0106 2908 bowser - ok
01:37:08.0130 2908 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
01:37:08.0160 2908 BrFiltLo - ok
01:37:08.0177 2908 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
01:37:08.0193 2908 BrFiltUp - ok
01:37:08.0233 2908 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
01:37:08.0270 2908 Browser - ok
01:37:08.0296 2908 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
01:37:08.0346 2908 Brserid - ok
01:37:08.0361 2908 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
01:37:08.0406 2908 BrSerWdm - ok
01:37:08.0421 2908 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
01:37:08.0476 2908 BrUsbMdm - ok
01:37:08.0492 2908 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
01:37:08.0536 2908 BrUsbSer - ok
01:37:08.0551 2908 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:37:08.0598 2908 BTHMODEM - ok
01:37:08.0625 2908 BVRPMPR5 - ok
01:37:08.0710 2908 ByakkoDriver - ok
01:37:08.0726 2908 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:37:08.0766 2908 cdfs - ok
01:37:08.0789 2908 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:37:08.0821 2908 cdrom - ok
01:37:08.0852 2908 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
01:37:08.0891 2908 CertPropSvc - ok
01:37:08.0896 2908 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
01:37:08.0936 2908 circlass - ok
01:37:08.0960 2908 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
01:37:08.0976 2908 CLFS - ok
01:37:09.0021 2908 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:37:09.0031 2908 clr_optimization_v2.0.50727_32 - ok
01:37:09.0078 2908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:37:09.0089 2908 clr_optimization_v4.0.30319_32 - ok
01:37:09.0098 2908 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:37:09.0107 2908 cmdide - ok
01:37:09.0115 2908 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:37:09.0124 2908 Compbatt - ok
01:37:09.0137 2908 COMSysApp - ok
01:37:09.0145 2908 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:37:09.0155 2908 crcdisk - ok
01:37:09.0167 2908 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
01:37:09.0197 2908 Crusoe - ok
01:37:09.0220 2908 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:37:09.0243 2908 CryptSvc - ok
01:37:09.0263 2908 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
01:37:09.0301 2908 CSC - ok
01:37:09.0338 2908 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
01:37:09.0377 2908 CscService - ok
01:37:09.0414 2908 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:37:09.0447 2908 DcomLaunch - ok
01:37:09.0472 2908 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:37:09.0503 2908 DfsC - ok
01:37:09.0553 2908 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
01:37:09.0665 2908 DFSR - ok
01:37:09.0713 2908 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
01:37:09.0739 2908 Dhcp - ok
01:37:09.0792 2908 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
01:37:09.0803 2908 disk - ok
01:37:09.0821 2908 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:37:09.0844 2908 Dnscache - ok
01:37:09.0865 2908 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:37:09.0898 2908 dot3svc - ok
01:37:09.0921 2908 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
01:37:09.0949 2908 DPS - ok
01:37:09.0973 2908 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:37:10.0012 2908 drmkaud - ok
01:37:10.0037 2908 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:37:10.0068 2908 DXGKrnl - ok
01:37:10.0138 2908 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
01:37:10.0155 2908 e1express - ok
01:37:10.0173 2908 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
01:37:10.0209 2908 E1G60 - ok
01:37:10.0257 2908 EagleNT - ok
01:37:10.0281 2908 EagleXNt - ok
01:37:10.0308 2908 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
01:37:10.0345 2908 EapHost - ok
01:37:10.0360 2908 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
01:37:10.0372 2908 Ecache - ok
01:37:10.0452 2908 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:37:10.0482 2908 ehRecvr - ok
01:37:10.0506 2908 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
01:37:10.0564 2908 ehSched - ok
01:37:10.0603 2908 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
01:37:10.0622 2908 ehstart - ok
01:37:10.0654 2908 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:37:10.0675 2908 elxstor - ok
01:37:10.0706 2908 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
01:37:10.0731 2908 EMDMgmt - ok
01:37:10.0736 2908 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:37:10.0764 2908 ErrDev - ok
01:37:10.0792 2908 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
01:37:10.0833 2908 EventSystem - ok
01:37:10.0864 2908 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
01:37:10.0891 2908 exfat - ok
01:37:10.0904 2908 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:37:10.0933 2908 fastfat - ok
01:37:10.0958 2908 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
01:37:10.0996 2908 Fax - ok
01:37:11.0014 2908 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:37:11.0042 2908 fdc - ok
01:37:11.0051 2908 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
01:37:11.0073 2908 fdPHost - ok
01:37:11.0089 2908 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
01:37:11.0129 2908 FDResPub - ok
01:37:11.0146 2908 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:37:11.0156 2908 FileInfo - ok
01:37:11.0173 2908 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:37:11.0208 2908 Filetrace - ok
01:37:11.0216 2908 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:37:11.0249 2908 flpydisk - ok
01:37:11.0282 2908 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:37:11.0295 2908 FltMgr - ok
01:37:11.0326 2908 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
01:37:11.0368 2908 FontCache - ok
01:37:11.0436 2908 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:37:11.0444 2908 FontCache3.0.0.0 - ok
01:37:11.0454 2908 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:37:11.0493 2908 Fs_Rec - ok
01:37:11.0501 2908 [ FECF4C2E42440A8D132BF94EEE3C3FC9 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:37:11.0515 2908 fvevol - ok
01:37:11.0535 2908 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:37:11.0545 2908 gagp30kx - ok
01:37:11.0590 2908 [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
01:37:11.0602 2908 ggflt - ok
01:37:11.0630 2908 [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
01:37:11.0640 2908 ggsemc - ok
01:37:11.0647 2908 GMSIPCI - ok
01:37:11.0683 2908 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
01:37:11.0760 2908 gpsvc - ok
01:37:11.0782 2908 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
01:37:11.0794 2908 hamachi - ok
01:37:11.0845 2908 [ 8C518456A971B2C89D184DF8AD0018C9 ] HCW713x C:\Windows\system32\DRIVERS\HCW713x.sys
01:37:11.0903 2908 HCW713x - ok
01:37:11.0928 2908 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:37:11.0980 2908 HdAudAddService - ok
01:37:12.0018 2908 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:37:12.0059 2908 HDAudBus - ok
01:37:12.0087 2908 [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI C:\Windows\system32\DRIVERS\HECI.sys
01:37:12.0107 2908 HECI - ok
01:37:12.0134 2908 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:37:12.0180 2908 HidBth - ok
01:37:12.0185 2908 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
01:37:12.0238 2908 HidIr - ok
01:37:12.0276 2908 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
01:37:12.0298 2908 hidserv - ok
01:37:12.0316 2908 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:37:12.0332 2908 HidUsb - ok
01:37:12.0359 2908 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:37:12.0395 2908 hkmsvc - ok
01:37:12.0407 2908 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
01:37:12.0418 2908 HpCISSs - ok
01:37:12.0454 2908 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:37:12.0471 2908 HTTP - ok
01:37:12.0485 2908 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
01:37:12.0495 2908 i2omp - ok
01:37:12.0528 2908 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:37:12.0553 2908 i8042prt - ok
01:37:12.0573 2908 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
01:37:12.0590 2908 iaStorV - ok
01:37:12.0667 2908 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:37:12.0690 2908 IDriverT ( UnsignedFile.Multi.Generic ) - warning
01:37:12.0690 2908 IDriverT - detected UnsignedFile.Multi.Generic (1)
01:37:12.0900 2908 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:37:12.0955 2908 idsvc - ok
01:37:13.0002 2908 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:37:13.0012 2908 iirsp - ok
01:37:13.0108 2908 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
01:37:13.0140 2908 IKEEXT - ok
01:37:13.0293 2908 [ 251E85A3BAC210FFF6BAD3D1F33113E8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
01:37:13.0389 2908 IntcAzAudAddService - ok
01:37:13.0426 2908 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
01:37:13.0436 2908 intelide - ok
01:37:13.0459 2908 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:37:13.0492 2908 intelppm - ok
01:37:13.0517 2908 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:37:13.0540 2908 IPBusEnum - ok
01:37:13.0550 2908 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:37:13.0583 2908 IpFilterDriver - ok
01:37:13.0588 2908 IpInIp - ok
01:37:13.0604 2908 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
01:37:13.0634 2908 IPMIDRV - ok
01:37:13.0648 2908 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
01:37:13.0685 2908 IPNAT - ok
01:37:13.0698 2908 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:37:13.0733 2908 IRENUM - ok
01:37:13.0748 2908 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:37:13.0758 2908 isapnp - ok
01:37:13.0812 2908 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
01:37:13.0825 2908 iScsiPrt - ok
01:37:13.0849 2908 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
01:37:13.0858 2908 iteatapi - ok
01:37:13.0868 2908 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
01:37:13.0878 2908 iteraid - ok
01:37:13.0888 2908 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:37:13.0897 2908 kbdclass - ok
01:37:13.0925 2908 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:37:13.0958 2908 kbdhid - ok
01:37:13.0981 2908 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
01:37:13.0993 2908 KeyIso - ok
01:37:14.0036 2908 [ CE3958F58547454884E97BDA78CD7040 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
01:37:14.0049 2908 kl1 - ok
01:37:14.0072 2908 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:37:14.0098 2908 KSecDD - ok
01:37:14.0147 2908 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
01:37:14.0176 2908 KtmRm - ok
01:37:14.0205 2908 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
01:37:14.0218 2908 LanmanServer - ok
01:37:14.0249 2908 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:37:14.0264 2908 LanmanWorkstation - ok
01:37:14.0321 2908 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:37:14.0374 2908 lltdio - ok
01:37:14.0387 2908 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:37:14.0418 2908 lltdsvc - ok
01:37:14.0434 2908 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:37:14.0491 2908 lmhosts - ok
01:37:14.0508 2908 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:37:14.0518 2908 LSI_FC - ok
01:37:14.0530 2908 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:37:14.0541 2908 LSI_SAS - ok
01:37:14.0556 2908 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:37:14.0566 2908 LSI_SCSI - ok
01:37:14.0579 2908 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
01:37:14.0611 2908 luafv - ok
01:37:14.0629 2908 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:37:14.0648 2908 Mcx2Svc - ok
01:37:14.0679 2908 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
01:37:14.0688 2908 megasas - ok
01:37:14.0707 2908 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
01:37:14.0724 2908 MegaSR - ok
01:37:14.0747 2908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
01:37:14.0779 2908 MMCSS - ok
01:37:14.0795 2908 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
01:37:14.0829 2908 Modem - ok
01:37:14.0850 2908 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:37:14.0871 2908 monitor - ok
01:37:14.0884 2908 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:37:14.0893 2908 mouclass - ok
01:37:14.0898 2908 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:37:14.0932 2908 mouhid - ok
01:37:14.0944 2908 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
01:37:14.0955 2908 MountMgr - ok
01:37:14.0980 2908 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
01:37:14.0991 2908 mpio - ok
01:37:15.0020 2908 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:37:15.0049 2908 mpsdrv - ok
01:37:15.0067 2908 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
01:37:15.0077 2908 Mraid35x - ok
01:37:15.0138 2908 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:37:15.0163 2908 MRxDAV - ok
01:37:15.0193 2908 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:37:15.0213 2908 mrxsmb - ok
01:37:15.0240 2908 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:37:15.0268 2908 mrxsmb10 - ok
01:37:15.0299 2908 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:37:15.0328 2908 mrxsmb20 - ok
01:37:15.0356 2908 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
01:37:15.0366 2908 msahci - ok
01:37:15.0379 2908 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:37:15.0390 2908 msdsm - ok
01:37:15.0426 2908 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
01:37:15.0468 2908 MSDTC - ok
01:37:15.0490 2908 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:37:15.0522 2908 Msfs - ok
01:37:15.0528 2908 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:37:15.0538 2908 msisadrv - ok
01:37:15.0572 2908 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:37:15.0604 2908 MSiSCSI - ok
01:37:15.0609 2908 msiserver - ok
01:37:15.0634 2908 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:37:15.0661 2908 MSKSSRV - ok
01:37:15.0677 2908 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:37:15.0697 2908 MSPCLOCK - ok
01:37:15.0704 2908 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:37:15.0733 2908 MSPQM - ok
01:37:15.0776 2908 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:37:15.0789 2908 MsRPC - ok
01:37:15.0868 2908 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:37:15.0878 2908 mssmbios - ok
01:37:15.0886 2908 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:37:15.0907 2908 MSTEE - ok
01:37:15.0932 2908 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
01:37:15.0944 2908 Mup - ok
01:37:16.0081 2908 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
01:37:16.0108 2908 napagent - ok
01:37:16.0149 2908 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:37:16.0171 2908 NativeWifiP - ok
01:37:16.0200 2908 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:37:16.0226 2908 NDIS - ok
01:37:16.0246 2908 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:37:16.0277 2908 NdisTapi - ok
01:37:16.0281 2908 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:37:16.0313 2908 Ndisuio - ok
01:37:16.0340 2908 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:37:16.0368 2908 NdisWan - ok
01:37:16.0382 2908 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:37:16.0399 2908 NDProxy - ok
01:37:16.0409 2908 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:37:16.0444 2908 NetBIOS - ok
01:37:16.0469 2908 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
01:37:16.0485 2908 netbt - ok
01:37:16.0494 2908 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
01:37:16.0505 2908 Netlogon - ok
01:37:16.0529 2908 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
01:37:16.0571 2908 Netman - ok
01:37:16.0600 2908 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
01:37:16.0644 2908 netprofm - ok
01:37:16.0659 2908 netr28u - ok
01:37:16.0680 2908 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:37:16.0691 2908 NetTcpPortSharing - ok
01:37:16.0707 2908 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:37:16.0716 2908 nfrd960 - ok
01:37:16.0729 2908 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:37:16.0779 2908 NlaSvc - ok
01:37:16.0800 2908 NPF - ok
01:37:16.0820 2908 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:37:16.0845 2908 Npfs - ok
01:37:16.0859 2908 npggsvc - ok
01:37:16.0882 2908 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
01:37:16.0916 2908 nsi - ok
01:37:16.0928 2908 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:37:16.0956 2908 nsiproxy - ok
01:37:16.0961 2908 NTACCESS - ok
01:37:17.0008 2908 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:37:17.0048 2908 Ntfs - ok
01:37:17.0068 2908 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
01:37:17.0118 2908 ntrigdigi - ok
01:37:17.0134 2908 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
01:37:17.0155 2908 Null - ok
01:37:17.0378 2908 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:37:17.0656 2908 nvlddmkm - ok
01:37:17.0683 2908 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:37:17.0695 2908 nvraid - ok
01:37:17.0711 2908 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:37:17.0720 2908 nvstor - ok
01:37:17.0782 2908 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
01:37:17.0831 2908 nvsvc - ok
01:37:17.0935 2908 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:37:18.0027 2908 nvUpdatusService - ok
01:37:18.0055 2908 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:37:18.0066 2908 nv_agp - ok
01:37:18.0071 2908 NwlnkFlt - ok
01:37:18.0076 2908 NwlnkFwd - ok
01:37:18.0107 2908 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
01:37:18.0124 2908 ohci1394 - ok
01:37:18.0161 2908 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:37:18.0170 2908 ose - ok
01:37:18.0213 2908 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
01:37:18.0256 2908 p2pimsvc - ok
01:37:18.0265 2908 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
01:37:18.0293 2908 p2psvc - ok
01:37:18.0314 2908 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
01:37:18.0368 2908 Parport - ok
01:37:18.0393 2908 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:37:18.0405 2908 partmgr - ok
01:37:18.0420 2908 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
01:37:18.0472 2908 Parvdm - ok
01:37:18.0497 2908 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
01:37:18.0521 2908 PcaSvc - ok
01:37:18.0546 2908 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
01:37:18.0558 2908 pci - ok
01:37:18.0584 2908 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
01:37:18.0595 2908 pciide - ok
01:37:18.0665 2908 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:37:18.0675 2908 pcmcia - ok
01:37:18.0732 2908 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:37:18.0820 2908 PEAUTH - ok
01:37:18.0895 2908 [ 9F2F541C52CD7A452E235E885F7D95DE ] Ph3xIB32 C:\Windows\system32\DRIVERS\Ph3xIB32.sys
01:37:18.0945 2908 Ph3xIB32 - ok
01:37:19.0136 2908 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
01:37:19.0213 2908 pla - ok
01:37:19.0260 2908 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:37:19.0281 2908 PlugPlay - ok
01:37:19.0308 2908 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
01:37:19.0336 2908 PNRPAutoReg - ok
01:37:19.0346 2908 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
01:37:19.0371 2908 PNRPsvc - ok
01:37:19.0390 2908 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:37:19.0440 2908 PolicyAgent - ok
01:37:19.0476 2908 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:37:19.0511 2908 PptpMiniport - ok
01:37:19.0526 2908 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
01:37:19.0558 2908 Processor - ok
01:37:19.0634 2908 Profos - ok
01:37:19.0644 2908 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
01:37:19.0671 2908 ProfSvc - ok
01:37:19.0686 2908 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
01:37:19.0698 2908 ProtectedStorage - ok
01:37:19.0722 2908 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
01:37:19.0749 2908 PSched - ok
01:37:19.0784 2908 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:37:19.0818 2908 ql2300 - ok
01:37:19.0831 2908 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:37:19.0840 2908 ql40xx - ok
01:37:19.0865 2908 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
01:37:19.0879 2908 QWAVE - ok
01:37:19.0891 2908 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:37:19.0912 2908 QWAVEdrv - ok
01:37:19.0924 2908 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:37:19.0945 2908 RasAcd - ok
01:37:19.0951 2908 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
01:37:19.0985 2908 RasAuto - ok
01:37:20.0001 2908 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:37:20.0029 2908 Rasl2tp - ok
01:37:20.0070 2908 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
01:37:20.0099 2908 RasMan - ok
01:37:20.0130 2908 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:37:20.0158 2908 RasPppoe - ok
01:37:20.0179 2908 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:37:20.0198 2908 RasSstp - ok
01:37:20.0223 2908 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:37:20.0242 2908 rdbss - ok
01:37:20.0248 2908 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:37:20.0284 2908 RDPCDD - ok
01:37:20.0311 2908 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
01:37:20.0341 2908 rdpdr - ok
01:37:20.0355 2908 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:37:20.0393 2908 RDPENCDD - ok
01:37:20.0425 2908 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:37:20.0445 2908 RDPWD - ok
01:37:20.0461 2908 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:37:20.0493 2908 RemoteAccess - ok
01:37:20.0514 2908 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:37:20.0545 2908 RemoteRegistry - ok
01:37:20.0571 2908 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
01:37:20.0599 2908 RpcLocator - ok
01:37:20.0659 2908 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
01:37:20.0711 2908 RpcSs - ok
01:37:20.0731 2908 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:37:20.0779 2908 rspndr - ok
01:37:20.0815 2908 [ 7564B99E469D8E3782F5907E3D448F03 ] RT61 C:\Windows\system32\DRIVERS\RT61.sys
01:37:20.0829 2908 RT61 - ok
01:37:20.0844 2908 RTL8192cu - ok
01:37:20.0884 2908 [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
01:37:20.0896 2908 RtlProt - ok
01:37:20.0906 2908 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
01:37:20.0917 2908 SamSs - ok
01:37:20.0932 2908 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:37:20.0942 2908 sbp2port - ok
01:37:20.0967 2908 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:37:20.0997 2908 SCardSvr - ok
01:37:21.0033 2908 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
01:37:21.0080 2908 Schedule - ok
01:37:21.0091 2908 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
01:37:21.0109 2908 SCPolicySvc - ok
01:37:21.0134 2908 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:37:21.0147 2908 SDRSVC - ok
01:37:21.0203 2908 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
01:37:21.0215 2908 SeaPort - ok
01:37:21.0227 2908 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
01:37:21.0259 2908 seclogon - ok
01:37:21.0278 2908 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
01:37:21.0313 2908 SENS - ok
01:37:21.0332 2908 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:37:21.0366 2908 Serenum - ok
01:37:21.0388 2908 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:37:21.0420 2908 Serial - ok
01:37:21.0437 2908 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:37:21.0458 2908 sermouse - ok
01:37:21.0476 2908 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
01:37:21.0507 2908 SessionEnv - ok
01:37:21.0511 2908 SetupNTGLM7X - ok
01:37:21.0535 2908 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:37:21.0551 2908 sffdisk - ok
01:37:21.0564 2908 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:37:21.0595 2908 sffp_mmc - ok
01:37:21.0600 2908 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:37:21.0630 2908 sffp_sd - ok
01:37:21.0637 2908 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:37:21.0678 2908 sfloppy - ok
01:37:21.0711 2908 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:37:21.0735 2908 ShellHWDetection - ok
01:37:21.0752 2908 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
01:37:21.0763 2908 sisagp - ok
01:37:21.0771 2908 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
01:37:21.0782 2908 SiSRaid2 - ok
01:37:21.0798 2908 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:37:21.0809 2908 SiSRaid4 - ok
01:37:21.0850 2908 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
01:37:21.0862 2908 SkypeUpdate - ok
01:37:21.0958 2908 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
01:37:22.0078 2908 slsvc - ok
01:37:22.0097 2908 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
01:37:22.0126 2908 SLUINotify - ok
01:37:22.0154 2908 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:37:22.0184 2908 Smb - ok
01:37:22.0212 2908 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:37:22.0243 2908 SNMPTRAP - ok
01:37:22.0305 2908 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
01:37:22.0325 2908 Sony PC Companion ( UnsignedFile.Multi.Generic ) - warning
01:37:22.0326 2908 Sony PC Companion - detected UnsignedFile.Multi.Generic (1)
01:37:22.0365 2908 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
01:37:22.0375 2908 spldr - ok
01:37:22.0404 2908 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
01:37:22.0430 2908 Spooler - ok
01:37:22.0454 2908 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
01:37:22.0476 2908 srv - ok
01:37:22.0494 2908 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:37:22.0516 2908 srv2 - ok
01:37:22.0536 2908 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:37:22.0547 2908 srvnet - ok
01:37:22.0577 2908 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:37:22.0600 2908 SSDPSRV - ok
01:37:22.0636 2908 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:37:22.0661 2908 SstpSvc - ok
01:37:22.0676 2908 Steam Client Service - ok
01:37:22.0744 2908 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:37:22.0791 2908 Stereo Service - ok
01:37:22.0876 2908 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
01:37:22.0913 2908 stisvc - ok
01:37:22.0944 2908 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:37:22.0953 2908 swenum - ok
01:37:22.0991 2908 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
01:37:23.0021 2908 swprv - ok
01:37:23.0038 2908 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
01:37:23.0048 2908 Symc8xx - ok
01:37:23.0062 2908 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
01:37:23.0072 2908 Sym_hi - ok
01:37:23.0084 2908 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
01:37:23.0095 2908 Sym_u3 - ok
01:37:23.0128 2908 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
01:37:23.0168 2908 SysMain - ok
01:37:23.0193 2908 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:37:23.0212 2908 TabletInputService - ok
01:37:23.0239 2908 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:37:23.0258 2908 TapiSrv - ok
01:37:23.0271 2908 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
01:37:23.0293 2908 TBS - ok
01:37:23.0332 2908 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:37:23.0367 2908 Tcpip - ok
01:37:23.0380 2908 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
01:37:23.0418 2908 Tcpip6 - ok
01:37:23.0433 2908 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:37:23.0444 2908 tcpipreg - ok
01:37:23.0453 2908 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:37:23.0484 2908 TDPIPE - ok
01:37:23.0498 2908 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:37:23.0526 2908 TDTCP - ok
01:37:23.0535 2908 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:37:23.0568 2908 tdx - ok
01:37:23.0587 2908 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:37:23.0599 2908 TermDD - ok
01:37:23.0621 2908 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
01:37:23.0659 2908 TermService - ok
01:37:23.0677 2908 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
01:37:23.0692 2908 Themes - ok
01:37:23.0698 2908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
01:37:23.0720 2908 THREADORDER - ok
01:37:23.0741 2908 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
01:37:23.0776 2908 TrkWks - ok
01:37:23.0807 2908 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:37:23.0824 2908 TrustedInstaller - ok
01:37:23.0841 2908 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:37:23.0862 2908 tssecsrv - ok
01:37:23.0887 2908 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
01:37:23.0907 2908 tunmp - ok
01:37:23.0922 2908 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:37:23.0940 2908 tunnel - ok
01:37:23.0956 2908 TVicPort - ok
01:37:23.0978 2908 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:37:23.0990 2908 uagp35 - ok
01:37:24.0007 2908 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:37:24.0028 2908 udfs - ok
01:37:24.0042 2908 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:37:24.0076 2908 UI0Detect - ok
01:37:24.0124 2908 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:37:24.0135 2908 uliagpkx - ok
01:37:24.0150 2908 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
01:37:24.0163 2908 uliahci - ok
01:37:24.0176 2908 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
01:37:24.0186 2908 UlSata - ok
01:37:24.0196 2908 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
01:37:24.0206 2908 ulsata2 - ok
01:37:24.0219 2908 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:37:24.0254 2908 umbus - ok
01:37:24.0280 2908 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
01:37:24.0295 2908 UmRdpService - ok
01:37:24.0320 2908 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
01:37:24.0359 2908 upnphost - ok
01:37:24.0392 2908 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:37:24.0414 2908 usbaudio - ok
01:37:24.0444 2908 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:37:24.0469 2908 usbccgp - ok
01:37:24.0482 2908 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:37:24.0533 2908 usbcir - ok
01:37:24.0553 2908 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:37:24.0570 2908 usbehci - ok
01:37:24.0583 2908 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:37:24.0601 2908 usbhub - ok
01:37:24.0627 2908 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:37:24.0670 2908 usbohci - ok
01:37:24.0689 2908 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
01:37:24.0738 2908 usbprint - ok
01:37:24.0751 2908 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:37:24.0782 2908 USBSTOR - ok
01:37:24.0804 2908 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:37:24.0829 2908 usbuhci - ok
01:37:24.0856 2908 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
01:37:24.0884 2908 usb_rndisx - ok
01:37:24.0920 2908 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
01:37:24.0938 2908 UxSms - ok
01:37:24.0967 2908 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
01:37:25.0016 2908 vds - ok
01:37:25.0037 2908 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:37:25.0069 2908 vga - ok
01:37:25.0086 2908 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
01:37:25.0118 2908 VgaSave - ok
01:37:25.0147 2908 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
01:37:25.0156 2908 viaagp - ok
01:37:25.0169 2908 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
01:37:25.0200 2908 ViaC7 - ok
01:37:25.0225 2908 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
01:37:25.0235 2908 viaide - ok
01:37:25.0241 2908 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:37:25.0252 2908 volmgr - ok
01:37:25.0282 2908 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:37:25.0297 2908 volmgrx - ok
01:37:25.0321 2908 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:37:25.0334 2908 volsnap - ok
01:37:25.0360 2908 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:37:25.0371 2908 vsmraid - ok
01:37:25.0408 2908 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
01:37:25.0451 2908 VSS - ok
01:37:25.0488 2908 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
01:37:25.0519 2908 W32Time - ok
01:37:25.0526 2908 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:37:25.0569 2908 WacomPen - ok
01:37:25.0596 2908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
01:37:25.0627 2908 Wanarp - ok
01:37:25.0630 2908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:37:25.0648 2908 Wanarpv6 - ok
01:37:25.0673 2908 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
01:37:25.0704 2908 wbengine - ok
01:37:25.0729 2908 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:37:25.0755 2908 wcncsvc - ok
01:37:25.0782 2908 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:37:25.0823 2908 WcsPlugInService - ok
01:37:25.0847 2908 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
01:37:25.0857 2908 Wd - ok
01:37:25.0912 2908 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:37:25.0938 2908 Wdf01000 - ok
01:37:25.0954 2908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:37:26.0001 2908 WdiServiceHost - ok
01:37:26.0005 2908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:37:26.0028 2908 WdiSystemHost - ok
01:37:26.0069 2908 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
01:37:26.0091 2908 WebClient - ok
01:37:26.0117 2908 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:37:26.0143 2908 Wecsvc - ok
01:37:26.0155 2908 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:37:26.0185 2908 wercplsupport - ok
01:37:26.0208 2908 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
01:37:26.0227 2908 WerSvc - ok
01:37:26.0234 2908 WinHttpAutoProxySvc - ok
01:37:26.0347 2908 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:37:26.0372 2908 Winmgmt - ok
01:37:26.0420 2908 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
01:37:26.0485 2908 WinRM - ok
01:37:26.0532 2908 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:37:26.0588 2908 Wlansvc - ok
01:37:26.0607 2908 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:37:26.0645 2908 WmiAcpi - ok
01:37:26.0670 2908 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:37:26.0698 2908 wmiApSrv - ok
01:37:26.0765 2908 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
01:37:26.0806 2908 WMPNetworkSvc - ok
01:37:26.0824 2908 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:37:26.0846 2908 WPCSvc - ok
01:37:26.0869 2908 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:37:26.0883 2908 WPDBusEnum - ok
01:37:26.0915 2908 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
01:37:26.0938 2908 WpdUsb - ok
01:37:27.0017 2908 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:37:27.0045 2908 WPFFontCache_v0400 - ok
01:37:27.0064 2908 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:37:27.0097 2908 ws2ifsl - ok
01:37:27.0100 2908 WSearch - ok
01:37:27.0136 2908 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:37:27.0159 2908 WudfPf - ok
01:37:27.0178 2908 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:37:27.0190 2908 WUDFRd - ok
01:37:27.0222 2908 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:37:27.0257 2908 wudfsvc - ok
01:37:27.0270 2908 XDva309 - ok
01:37:27.0275 2908 XDva347 - ok
01:37:27.0282 2908 XDva380 - ok
01:37:27.0316 2908 [ A640C90B007762939507C28A021BE3B3 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
01:37:27.0343 2908 xusb21 - ok
01:37:27.0362 2908 ================ Scan global ===============================
01:37:27.0380 2908 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
01:37:27.0404 2908 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
01:37:27.0416 2908 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
01:37:27.0439 2908 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
01:37:27.0441 2908 [Global] - ok
01:37:27.0441 2908 ================ Scan MBR ==================================
01:37:27.0453 2908 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:37:27.0663 2908 \Device\Harddisk0\DR0 - ok
01:37:27.0669 2908 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR2
01:37:27.0806 2908 \Device\Harddisk1\DR2 - ok
01:37:27.0807 2908 ================ Scan VBR ==================================
01:37:27.0810 2908 [ AECA865D24655D370F20A03B5C8EB8CB ] \Device\Harddisk0\DR0\Partition1
01:37:27.0815 2908 \Device\Harddisk0\DR0\Partition1 - ok
01:37:27.0833 2908 [ AAAE1B8AA0F4E33737B9FAF35AFFF515 ] \Device\Harddisk0\DR0\Partition2
01:37:27.0834 2908 \Device\Harddisk0\DR0\Partition2 - ok
01:37:27.0851 2908 [ 7799FBA61660FB63F6B7FD426ABF4002 ] \Device\Harddisk0\DR0\Partition3
01:37:27.0852 2908 \Device\Harddisk0\DR0\Partition3 - ok
01:37:27.0856 2908 [ 2BD07FACA6683820BEC246915D2AFE80 ] \Device\Harddisk1\DR2\Partition1
01:37:27.0857 2908 \Device\Harddisk1\DR2\Partition1 - ok
01:37:27.0857 2908 ============================================================
01:37:27.0857 2908 Scan finished
01:37:27.0857 2908 ============================================================
01:37:27.0868 2624 Detected object count: 2
01:37:27.0868 2624 Actual detected object count: 2
01:39:13.0187 2624 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
01:39:13.0187 2624 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:39:13.0190 2624 Sony PC Companion ( UnsignedFile.Multi.Generic ) - skipped by user
01:39:13.0190 2624 Sony PC Companion ( UnsignedFile.Multi.Generic ) - User select action: Skip

04.06.2013, 15:45	#2
markusg /// Malware-holic	GVU Trojaner, Vista 32bit Hi eig währe es besser gewesen, das log zu posten, denn wenn du es jetzt angehangen hättest, hätte es passieren können, dass du deinen beitrag selbst beantwortest und so länger warten musst. Also, Log erstellen, und anhängen bitte :-) __________________ __________________

08.06.2013, 17:45	#8
markusg /// Malware-holic	GVU Trojaner, Vista 32bit dann durchsuche die Registry mal bitte __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

09.06.2013, 17:28	#14
markusg /// Malware-holic	GVU Trojaner, Vista 32bit steht doch da. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

GVU Trojaner, Vista 32bit

Log-Analyse und Auswertung: GVU Trojaner, Vista 32bit