| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unbekannter GVU-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2013, 14:08
| #1 |
| |  Unbekannter GVU-Trojaner Hallo liebes Forum, Ich muss vorab sagen, dass ich leider nur wenig Ahnung von PC´s habe und auch im Internet noch ein Neuling bin. Gestern habe ich mir auf meinem Laptop einen GVU-Virus gefangen. Ich habe bereits nach diesem Virus gegoogelt, aber keinen gefunden, der exakt so aussieht. Im Anhang findet ihr ein Foto davon. Links neben der IP springt manchmal noch die Webcam an. IP, Wohnort und Benutzername habe ich übermalt. Ich weiß gar nicht, wie und wo ich jetzt anfangen toll. Es wäre schön, wenn mir jemand helfen könnte. LG  |
|
12.07.2013, 14:11
| #2 |
| /// Malware-holic   |  Unbekannter GVU-Trojaner Hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
|
12.07.2013, 15:37
| #3 |
| | Unbekannter GVU-Trojaner Danke für deine Antwort!
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 01
Ran by SYSTEM on 12-07-2013 16:07:59
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IgfxTray] - C:\windows\system32\igfxtray.exe [167960 2010-12-19] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [391704 2010-12-19] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\windows\system32\igfxpers.exe [418328 2010-12-19] (Intel Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2010-12-13] (Conexant systems, Inc.)
HKLM\...\Run: [AmIcoSinglun64] - c:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-21] (Alcor Micro Corp.)
HKLM\...\Run: [fspuip] - %ProgramFiles%\FSP\fspuip.exe [4055552 2010-11-07] (Sentelic Corporation)
HKLM-x32\...\Run: [NUSB3MON] - "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [NortonOnlineBackup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1112920 2010-03-05] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1557160 2012-04-09] (Ask)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Maria\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKU\Maria\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-27] (Google Inc.)
HKU\Maria\...\Run: [Iriqexo] - C:\Users\Maria\AppData\Roaming\Ivcya\xiwe.exe [x]
HKU\Maria\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex [247968 2011-12-27] (Adobe Systems, Inc.)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll [226920 2010-12-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll [192616 2010-12-23] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\SRS PC Sound.lnk
ShortcutTarget: SRS PC Sound.lnk -> C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\Maria\AppData\Local\Temp\b34btbztdb0vavaw.exe (Microsoft Corporation)
==================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2010-12-10] ()
S2 CxAudMsg; C:\windows\system32\CxAudMsg64.exe [198784 2010-12-17] (Conexant Systems Inc.)
S2 DriveClone Network Client IBP; C:\Program Files\Time Stamp\IBP\fsloader.exe [126976 2009-08-17] ()
S2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-12-10] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-03-05] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-15] (Avira GmbH)
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [24152 2010-06-03] ()
S3 FARMNTIO; c:\windows\system32\drivers\farmntio.sys [24152 2010-06-03] ()
S2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2010-12-10] (PEGATRON)
S0 VVBackd5; C:\Windows\System32\Drivers\VVBackd5.sys [151128 2010-01-05] ()
S3 MGHwCtrl; \??\c:\Utility\Silent\MGHwCtrl.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-05 15:42 - 2013-07-05 15:42 - 00000000 ____D C:\FRST
2013-07-05 14:33 - 2013-07-05 14:33 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-05 14:33 - 2013-07-05 14:33 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-06-24 23:11 - 2013-04-16 23:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-24 23:11 - 2013-04-16 22:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 19233792 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 14327808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-21 16:43 - 2013-06-21 16:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-21 16:43 - 2013-06-21 16:43 - 02648064 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-21 16:43 - 2013-06-21 16:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-21 16:43 - 2013-06-21 16:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-21 16:43 - 2013-06-21 16:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-21 16:43 - 2013-06-21 16:43 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-21 16:43 - 2013-06-21 16:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-21 16:43 - 2013-06-21 16:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-21 16:43 - 2013-06-21 16:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-21 16:43 - 2013-06-21 16:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-21 16:42 - 2013-06-21 16:42 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-21 12:33 - 2013-06-21 15:01 - 00000000 ____D C:\Users\Maria\AppData\Roaming\TS3Client
2013-06-13 08:21 - 2013-05-12 21:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 08:21 - 2013-05-12 21:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 08:21 - 2013-05-12 21:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 08:21 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 08:21 - 2013-05-12 20:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-13 08:21 - 2013-05-12 20:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-13 08:21 - 2013-05-12 20:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-13 08:21 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 08:21 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-13 08:21 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-13 08:21 - 2013-05-09 21:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 08:21 - 2013-05-09 19:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-13 08:21 - 2013-05-07 22:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 08:21 - 2013-04-25 21:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 08:21 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-13 08:17 - 2013-04-25 15:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-13 08:17 - 2013-03-31 14:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-12 05:17 - 2011-12-24 14:42 - 00000529 __RSH C:\Windows\System32\VFsRegister
2013-07-12 04:57 - 2011-03-20 03:42 - 01359106 _____ C:\Windows\WindowsUpdate.log
2013-07-12 04:56 - 2011-12-27 10:47 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-12 04:46 - 2011-12-27 10:47 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-12 04:43 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 04:43 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 04:40 - 2011-03-20 03:36 - 00689786 _____ C:\Windows\System32\perfh010.dat
2013-07-12 04:40 - 2011-03-20 03:36 - 00127564 _____ C:\Windows\System32\perfc010.dat
2013-07-12 04:40 - 2011-03-20 03:30 - 00695108 _____ C:\Windows\System32\perfh00C.dat
2013-07-12 04:40 - 2011-03-20 03:30 - 00130560 _____ C:\Windows\System32\perfc00C.dat
2013-07-12 04:40 - 2011-03-20 03:24 - 00694132 _____ C:\Windows\System32\perfh00A.dat
2013-07-12 04:40 - 2011-03-20 03:24 - 00137482 _____ C:\Windows\System32\perfc00A.dat
2013-07-12 04:40 - 2011-03-20 03:17 - 00654844 _____ C:\Windows\System32\perfh007.dat
2013-07-12 04:40 - 2011-03-20 03:17 - 00130426 _____ C:\Windows\System32\perfc007.dat
2013-07-12 04:40 - 2009-07-13 21:13 - 03970296 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-12 04:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-07-07 05:53 - 2012-06-29 01:56 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-07-07 05:53 - 2011-03-20 04:22 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-07 05:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-07 05:51 - 2009-07-13 20:51 - 00061861 _____ C:\Windows\setupact.log
2013-07-05 15:42 - 2013-07-05 15:42 - 00000000 ____D C:\FRST
2013-07-05 14:33 - 2013-07-05 14:33 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-07-05 14:33 - 2013-07-05 14:33 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-06-22 06:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-22 06:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-22 06:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-22 06:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-22 06:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-21 16:57 - 2013-05-13 10:12 - 00022711 _____ C:\Windows\IE10_main.log
2013-06-21 16:43 - 2013-06-21 16:43 - 19233792 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 14327808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-21 16:43 - 2013-06-21 16:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-21 16:43 - 2013-06-21 16:43 - 02648064 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-21 16:43 - 2013-06-21 16:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-21 16:43 - 2013-06-21 16:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-21 16:43 - 2013-06-21 16:43 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-21 16:43 - 2013-06-21 16:43 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-21 16:43 - 2013-06-21 16:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-21 16:43 - 2013-06-21 16:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-21 16:43 - 2013-06-21 16:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-21 16:43 - 2013-06-21 16:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-21 16:43 - 2013-06-21 16:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-21 16:43 - 2013-06-21 16:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-21 16:42 - 2013-06-21 16:42 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 02776576 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01682432 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01238528 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01175552 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00648192 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00522752 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00333312 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00245248 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00194560 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-21 16:42 - 2013-06-21 16:42 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-21 15:01 - 2013-06-21 12:33 - 00000000 ____D C:\Users\Maria\AppData\Roaming\TS3Client
2013-06-21 12:58 - 2011-12-27 10:57 - 00002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-13 08:04 - 2009-07-13 21:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
Files to move or delete:
====================
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 4008.21 MB
Available physical RAM: 3393.04 MB
Total Pagefile: 4006.36 MB
Available Pagefile: 3384.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (OS_Install) (Fixed) (Total:167.45 GB) (Free:49.44 GB) NTFS (Disk=0 Partition=3)
Drive e: (Data) (Fixed) (Total:118.54 GB) (Free:118.41 GB) NTFS (Disk=0 Partition=4)
Drive f: (BIOS_RVY) (Fixed) (Total:12 GB) (Free:2.25 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:3.74 GB) (Free:3.01 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 3361844E)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 02F65423)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-07-07 03:08
==================== End Of Log ============================
|
|
12.07.2013, 15:44
| #4 |
| /// Malware-holic | Unbekannter GVU-Trojaner 1. Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\Maria\AppData\Local\Temp\b34btbztdb0vavaw.exe (Microsoft Corporation)
C:\Users\Maria\AppData\Local\Temp\b34btbztdb0vavaw.exe
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. starte dann in den normalen Modus. 2. Öffne bitte Computer. Navigiere bitte zu: C:\FRST\Quarantine Rechtsklick, mit Winrar oder einem anderen Archvierer packen und im Uploadchannel hochladen. Trojaner-Board Upload Channel
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.07.2013, 16:08
| #5 |
| | Unbekannter GVU-Trojaner So hier die Textdatei! Danke! Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-07-2013 01
Ran by SYSTEM at 2013-07-12 16:55:31 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully.
C:\Users\Maria\AppData\Local\Temp\b34btbztdb0vavaw.exe => Moved successfully.
"C:\Users\Maria\AppData\Local\Temp\b34btbztdb0vavaw.exe" => File/Directory not found.
C:\ProgramData\wavav0bdtzbtb43b.bat => Moved successfully.
C:\ProgramData\wavav0bdtzbtb43b.reg => Moved successfully.
==== End of Fixlog ====
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-07-2013 01
Ran by SYSTEM at 2013-07-12 16:55:31 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully.
C:\Users\Maria\AppData\Local\Temp\b34btbztdb0vavaw.exe => Moved successfully.
"C:\Users\Maria\AppData\Local\Temp\b34btbztdb0vavaw.exe" => File/Directory not found.
C:\ProgramData\wavav0bdtzbtb43b.bat => Moved successfully.
C:\ProgramData\wavav0bdtzbtb43b.reg => Moved successfully.
==== End of Fixlog ====
|
|
12.07.2013, 16:10
| #6 |
| /// Malware-holic | Unbekannter GVU-Trojaner Danke fürs hochladen, der normale Modus geht? Dann: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Unbekannter GVU-Trojaner |
|
12.07.2013, 16:23
| #7 |
| | Unbekannter GVU-Trojaner Ja! Der normale Modus läuft wieder! Juhu! Code:
ATTFilter
17:16:25.0552 4972 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:16:25.0567 4972 ============================================================
17:16:25.0567 4972 Current date / time: 2013/07/12 17:16:25.0567
17:16:25.0567 4972 SystemInfo:
17:16:25.0567 4972
17:16:25.0567 4972 OS Version: 6.1.7601 ServicePack: 1.0
17:16:25.0567 4972 Product type: Workstation
17:16:25.0567 4972 ComputerName: MARIA-MSI
17:16:25.0567 4972 UserName: Maria
17:16:25.0567 4972 Windows directory: C:\windows
17:16:25.0567 4972 System windows directory: C:\windows
17:16:25.0567 4972 Running under WOW64
17:16:25.0567 4972 Processor architecture: Intel x64
17:16:25.0567 4972 Number of processors: 4
17:16:25.0567 4972 Page size: 0x1000
17:16:25.0567 4972 Boot type: Normal boot
17:16:25.0567 4972 ============================================================
17:16:26.0425 4972 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:16:26.0441 4972 Drive \Device\Harddisk1\DR2 - Size: 0xF0100000 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:16:26.0441 4972 ============================================================
17:16:26.0441 4972 \Device\Harddisk0\DR0:
17:16:26.0441 4972 MBR partitions:
17:16:26.0441 4972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
17:16:26.0488 4972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1833000, BlocksNum 0x14EE77D3
17:16:26.0519 4972 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1671A800, BlocksNum 0xED142B0
17:16:26.0519 4972 \Device\Harddisk1\DR2:
17:16:26.0519 4972 MBR partitions:
17:16:26.0519 4972 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0xAB0, BlocksNum 0x77FD50
17:16:26.0519 4972 ============================================================
17:16:26.0534 4972 C: <-> \Device\Harddisk0\DR0\Partition2
17:16:26.0566 4972 D: <-> \Device\Harddisk0\DR0\Partition3
17:16:26.0566 4972 ============================================================
17:16:26.0566 4972 Initialize success
17:16:26.0566 4972 ============================================================
17:17:29.0636 3272 ============================================================
17:17:29.0636 3272 Scan started
17:17:29.0636 3272 Mode: Manual; SigCheck; TDLFS;
17:17:29.0636 3272 ============================================================
17:17:30.0120 3272 ================ Scan system memory ========================
17:17:30.0120 3272 System memory - ok
17:17:30.0120 3272 ================ Scan services =============================
17:17:30.0526 3272 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:17:30.0619 3272 1394ohci - ok
17:17:30.0666 3272 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:17:30.0682 3272 ACPI - ok
17:17:30.0728 3272 [ 12C5274CD87449A2A37A607CDB321922 ] acpials C:\windows\system32\DRIVERS\acpials.sys
17:17:30.0775 3272 acpials - ok
17:17:30.0806 3272 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:17:30.0853 3272 AcpiPmi - ok
17:17:30.0994 3272 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:17:30.0994 3272 AdobeARMservice - ok
17:17:31.0056 3272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
17:17:31.0087 3272 adp94xx - ok
17:17:31.0134 3272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
17:17:31.0165 3272 adpahci - ok
17:17:31.0165 3272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
17:17:31.0196 3272 adpu320 - ok
17:17:31.0228 3272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:17:31.0321 3272 AeLookupSvc - ok
17:17:31.0430 3272 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
17:17:31.0477 3272 AFD - ok
17:17:31.0524 3272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
17:17:31.0540 3272 agp440 - ok
17:17:31.0586 3272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
17:17:31.0618 3272 ALG - ok
17:17:31.0649 3272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
17:17:31.0664 3272 aliide - ok
17:17:31.0664 3272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
17:17:31.0680 3272 amdide - ok
17:17:31.0742 3272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
17:17:31.0789 3272 AmdK8 - ok
17:17:31.0805 3272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
17:17:31.0852 3272 AmdPPM - ok
17:17:31.0883 3272 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:17:31.0898 3272 amdsata - ok
17:17:31.0914 3272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
17:17:31.0945 3272 amdsbs - ok
17:17:31.0945 3272 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:17:31.0961 3272 amdxata - ok
17:17:32.0179 3272 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:17:32.0179 3272 AntiVirSchedulerService - ok
17:17:32.0226 3272 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:17:32.0242 3272 AntiVirService - ok
17:17:32.0273 3272 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
17:17:32.0335 3272 AppID - ok
17:17:32.0382 3272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:17:32.0444 3272 AppIDSvc - ok
17:17:32.0491 3272 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll
17:17:32.0554 3272 Appinfo - ok
17:17:32.0725 3272 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:17:32.0741 3272 Apple Mobile Device - ok
17:17:32.0772 3272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
17:17:32.0788 3272 arc - ok
17:17:32.0803 3272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
17:17:32.0819 3272 arcsas - ok
17:17:32.0881 3272 [ EFD89582B55DD32DC79C1A4EB54612A1 ] ASLDRService C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
17:17:32.0897 3272 ASLDRService - ok
17:17:32.0928 3272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:17:32.0990 3272 AsyncMac - ok
17:17:33.0068 3272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
17:17:33.0084 3272 atapi - ok
17:17:33.0178 3272 [ 2D28D572F2BC7A27DDA78BBD09219F0F ] athr C:\windows\system32\DRIVERS\athrx.sys
17:17:33.0287 3272 athr - ok
17:17:33.0349 3272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:17:33.0412 3272 AudioEndpointBuilder - ok
17:17:33.0443 3272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
17:17:33.0490 3272 AudioSrv - ok
17:17:33.0568 3272 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
17:17:33.0583 3272 avgntflt - ok
17:17:33.0646 3272 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
17:17:33.0661 3272 avipbb - ok
17:17:33.0692 3272 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
17:17:33.0708 3272 avkmgr - ok
17:17:33.0755 3272 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
17:17:33.0802 3272 AxInstSV - ok
17:17:33.0848 3272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
17:17:33.0895 3272 b06bdrv - ok
17:17:33.0942 3272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:17:34.0004 3272 b57nd60a - ok
17:17:34.0082 3272 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
17:17:34.0098 3272 BBSvc - ok
17:17:34.0176 3272 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
17:17:34.0192 3272 BBUpdate - ok
17:17:34.0238 3272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
17:17:34.0270 3272 BDESVC - ok
17:17:34.0332 3272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
17:17:34.0394 3272 Beep - ok
17:17:34.0472 3272 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
17:17:34.0566 3272 BFE - ok
17:17:34.0613 3272 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
17:17:34.0691 3272 BITS - ok
17:17:34.0738 3272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:17:34.0769 3272 blbdrive - ok
17:17:34.0925 3272 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:17:34.0940 3272 Bonjour Service - ok
17:17:34.0972 3272 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:17:35.0003 3272 bowser - ok
17:17:35.0034 3272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
17:17:35.0065 3272 BrFiltLo - ok
17:17:35.0081 3272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
17:17:35.0128 3272 BrFiltUp - ok
17:17:35.0174 3272 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
17:17:35.0190 3272 Browser - ok
17:17:35.0206 3272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:17:35.0268 3272 Brserid - ok
17:17:35.0268 3272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:17:35.0284 3272 BrSerWdm - ok
17:17:35.0284 3272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:17:35.0330 3272 BrUsbMdm - ok
17:17:35.0330 3272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:17:35.0408 3272 BrUsbSer - ok
17:17:35.0408 3272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
17:17:35.0440 3272 BTHMODEM - ok
17:17:35.0518 3272 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
17:17:35.0627 3272 BTHPORT - ok
17:17:35.0674 3272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
17:17:35.0736 3272 bthserv - ok
17:17:35.0783 3272 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
17:17:35.0845 3272 BTHUSB - ok
17:17:35.0876 3272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:17:35.0954 3272 cdfs - ok
17:17:36.0017 3272 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
17:17:36.0048 3272 cdrom - ok
17:17:36.0095 3272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
17:17:36.0157 3272 CertPropSvc - ok
17:17:36.0157 3272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
17:17:36.0220 3272 circlass - ok
17:17:36.0235 3272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
17:17:36.0251 3272 CLFS - ok
17:17:36.0422 3272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:17:36.0438 3272 clr_optimization_v2.0.50727_32 - ok
17:17:36.0625 3272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:17:36.0641 3272 clr_optimization_v2.0.50727_64 - ok
17:17:36.0828 3272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:17:36.0859 3272 clr_optimization_v4.0.30319_32 - ok
17:17:37.0031 3272 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:17:37.0046 3272 clr_optimization_v4.0.30319_64 - ok
17:17:37.0078 3272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:17:37.0093 3272 CmBatt - ok
17:17:37.0124 3272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
17:17:37.0140 3272 cmdide - ok
17:17:37.0171 3272 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
17:17:37.0218 3272 CNG - ok
17:17:37.0312 3272 [ 1F394DF3714ED4280047810790E6DF69 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
17:17:37.0358 3272 CnxtHdAudService - ok
17:17:37.0374 3272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
17:17:37.0374 3272 Compbatt - ok
17:17:37.0405 3272 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
17:17:37.0436 3272 CompositeBus - ok
17:17:37.0452 3272 COMSysApp - ok
17:17:37.0468 3272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
17:17:37.0483 3272 crcdisk - ok
17:17:37.0530 3272 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\windows\system32\cryptsvc.dll
17:17:37.0561 3272 CryptSvc - ok
17:17:37.0670 3272 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:17:37.0686 3272 cvhsvc - ok
17:17:37.0717 3272 [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg C:\windows\system32\CxAudMsg64.exe
17:17:37.0733 3272 CxAudMsg - ok
17:17:37.0764 3272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
17:17:37.0826 3272 DcomLaunch - ok
17:17:37.0858 3272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
17:17:37.0920 3272 defragsvc - ok
17:17:37.0951 3272 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:17:38.0014 3272 DfsC - ok
17:17:38.0045 3272 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
17:17:38.0076 3272 Dhcp - ok
17:17:38.0092 3272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
17:17:38.0154 3272 discache - ok
17:17:38.0185 3272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
17:17:38.0201 3272 Disk - ok
17:17:38.0232 3272 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:17:38.0279 3272 Dnscache - ok
17:17:38.0310 3272 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
17:17:38.0372 3272 dot3svc - ok
17:17:38.0404 3272 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
17:17:38.0450 3272 DPS - ok
17:17:38.0622 3272 [ 3058482E48D268A2606BFF9B7FF5BE08 ] DriveClone Network Client IBP C:\Program Files\Time Stamp\IBP\fsloader.exe
17:17:38.0653 3272 DriveClone Network Client IBP ( UnsignedFile.Multi.Generic ) - warning
17:17:38.0653 3272 DriveClone Network Client IBP - detected UnsignedFile.Multi.Generic (1)
17:17:38.0669 3272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:17:38.0684 3272 drmkaud - ok
17:17:38.0747 3272 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:17:38.0778 3272 DXGKrnl - ok
17:17:38.0809 3272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
17:17:38.0872 3272 EapHost - ok
17:17:38.0950 3272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
17:17:39.0090 3272 ebdrv - ok
17:17:39.0137 3272 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
17:17:39.0152 3272 EFS - ok
17:17:39.0293 3272 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:17:39.0355 3272 ehRecvr - ok
17:17:39.0371 3272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
17:17:39.0418 3272 ehSched - ok
17:17:39.0449 3272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
17:17:39.0480 3272 elxstor - ok
17:17:39.0496 3272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
17:17:39.0511 3272 ErrDev - ok
17:17:39.0542 3272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
17:17:39.0589 3272 EventSystem - ok
17:17:39.0620 3272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
17:17:39.0667 3272 exfat - ok
17:17:39.0714 3272 [ DDC3F34682D073AD9D1AE4237BBDDAB1 ] FARMNTIO c:\windows\system32\drivers\farmntio.sys
17:17:39.0730 3272 FARMNTIO - ok
17:17:39.0730 3272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
17:17:39.0808 3272 fastfat - ok
17:17:39.0854 3272 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
17:17:39.0870 3272 Fax - ok
17:17:39.0870 3272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
17:17:39.0901 3272 fdc - ok
17:17:39.0917 3272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
17:17:39.0979 3272 fdPHost - ok
17:17:39.0979 3272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
17:17:40.0026 3272 FDResPub - ok
17:17:40.0026 3272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:17:40.0042 3272 FileInfo - ok
17:17:40.0042 3272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:17:40.0104 3272 Filetrace - ok
17:17:40.0104 3272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
17:17:40.0151 3272 flpydisk - ok
17:17:40.0198 3272 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:17:40.0213 3272 FltMgr - ok
17:17:40.0291 3272 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
17:17:40.0338 3272 FontCache - ok
17:17:40.0400 3272 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:17:40.0400 3272 FontCache3.0.0.0 - ok
17:17:40.0416 3272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:17:40.0432 3272 FsDepends - ok
17:17:40.0494 3272 [ 95D0CB3E794DEA8CBE21725811A554DC ] fspad_wlh64 C:\windows\system32\DRIVERS\fspad_wlh64.sys
17:17:40.0510 3272 fspad_wlh64 - ok
17:17:40.0556 3272 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:17:40.0572 3272 Fs_Rec - ok
17:17:40.0603 3272 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:17:40.0634 3272 fvevol - ok
17:17:40.0650 3272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
17:17:40.0666 3272 gagp30kx - ok
17:17:40.0744 3272 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:17:40.0744 3272 GEARAspiWDM - ok
17:17:40.0775 3272 [ 23DEC7050B21A425562AA207ACB5CCB7 ] GFNEXSrv C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
17:17:40.0790 3272 GFNEXSrv - ok
17:17:40.0837 3272 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
17:17:40.0900 3272 gpsvc - ok
17:17:41.0009 3272 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:41.0009 3272 gupdate - ok
17:17:41.0024 3272 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:17:41.0024 3272 gupdatem - ok
17:17:41.0087 3272 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:17:41.0102 3272 gusvc - ok
17:17:41.0149 3272 [ 5B7DCF7226FAFD500420C6C4D3719369 ] HCDisk C:\windows\system32\drivers\HCDisk.sys
17:17:41.0165 3272 HCDisk - ok
17:17:41.0180 3272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:17:41.0227 3272 hcw85cir - ok
17:17:41.0258 3272 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:17:41.0305 3272 HdAudAddService - ok
17:17:41.0336 3272 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
17:17:41.0368 3272 HDAudBus - ok
17:17:41.0383 3272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
17:17:41.0414 3272 HidBatt - ok
17:17:41.0414 3272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
17:17:41.0461 3272 HidBth - ok
17:17:41.0477 3272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
17:17:41.0492 3272 HidIr - ok
17:17:41.0524 3272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
17:17:41.0570 3272 hidserv - ok
17:17:41.0617 3272 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
17:17:41.0648 3272 HidUsb - ok
17:17:41.0680 3272 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
17:17:41.0726 3272 hkmsvc - ok
17:17:41.0758 3272 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:17:41.0804 3272 HomeGroupListener - ok
17:17:41.0851 3272 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:17:41.0867 3272 HomeGroupProvider - ok
17:17:41.0914 3272 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:17:41.0929 3272 HpSAMD - ok
17:17:41.0976 3272 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:17:42.0038 3272 HTTP - ok
17:17:42.0070 3272 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:17:42.0070 3272 hwpolicy - ok
17:17:42.0132 3272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
17:17:42.0163 3272 i8042prt - ok
17:17:42.0210 3272 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:17:42.0226 3272 iaStor - ok
17:17:42.0241 3272 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:17:42.0272 3272 iaStorV - ok
17:17:42.0319 3272 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:17:42.0366 3272 idsvc - ok
17:17:42.0709 3272 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
17:17:43.0193 3272 igfx - ok
17:17:43.0224 3272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
17:17:43.0255 3272 iirsp - ok
17:17:43.0302 3272 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
17:17:43.0380 3272 IKEEXT - ok
17:17:43.0411 3272 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
17:17:43.0458 3272 IntcDAud - ok
17:17:43.0474 3272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
17:17:43.0489 3272 intelide - ok
17:17:43.0505 3272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:17:43.0552 3272 intelppm - ok
17:17:43.0583 3272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:17:43.0614 3272 IPBusEnum - ok
17:17:43.0661 3272 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:17:43.0708 3272 IpFilterDriver - ok
17:17:43.0786 3272 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
17:17:43.0848 3272 iphlpsvc - ok
17:17:43.0895 3272 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:17:43.0942 3272 IPMIDRV - ok
17:17:43.0957 3272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:17:44.0004 3272 IPNAT - ok
17:17:44.0051 3272 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:17:44.0066 3272 iPod Service - ok
17:17:44.0082 3272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
17:17:44.0113 3272 IRENUM - ok
17:17:44.0129 3272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:17:44.0144 3272 isapnp - ok
17:17:44.0176 3272 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:17:44.0207 3272 iScsiPrt - ok
17:17:44.0207 3272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
17:17:44.0222 3272 kbdclass - ok
17:17:44.0254 3272 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
17:17:44.0285 3272 kbdhid - ok
17:17:44.0300 3272 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
17:17:44.0316 3272 KeyIso - ok
17:17:44.0347 3272 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:17:44.0363 3272 KSecDD - ok
17:17:44.0410 3272 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:17:44.0425 3272 KSecPkg - ok
17:17:44.0441 3272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:17:44.0503 3272 ksthunk - ok
17:17:44.0534 3272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
17:17:44.0612 3272 KtmRm - ok
17:17:44.0659 3272 [ EBED8B3FF4A823C1A6EEBEED7B29353F ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
17:17:44.0690 3272 L1C - ok
17:17:44.0737 3272 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
17:17:44.0815 3272 LanmanServer - ok
17:17:44.0878 3272 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:17:44.0956 3272 LanmanWorkstation - ok
17:17:45.0002 3272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:17:45.0065 3272 lltdio - ok
17:17:45.0096 3272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:17:45.0143 3272 lltdsvc - ok
17:17:45.0174 3272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
17:17:45.0236 3272 lmhosts - ok
17:17:45.0314 3272 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:17:45.0346 3272 LMS - ok
17:17:45.0361 3272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
17:17:45.0392 3272 LSI_FC - ok
17:17:45.0392 3272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
17:17:45.0408 3272 LSI_SAS - ok
17:17:45.0408 3272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
17:17:45.0424 3272 LSI_SAS2 - ok
17:17:45.0439 3272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
17:17:45.0455 3272 LSI_SCSI - ok
17:17:45.0455 3272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
17:17:45.0502 3272 luafv - ok
17:17:45.0642 3272 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
17:17:45.0689 3272 McComponentHostService - ok
17:17:45.0720 3272 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:17:45.0767 3272 Mcx2Svc - ok
17:17:45.0767 3272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
17:17:45.0782 3272 megasas - ok
17:17:45.0798 3272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
17:17:45.0829 3272 MegaSR - ok
17:17:45.0845 3272 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
17:17:45.0860 3272 MEIx64 - ok
17:17:45.0907 3272 MGHwCtrl - ok
17:17:45.0923 3272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
17:17:46.0016 3272 MMCSS - ok
17:17:46.0016 3272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
17:17:46.0063 3272 Modem - ok
17:17:46.0079 3272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:17:46.0094 3272 monitor - ok
17:17:46.0126 3272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
17:17:46.0141 3272 mouclass - ok
17:17:46.0141 3272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:17:46.0172 3272 mouhid - ok
17:17:46.0219 3272 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:17:46.0235 3272 mountmgr - ok
17:17:46.0266 3272 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
17:17:46.0282 3272 mpio - ok
17:17:46.0297 3272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:17:46.0344 3272 mpsdrv - ok
17:17:46.0391 3272 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
17:17:46.0469 3272 MpsSvc - ok
17:17:46.0500 3272 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:17:46.0547 3272 MRxDAV - ok
17:17:46.0578 3272 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:17:46.0594 3272 mrxsmb - ok
17:17:46.0625 3272 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:17:46.0640 3272 mrxsmb10 - ok
17:17:46.0672 3272 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:17:46.0718 3272 mrxsmb20 - ok
17:17:46.0734 3272 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
17:17:46.0750 3272 msahci - ok
17:17:46.0765 3272 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:17:46.0781 3272 msdsm - ok
17:17:46.0812 3272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
17:17:46.0828 3272 MSDTC - ok
17:17:46.0843 3272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:17:46.0906 3272 Msfs - ok
17:17:46.0906 3272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:17:46.0952 3272 mshidkmdf - ok
17:17:46.0984 3272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:17:46.0984 3272 msisadrv - ok
17:17:47.0031 3272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:17:47.0125 3272 MSiSCSI - ok
17:17:47.0125 3272 msiserver - ok
17:17:47.0156 3272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:17:47.0203 3272 MSKSSRV - ok
17:17:47.0234 3272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:17:47.0281 3272 MSPCLOCK - ok
17:17:47.0297 3272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:17:47.0343 3272 MSPQM - ok
17:17:47.0375 3272 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:17:47.0406 3272 MsRPC - ok
17:17:47.0437 3272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
17:17:47.0453 3272 mssmbios - ok
17:17:47.0453 3272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:17:47.0499 3272 MSTEE - ok
17:17:47.0499 3272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
17:17:47.0531 3272 MTConfig - ok
17:17:47.0546 3272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
17:17:47.0562 3272 Mup - ok
17:17:47.0593 3272 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
17:17:47.0640 3272 napagent - ok
17:17:47.0671 3272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:17:47.0702 3272 NativeWifiP - ok
17:17:47.0749 3272 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
17:17:47.0780 3272 NDIS - ok
17:17:47.0796 3272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:17:47.0843 3272 NdisCap - ok
17:17:47.0858 3272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:17:47.0905 3272 NdisTapi - ok
17:17:47.0936 3272 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:17:48.0030 3272 Ndisuio - ok
17:17:48.0045 3272 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:17:48.0108 3272 NdisWan - ok
17:17:48.0139 3272 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:17:48.0186 3272 NDProxy - ok
17:17:48.0201 3272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:17:48.0264 3272 NetBIOS - ok
17:17:48.0295 3272 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:17:48.0389 3272 NetBT - ok
17:17:48.0404 3272 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
17:17:48.0420 3272 Netlogon - ok
17:17:48.0467 3272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
17:17:48.0529 3272 Netman - ok
17:17:48.0545 3272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
17:17:48.0607 3272 netprofm - ok
17:17:48.0638 3272 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:17:48.0654 3272 NetTcpPortSharing - ok
17:17:48.0685 3272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
17:17:48.0716 3272 nfrd960 - ok
17:17:48.0747 3272 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
17:17:48.0779 3272 NlaSvc - ok
17:17:48.0810 3272 NOBU - ok
17:17:48.0810 3272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:17:48.0872 3272 Npfs - ok
17:17:48.0888 3272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
17:17:48.0935 3272 nsi - ok
17:17:48.0935 3272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:17:48.0981 3272 nsiproxy - ok
17:17:49.0059 3272 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:17:49.0169 3272 Ntfs - ok
17:17:49.0169 3272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
17:17:49.0215 3272 Null - ok
17:17:49.0247 3272 [ C25CC69829E976C67B34152334EEDDD1 ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
17:17:49.0262 3272 nusb3hub - ok
17:17:49.0293 3272 [ 20BC4B57A6DBA0447ADB3B623C200F8E ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
17:17:49.0325 3272 nusb3xhc - ok
17:17:49.0699 3272 [ 5B87B16D2781982E32BAB6D359034C37 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
17:17:49.0917 3272 nvlddmkm - ok
17:17:49.0949 3272 [ 0FB06978E39D3B2BB02D616B71A718DC ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
17:17:49.0964 3272 nvpciflt - ok
17:17:50.0011 3272 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
17:17:50.0058 3272 nvraid - ok
17:17:50.0089 3272 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
17:17:50.0120 3272 nvstor - ok
17:17:50.0183 3272 [ E0978D69D66403BEB006BED61B27B883 ] NVSvc C:\windows\system32\nvvsvc.exe
17:17:50.0229 3272 NVSvc - ok
17:17:50.0307 3272 [ DC49EC481397457AEA7D094383C0E1B6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:17:50.0385 3272 nvUpdatusService - ok
17:17:50.0401 3272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:17:50.0417 3272 nv_agp - ok
17:17:50.0463 3272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:17:50.0526 3272 ohci1394 - ok
17:17:50.0573 3272 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:17:50.0604 3272 ose - ok
17:17:50.0791 3272 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:17:51.0072 3272 osppsvc - ok
17:17:51.0103 3272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:17:51.0134 3272 p2pimsvc - ok
17:17:51.0165 3272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
17:17:51.0197 3272 p2psvc - ok
17:17:51.0228 3272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
17:17:51.0259 3272 Parport - ok
17:17:51.0306 3272 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
17:17:51.0337 3272 partmgr - ok
17:17:51.0368 3272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
17:17:51.0415 3272 PcaSvc - ok
17:17:51.0431 3272 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
17:17:51.0462 3272 pci - ok
17:17:51.0493 3272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
17:17:51.0509 3272 pciide - ok
17:17:51.0524 3272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
17:17:51.0555 3272 pcmcia - ok
17:17:51.0555 3272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
17:17:51.0571 3272 pcw - ok
17:17:51.0602 3272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:17:51.0665 3272 PEAUTH - ok
17:17:51.0680 3272 [ EE926C59CBD4DC4DC9FBB85014A2F1A5 ] PEGAGFN C:\Program Files (x86)\PHotkey\PEGAGFN.sys
17:17:51.0696 3272 PEGAGFN - ok
17:17:51.0930 3272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
17:17:51.0977 3272 PerfHost - ok
17:17:52.0039 3272 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
17:17:52.0133 3272 pla - ok
17:17:52.0164 3272 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:17:52.0195 3272 PlugPlay - ok
17:17:52.0242 3272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:17:52.0273 3272 PNRPAutoReg - ok
17:17:52.0289 3272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:17:52.0304 3272 PNRPsvc - ok
17:17:52.0335 3272 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:17:52.0413 3272 PolicyAgent - ok
17:17:52.0429 3272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
17:17:52.0476 3272 Power - ok
17:17:52.0491 3272 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:17:52.0554 3272 PptpMiniport - ok
17:17:52.0585 3272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
17:17:52.0663 3272 Processor - ok
17:17:52.0741 3272 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
17:17:52.0772 3272 ProfSvc - ok
17:17:52.0803 3272 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
17:17:52.0803 3272 ProtectedStorage - ok
17:17:52.0850 3272 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:17:52.0913 3272 Psched - ok
17:17:52.0959 3272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
17:17:53.0115 3272 ql2300 - ok
17:17:53.0115 3272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
17:17:53.0131 3272 ql40xx - ok
17:17:53.0162 3272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
17:17:53.0193 3272 QWAVE - ok
17:17:53.0193 3272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:17:53.0225 3272 QWAVEdrv - ok
17:17:53.0256 3272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:17:53.0303 3272 RasAcd - ok
17:17:53.0349 3272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:17:53.0459 3272 RasAgileVpn - ok
17:17:53.0474 3272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
17:17:53.0537 3272 RasAuto - ok
17:17:53.0568 3272 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:17:53.0630 3272 Rasl2tp - ok
17:17:53.0693 3272 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
17:17:53.0833 3272 RasMan - ok
17:17:53.0849 3272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:17:53.0911 3272 RasPppoe - ok
17:17:53.0927 3272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:17:53.0989 3272 RasSstp - ok
17:17:54.0020 3272 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:17:54.0067 3272 rdbss - ok
17:17:54.0067 3272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
17:17:54.0098 3272 rdpbus - ok
17:17:54.0129 3272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:17:54.0176 3272 RDPCDD - ok
17:17:54.0176 3272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:17:54.0223 3272 RDPENCDD - ok
17:17:54.0239 3272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:17:54.0285 3272 RDPREFMP - ok
17:17:54.0317 3272 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:17:54.0379 3272 RDPWD - ok
17:17:54.0426 3272 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:17:54.0457 3272 rdyboost - ok
17:17:54.0488 3272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
17:17:54.0551 3272 RemoteAccess - ok
17:17:54.0597 3272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:17:54.0660 3272 RemoteRegistry - ok
17:17:54.0691 3272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:17:54.0738 3272 RpcEptMapper - ok
17:17:54.0769 3272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
17:17:54.0831 3272 RpcLocator - ok
17:17:54.0878 3272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
17:17:54.0941 3272 RpcSs - ok
17:17:54.0956 3272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:17:55.0003 3272 rspndr - ok
17:17:55.0019 3272 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
17:17:55.0034 3272 SamSs - ok
17:17:55.0065 3272 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:17:55.0081 3272 sbp2port - ok
17:17:55.0128 3272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
17:17:55.0206 3272 SCardSvr - ok
17:17:55.0237 3272 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:17:55.0299 3272 scfilter - ok
17:17:55.0362 3272 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
17:17:55.0455 3272 Schedule - ok
17:17:55.0471 3272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
17:17:55.0502 3272 SCPolicySvc - ok
17:17:55.0549 3272 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:17:55.0580 3272 SDRSVC - ok
17:17:55.0596 3272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:17:55.0643 3272 secdrv - ok
17:17:55.0674 3272 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
17:17:55.0721 3272 seclogon - ok
17:17:55.0752 3272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
17:17:55.0783 3272 SENS - ok
17:17:55.0799 3272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:17:55.0830 3272 SensrSvc - ok
17:17:55.0830 3272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
17:17:55.0845 3272 Serenum - ok
17:17:55.0877 3272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
17:17:55.0892 3272 Serial - ok
17:17:55.0923 3272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
17:17:55.0970 3272 sermouse - ok
17:17:56.0017 3272 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
17:17:56.0064 3272 SessionEnv - ok
17:17:56.0079 3272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:17:56.0126 3272 sffdisk - ok
17:17:56.0157 3272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:17:56.0189 3272 sffp_mmc - ok
17:17:56.0189 3272 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:17:56.0204 3272 sffp_sd - ok
17:17:56.0220 3272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
17:17:56.0220 3272 sfloppy - ok
17:17:56.0313 3272 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
17:17:56.0360 3272 Sftfs - ok
17:17:56.0423 3272 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:17:56.0469 3272 sftlist - ok
17:17:56.0485 3272 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
17:17:56.0501 3272 Sftplay - ok
17:17:56.0516 3272 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
17:17:56.0532 3272 Sftredir - ok
17:17:56.0563 3272 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
17:17:56.0579 3272 Sftvol - ok
17:17:56.0594 3272 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:17:56.0610 3272 sftvsa - ok
17:17:56.0641 3272 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
17:17:56.0719 3272 SharedAccess - ok
17:17:56.0781 3272 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:17:56.0828 3272 ShellHWDetection - ok
17:17:56.0875 3272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
17:17:56.0906 3272 SiSRaid2 - ok
17:17:56.0906 3272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
17:17:56.0922 3272 SiSRaid4 - ok
17:17:56.0937 3272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:17:56.0984 3272 Smb - ok
17:17:57.0031 3272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:17:57.0078 3272 SNMPTRAP - ok
17:17:57.0093 3272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
17:17:57.0109 3272 spldr - ok
17:17:57.0156 3272 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
17:17:57.0187 3272 Spooler - ok
17:17:57.0281 3272 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
17:17:57.0359 3272 sppsvc - ok
17:17:57.0390 3272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:17:57.0437 3272 sppuinotify - ok
17:17:57.0468 3272 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
17:17:57.0515 3272 srv - ok
17:17:57.0561 3272 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:17:57.0593 3272 srv2 - ok
17:17:57.0624 3272 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:17:57.0671 3272 srvnet - ok
17:17:57.0702 3272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:17:57.0733 3272 SSDPSRV - ok
17:17:57.0749 3272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
17:17:57.0811 3272 SstpSvc - ok
17:17:57.0873 3272 [ 39D9CA03CC9FF883F8E36D95E7BFD193 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:17:57.0905 3272 Stereo Service - ok
17:17:57.0936 3272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
17:17:57.0951 3272 stexstor - ok
17:17:57.0998 3272 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
17:17:58.0045 3272 stisvc - ok
17:17:58.0076 3272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
17:17:58.0092 3272 swenum - ok
17:17:58.0123 3272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
17:17:58.0201 3272 swprv - ok
17:17:58.0263 3272 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
17:17:58.0341 3272 SysMain - ok
17:17:58.0373 3272 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
17:17:58.0419 3272 TabletInputService - ok
17:17:58.0451 3272 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
17:17:58.0560 3272 TapiSrv - ok
17:17:58.0591 3272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
17:17:58.0638 3272 TBS - ok
17:17:58.0731 3272 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:17:58.0841 3272 Tcpip - ok
17:17:58.0903 3272 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:17:58.0934 3272 TCPIP6 - ok
17:17:58.0981 3272 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:17:59.0028 3272 tcpipreg - ok
17:17:59.0059 3272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:17:59.0090 3272 TDPIPE - ok
17:17:59.0121 3272 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:17:59.0137 3272 TDTCP - ok
17:17:59.0184 3272 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:17:59.0246 3272 tdx - ok
17:17:59.0262 3272 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
17:17:59.0277 3272 TermDD - ok
17:17:59.0309 3272 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
17:17:59.0371 3272 TermService - ok
17:17:59.0387 3272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
17:17:59.0402 3272 Themes - ok
17:17:59.0418 3272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
17:17:59.0465 3272 THREADORDER - ok
17:17:59.0465 3272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
17:17:59.0511 3272 TrkWks - ok
17:17:59.0574 3272 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:17:59.0621 3272 TrustedInstaller - ok
17:17:59.0652 3272 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:17:59.0699 3272 tssecsrv - ok
17:17:59.0761 3272 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:17:59.0792 3272 TsUsbFlt - ok
17:17:59.0855 3272 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:17:59.0901 3272 tunnel - ok
17:17:59.0917 3272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
17:17:59.0933 3272 uagp35 - ok
17:17:59.0964 3272 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:18:00.0073 3272 udfs - ok
17:18:00.0089 3272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:18:00.0135 3272 UI0Detect - ok
17:18:00.0167 3272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:18:00.0182 3272 uliagpkx - ok
17:18:00.0213 3272 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
17:18:00.0260 3272 umbus - ok
17:18:00.0291 3272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
17:18:00.0323 3272 UmPass - ok
17:18:00.0447 3272 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:18:00.0541 3272 UNS - ok
17:18:00.0572 3272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
17:18:00.0635 3272 upnphost - ok
17:18:00.0697 3272 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
17:18:00.0744 3272 USBAAPL64 - ok
17:18:00.0760 3272 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:18:00.0775 3272 usbccgp - ok
17:18:00.0822 3272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:18:00.0853 3272 usbcir - ok
17:18:00.0869 3272 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
17:18:00.0931 3272 usbehci - ok
17:18:00.0978 3272 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:18:01.0009 3272 usbhub - ok
17:18:01.0040 3272 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:18:01.0087 3272 usbohci - ok
17:18:01.0118 3272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:18:01.0134 3272 usbprint - ok
17:18:01.0150 3272 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:18:01.0165 3272 USBSTOR - ok
17:18:01.0165 3272 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:18:01.0181 3272 usbuhci - ok
17:18:01.0212 3272 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
17:18:01.0259 3272 usbvideo - ok
17:18:01.0274 3272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
17:18:01.0337 3272 UxSms - ok
17:18:01.0352 3272 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
17:18:01.0368 3272 VaultSvc - ok
17:18:01.0399 3272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:18:01.0415 3272 vdrvroot - ok
17:18:01.0462 3272 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
17:18:01.0540 3272 vds - ok
17:18:01.0555 3272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:18:01.0586 3272 vga - ok
17:18:01.0586 3272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
17:18:01.0633 3272 VgaSave - ok
17:18:01.0664 3272 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:18:01.0680 3272 vhdmp - ok
17:18:01.0711 3272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
17:18:01.0727 3272 viaide - ok
17:18:01.0742 3272 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:18:01.0758 3272 volmgr - ok
17:18:01.0789 3272 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:18:01.0805 3272 volmgrx - ok
17:18:01.0836 3272 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
17:18:01.0852 3272 volsnap - ok
17:18:01.0883 3272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
17:18:01.0898 3272 vsmraid - ok
17:18:01.0976 3272 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
17:18:02.0132 3272 VSS - ok
17:18:02.0179 3272 [ 062DAADC58EC25C6E384823841376497 ] VVBackd5 C:\windows\system32\drivers\VVBackd5.sys
17:18:02.0210 3272 VVBackd5 - ok
17:18:02.0226 3272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:18:02.0273 3272 vwifibus - ok
17:18:02.0273 3272 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:18:02.0304 3272 vwififlt - ok
17:18:02.0335 3272 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
17:18:02.0366 3272 vwifimp - ok
17:18:02.0398 3272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
17:18:02.0444 3272 W32Time - ok
17:18:02.0444 3272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
17:18:02.0476 3272 WacomPen - ok
17:18:02.0507 3272 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:18:02.0554 3272 WANARP - ok
17:18:02.0554 3272 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:18:02.0585 3272 Wanarpv6 - ok
17:18:02.0678 3272 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
17:18:02.0881 3272 wbengine - ok
17:18:02.0897 3272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:18:02.0944 3272 WbioSrvc - ok
17:18:02.0975 3272 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
17:18:03.0022 3272 wcncsvc - ok
17:18:03.0037 3272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:18:03.0068 3272 WcsPlugInService - ok
17:18:03.0084 3272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
17:18:03.0100 3272 Wd - ok
17:18:03.0146 3272 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:18:03.0224 3272 Wdf01000 - ok
17:18:03.0256 3272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
17:18:03.0271 3272 WdiServiceHost - ok
17:18:03.0271 3272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
17:18:03.0302 3272 WdiSystemHost - ok
17:18:03.0334 3272 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
17:18:03.0365 3272 WebClient - ok
17:18:03.0380 3272 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
17:18:03.0427 3272 Wecsvc - ok
17:18:03.0443 3272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:18:03.0490 3272 wercplsupport - ok
17:18:03.0505 3272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
17:18:03.0552 3272 WerSvc - ok
17:18:03.0552 3272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:18:03.0599 3272 WfpLwf - ok
17:18:03.0599 3272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:18:03.0614 3272 WIMMount - ok
17:18:03.0630 3272 WinDefend - ok
17:18:03.0646 3272 WinHttpAutoProxySvc - ok
17:18:03.0786 3272 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:18:03.0880 3272 Winmgmt - ok
17:18:03.0958 3272 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
17:18:04.0145 3272 WinRM - ok
17:18:04.0207 3272 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
17:18:04.0254 3272 WinUsb - ok
17:18:04.0301 3272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
17:18:04.0332 3272 Wlansvc - ok
17:18:04.0363 3272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
17:18:04.0394 3272 WmiAcpi - ok
17:18:04.0426 3272 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:18:04.0472 3272 wmiApSrv - ok
17:18:04.0488 3272 WMPNetworkSvc - ok
17:18:04.0519 3272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
17:18:04.0535 3272 WPCSvc - ok
17:18:04.0566 3272 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:18:04.0597 3272 WPDBusEnum - ok
17:18:04.0628 3272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:18:04.0675 3272 ws2ifsl - ok
17:18:04.0675 3272 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
17:18:04.0691 3272 wscsvc - ok
17:18:04.0706 3272 WSearch - ok
17:18:04.0784 3272 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
17:18:04.0862 3272 wuauserv - ok
17:18:04.0894 3272 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:18:04.0925 3272 WudfPf - ok
17:18:04.0940 3272 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:18:04.0972 3272 WUDFRd - ok
17:18:05.0003 3272 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:18:05.0034 3272 wudfsvc - ok
17:18:05.0065 3272 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll
17:18:05.0112 3272 WwanSvc - ok
17:18:05.0143 3272 ================ Scan global ===============================
17:18:05.0159 3272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
17:18:05.0190 3272 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
17:18:05.0206 3272 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
17:18:05.0237 3272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
17:18:05.0268 3272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
17:18:05.0268 3272 [Global] - ok
17:18:05.0268 3272 ================ Scan MBR ==================================
17:18:05.0299 3272 [ E7602EDE0576C918CC2E7BB7AA78E8EC ] \Device\Harddisk0\DR0
17:18:05.0299 3272 Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:18:05.0861 3272 \Device\Harddisk0\DR0 - ok
17:18:05.0861 3272 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR2
17:18:06.0048 3272 \Device\Harddisk1\DR2 - ok
17:18:06.0048 3272 ================ Scan VBR ==================================
17:18:06.0048 3272 [ 785C2EF7BFBCB7B099873BCB57D341AE ] \Device\Harddisk0\DR0\Partition1
17:18:06.0064 3272 \Device\Harddisk0\DR0\Partition1 - ok
17:18:06.0064 3272 [ 2628C7B48D9266D0CE07B3E9C26DE53A ] \Device\Harddisk0\DR0\Partition2
17:18:06.0064 3272 \Device\Harddisk0\DR0\Partition2 - ok
17:18:06.0079 3272 [ 70AA953414526FDB59C8587CE2F95EFA ] \Device\Harddisk0\DR0\Partition3
17:18:06.0079 3272 \Device\Harddisk0\DR0\Partition3 - ok
17:18:06.0095 3272 [ B4EF864FF08745ACCE313E03E618D366 ] \Device\Harddisk1\DR2\Partition1
17:18:06.0095 3272 \Device\Harddisk1\DR2\Partition1 - ok
17:18:06.0095 3272 ============================================================
17:18:06.0095 3272 Scan finished
17:18:06.0095 3272 ============================================================
17:18:06.0095 0820 Detected object count: 1
17:18:06.0095 0820 Actual detected object count: 1
17:19:20.0593 0820 DriveClone Network Client IBP ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:20.0593 0820 DriveClone Network Client IBP ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:36.0208 2452
|
|
12.07.2013, 16:24
| #8 |
| /// Malware-holic | Unbekannter GVU-Trojaner Das war der Plan. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.07.2013, 16:46
| #9 |
| | Unbekannter GVU-TrojanerCode:
ATTFilter Combofix Logfile: |
|
12.07.2013, 16:52
| #10 |
| /// Malware-holic | Unbekannter GVU-Trojaner sieht gut aus. 2 Logs sind zu erstellen, poste sie möglichst gleichzeitig. 1. malwarebytes: Downloade Dir bitte Malwarebytes
2. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.07.2013, 19:57
| #11 |
| | Unbekannter GVU-Trojaner Hey! Sorry war gerade für ne Zeit weg! Warum muss ich die Notwendig der Programme dahinterschreiben? Wird eine Systemzurücksetzung gemacht? Auf dem PC sind auch noch viele wichtige Fotos, die darauf bleiben sollten. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.04.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Maria :: MARIA-MSI [limitiert] Schutz: Aktiviert 12.07.2013 18:02:08 mbam-log-2013-07-12 (18-02-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 468380 Laufzeit: 1 Stunde(n), 7 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter 1&1 Surf-Stick 12.07.2013 (unnötig) Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 27.12.2011 6,00MB 11.1.102.55 (notwendig) Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 27.12.2011 6,00MB 11.1.102.55 (notwendig) Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.12.2011 6,00MB 11.1.102.55 (notwendig) Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 27.12.2011 6,00MB 11.1.102.55 (notwendig) Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 25.03.2012 121MB 10.1.2 (notwendig) Alcor Micro USB Card Reader Alcor Micro Corp. 20.03.2011 2,88MB 1.8.1217.36096 (unbekannt) Apple Application Support Apple Inc. 06.04.2012 61,0MB 2.1.7 (unnötig) Apple Mobile Device Support Apple Inc. 06.04.2012 24,9MB 5.1.1.4 (unnötig) Apple Software Update Apple Inc. 06.04.2012 2,38MB 2.1.3.127 (unnötig) Ask Toolbar Ask.com 21.04.2012 4,15MB 1.15.1.0 (unnötig) Ask Toolbar Updater Ask.com 21.04.2012 1.2.1.22229 (unnötig) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 20.03.2011 1.0.0.36 (unbekannt) Avira Free Antivirus Avira 05.07.2013 108MB 12.1.9.2400 (notwendig) AVM FRITZ!Box AddOn (IE) AVM Berlin 30.06.2012 1,88MB 1.5.7 (notwendig) Bing Bar Microsoft Corporation 09.02.2012 26,7MB 7.0.822.0 (unnötig) Bonjour Apple Inc. 06.04.2012 2,00MB 3.0.0.10 (unbekannt) BurnRecovery Micro-Star International Co., Ltd. 20.03.2011 3.0.1007.2702 (notwendig) CCleaner Piriform 19.06.2013 4.03 (unnötig) Conexant HD Audio Conexant 20.03.2011 8.54.0.0 (unbekannt) EasyFace2 Micro-Star International CO.,Ltd. 20.03.2011 2.0.0.14 (unbekannt) EasyViewer MSI 20.03.2011 20,6MB 1.3.0.8 (unbekannt) Finger Sensing Pad Driver Sentelic 20.03.2011 8.8.0.9 (unbekannt) Google Chrome Google Inc. 27.12.2011 27.0.1453.116 (notwendig) Google Toolbar for Internet Explorer Google Inc. 25.06.2013 7.5.4209.2358 (unnötig) Intel(R) Control Center Intel Corporation 20.03.2011 1.2.1.1007 (unbekannt) Intel(R) Management Engine Components Intel Corporation 20.03.2011 7.0.0.1118 (unbekannt) Intel(R) Processor Graphics Intel Corporation 20.03.2011 8.15.10.2266 (unbekannt) iTunes Apple Inc. 06.04.2012 156MB 10.6.1.7 (unnötig) Java(TM) 6 Update 30 Oracle 08.02.2012 95,1MB 6.0.300 (notwendig) Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 12.07.2013 19,2MB 1.75.0.1300 (unnötig) McAfee Security Scan Plus McAfee, Inc. 12.02.2013 10,2MB 3.0.318.3 (notwendig) Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.12.2011 38,8MB 4.0.30319 (notwendig) Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.12.2011 2,93MB 4.0.30319 (notwendig) Microsoft Office 2010 Microsoft Corporation 24.12.2011 6,31MB 14.0.4763.1000 (notwendig) Microsoft Office Klick-und-Los 2010 Microsoft Corporation 07.02.2012 14.0.4763.1000 (unbekannt) Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 07.02.2012 14.0.4763.1000 (notwendig) Microsoft Silverlight Microsoft Corporation 14.03.2013 50,6MB 5.1.20125.0 (unbekannt) Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 24.12.2011 1,72MB 3.1.0000 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 20.03.2011 788KB 9.0.30729.4148 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 07.02.2012 788KB 9.0.30729.6161 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 20.03.2011 596KB 9.0.30729 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.03.2011 596KB 9.0.30729.4148 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 07.02.2012 600KB 9.0.30729.6161 (unbekannt) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 07.02.2012 12,2MB 10.0.40219 (unbekannt) MSI Remind Manager MSI 24.12.2011 1,70MB 1.11.0104 (unbekannt) Norton Online Backup Symantec Corporation 20.03.2011 6,40MB 2.1.13580 (unbekannt) Nuance PDF Reader Nuance Communications, Inc. 24.12.2011 47,8MB 6.00.0041 (notwendig) NVIDIA 3D Vision Driver 266.39 NVIDIA Corporation 20.03.2011 266.39 (notwendig) NVIDIA Graphics Driver 266.39 NVIDIA Corporation 20.03.2011 266.39 (notwendig) PC Sound SRS Labs, Inc. 20.03.2011 1,72MB 1.11.0200 (notwendig) PHotkey 20.03.2011 1.00.0005 (unbekannt) Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 20.03.2011 1,00MB 2.0.20.0 (unbekannt) Time Stamp Time Stamp Software, Inc. 25.12.2011 1.0.0.20110121 (unbekannt) Windows Live Anmelde-Assistent Microsoft Corporation 24.12.2011 1,93MB 5.000.818.5 (unnötig) Windows Live Essentials Microsoft Corporation 25.12.2011 14.0.8117.0416 (unbekannt) Windows Live Sync Microsoft Corporation 24.12.2011 2,79MB 14.0.8117.416 (unbekannt) Windows Live-Uploadtool Microsoft Corporation 24.12.2011 224KB 14.0.8014.1029 (unbekannt) WinFlash 20.03.2011 2.29.0.3 (unbekannt) XW204E XAVi 20.03.2011 1.00.0000 (unbekannt) |
|
12.07.2013, 20:05
| #12 |
| /// Malware-holic | Unbekannter GVU-Trojaner Hi denkst du nicht, dass hätte ich dir dann gesagt? Keine Angst :-) Es sind 2 Logs zu erstellen, poste diese wieder gleichzeitig. 1. deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Ask : beide Bing Google Toolbar iTunes Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Norton Windows Live: alle für dich unnötigen Öffne bitte CCleaner, analysieren, starten, PC neustarten. 2. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Neustarten. 3. HitmanPro - Download - Filepony Hitmanpro laden, doppelklicken, Scan klicken. Nichts löschen, weiter klicken. Log speichern und posten, bzw als XML exportieren, packen und anhängen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.07.2013, 20:28
| #13 |
| | Unbekannter GVU-Trojaner Danke für deine Antwort Was meinst du mit Haken rausnehmen bei McAffee? lg |
|
12.07.2013, 20:37
| #14 |
| /// Malware-holic | Unbekannter GVU-Trojaner wenn du Produkte von adobe lädst, ist da ein Haken auf der website, der den MCaffee scan anbietet, sorry kann dir nicht beschreiben wo der genau ist, da ich schlecht sehen kann und daher einen screenreader nutze. schau einfach nach der instalation mal in der Software liste vom CCleaner und deinstaliere mcafee falls vorhanden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.07.2013, 21:19
| #15 |
| | Unbekannter GVU-Trojaner Okay, ich hoffe mal, dass ich alles richtig verstanden und durchgeführt habe Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 12/07/2013 um 22:01:11 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Maria - MARIA-MSI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Maria\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Ask
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16618
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v28.0.1500.71
Datei : C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Code:
ATTFilter
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 54
Objects scanned . . . : 2.224.166
Files scanned . . . . : 50.427
Remnants scanned . . : 489.713 files / 1.684.026 keys
Malware _____________________________________________________________________
Master Boot Record (sector 0)
> HitmanPro . . . . : Win64/Bootkit
Partition Type LBA Number of sectors
0 27 2048 25165824
1* 07 25167872 204800
2 0f 25374699 599767749
3 00 0 0
0000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1A 7C 3.....|.P.P....|
0010 BF 1A 06 57 B9 E6 01 F3 A4 C3 BE A8 07 80 7C 06 ...W..........|.
0020 77 74 13 BE BE 07 B9 04 00 80 7C 04 77 74 07 83 wt........|.wt..
0030 C6 10 E2 F5 EB 43 E8 48 01 8B DC 73 2E 8B 14 8B .....C.H...s....
0040 4C 02 B2 80 B8 01 02 CD 13 72 2E 56 8D 77 03 B9 L........r.V.w..
0050 06 00 AC 02 D8 E2 FB 5E 80 FB AA 75 1C 8B 5C 08 .......^...u..\.
0060 8B 4C 0A B8 79 06 8B F4 50 56 C3 8B 44 08 8B 54 .L..y...PV..D..T
0070 0A B9 01 00 E8 B1 00 EB D0 33 C0 BE BE 07 B9 04 .........3......
0080 00 38 2C 7C 09 75 15 83 C6 10 E2 F5 CD 18 8B 14 .8,|.u..........
0090 8B EE 83 C6 10 49 74 16 38 2C 74 F6 BE 52 07 4E .....It.8,t..R.N
00A0 AC 3C 00 74 FA BB 07 00 B4 0E CD 10 EB F2 89 46 .<.t...........F
00B0 45 96 8A 46 04 B4 06 3C 0E 74 11 B4 0B 3C 0C 74 E..F...<.t...<.t
00C0 05 3A C4 75 1A 40 C6 46 45 06 75 13 E8 B2 00 72 .:.u.@.FE.u....r
00D0 0B 8A E0 88 56 44 C7 06 F1 06 EB 1E 88 66 04 BF ....VD.......f..
00E0 0A 00 B8 01 02 8B DC 33 C9 83 FF 05 7F 03 8B 4E .......3.......N
00F0 45 EB 1C 90 72 29 BE 76 07 81 3E FE 7D 55 AA 74 E...r).v..>.}U.t
0100 4A 83 EF 05 7F DC 85 F6 75 96 BE 65 07 EB 9D 98 J.......u..e....
0110 91 52 99 8B 46 08 8B 56 0A E8 0C 00 5A EB D5 4F .R..F..V....Z..O
0120 74 E4 33 C0 CD 13 EB BA 56 33 F6 56 56 52 50 06 t.3.....V3.VVRP.
0130 53 51 BE 10 00 56 8B F4 50 52 B8 00 42 B2 80 CD SQ...V..PR..B...
0140 13 5A 58 8D 64 10 72 01 F8 5E C3 8B FC 57 8B F5 .ZX.d.r..^...W..
0150 C3 42 61 64 20 70 61 72 74 69 74 69 6F 6E 20 74 .Bad partition t
0160 61 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 able.Error loadi
0170 6E 67 20 4F 53 00 4D 69 73 73 69 6E 67 20 4F 53 ng OS.Missing OS
0180 00 50 52 B4 41 BB AA 55 B2 80 CD 13 5A 58 72 0E .PR.A..U....ZXr.
0190 81 FB 55 AA F9 75 07 F6 C1 01 F9 74 01 F8 C3 00 ..U..u.....t....
01A0 00 00 00 00 00 00 00 00 00 00 00 53 4B 82 77 74 ...........SK.wt
01B0 80 59 06 05 80 1F B9 03 4E 84 61 33 00 00 00 20 .Y......N.a3...
01C0 21 00 27 FE FF FF 00 08 00 00 00 00 80 01 80 FE !.'.............
01D0 FF FF 07 FE FF FF 00 08 80 01 00 20 03 00 00 00 ........... ....
01E0 C1 FF 0F FE FF FF EB 2F 83 01 C5 BA BF 23 00 00 ......./.....#..
01F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............U.
Cookies _____________________________________________________________________
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Cookies\0G1YTZYL.txt
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Cookies\13TF72GS.txt
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Cookies\8X7MT091.txt
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Cookies\ARPN9BIC.txt
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Cookies\HTBBEZAH.txt
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Cookies\L5AN2BKC.txt
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Cookies\LMEWEXKR.txt
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Cookies\N1NBXLYK.txt
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Cookies\YQIA13B7.txt
|
|
| Themen zu Unbekannter GVU-Trojaner |
| ahnung, anhang, bekannter, benutzer, benutzername, bereits, forum, foto, gefunde, gvu-trojaner, gvu-virus, inter, interne, internet, laptop, links, neuling, schön, spring, springt, unbekannter, webcam, wenig, wenig ahnung |
WARNUNG an die MITLESER: 
Linear-Darstellung
