Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU-Trojaner schon wieder... (https://www.trojaner-board.de/135014-gvu-trojaner-schon.html)

Cypher00 15.05.2013 23:49
GVU-Trojaner schon wieder...
 
Guten Abend,

als ich gestern auf nicht wirklich jugendfreien Seiten unterwegs war habe ich mir den GVU-Trojaner eingefangen.
Immer wenn ich mich anmelde erscheint die bestimmt fast allen bekannte weiße Seite mit der Aufforderung 100 Euronen zu zahlen und ich kann den Pc runterfahren.

Strg+Alt+Entf funktioniert noch,also kann ich problemlos den PC runterfahren und auch der Abgesicherte Modus bereitet keine Probleme.

Gestern Abend ist es mit gelungen dank meiner riesigen Menge an Datenmüll den Virus zu schließen bevor er mit seiner Arbeit beginnen konnte.
Dabei konnte ich den Namen tiyv.exe (vlt auch tivy,konnte es nicht genau sehen) als Versteck ausfindig machen


Betriebssystem Windows Vista [32-Bit]
Medion (Akira?)
Intel(R) Core(TM)2 Duo CPU E7400@2,80GHz


Bis jetzt bin ich den Schritten hier im Einführungspost gefolgt und habe Defogger,OTl und Gmer über meinen PC laufen lassen.

Die Ergebnisse der Scans habe ich als .zip Datei angehängt
Sie enthält alle 3 Logfiles von Extra.txt,OTL.txt und Gmer.txt



Mir würde es schon reichen wenn ich die wichtigsten Dokumente auf meine externe Festplatte ziehen könnte und dann den PC neu aufsetzten.
Wenn möglich wäre es natürlich besser nur gezielt den GVU-Trojaner auszumerzen.

Sonstige Programme habe ich bis jetzt noch keine zur Hand.

Danke für eure Hilfe!

Edit: habe natüröich versucht die gesehene Datei ausfindig zu machen und zu löschen.
Hab sie zwar gelöscht,geholfen hat es aber nicht

markusg 15.05.2013 23:53
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\lbzdo.dat (Microsoft Corporation)
[2013.05.14 17:14:55 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lbzdo.dat
[2013.05.14 17:14:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.14 17:14:54 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Users\Sabine\1719529.dll
[2013.05.15 13:45:26 | 095,023,320 | ---- | M] () -- C:\ProgramData\odzbl.pad
[2013.05.15 10:15:35 | 000,002,609 | ---- | M] () -- C:\ProgramData\odzbl.js
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Cypher00 16.05.2013 00:31
hier der _OTL\Moved Files FILELOG

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
C:\ProgramData\lbzdo.dat moved successfully.
File C:\ProgramData\lbzdo.dat not found.
C:\ProgramData\rundll32.exe moved successfully.
C:\Users\Sabine\1719529.dll moved successfully.
C:\ProgramData\odzbl.pad moved successfully.
C:\ProgramData\odzbl.js moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: FH
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
 
User: Manuel
 
User: Public
 
User: Sabine
->Temp folder emptied: 497442637 bytes
->Temporary Internet Files folder emptied: 2581519971 bytes
->Java cache emptied: 236706 bytes
->Google Chrome cache emptied: 65392145 bytes
->Flash cache emptied: 57446 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7650254 bytes
RecycleBin emptied: 2351028808 bytes
 
Total Files Cleaned = 5.249,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05162013_010457

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
EDIT: Upload hat auch problemlos geklappt. Hatte zu Beginn vergessen Avira zu deaktivieren (jetzt will das Programm endlich seine ARbeit machen-.-)

markusg 16.05.2013 00:39
thx fürs hochladen.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Cypher00 16.05.2013 00:49
Eine Frage zur Anleitung:Soll ich den PC jetzt neustarten vor dem nächsten Schritt,also vor dem nächsten Scan?

Hier der Filelog für den TDSSKiller:

Code:
01:46:14.0515 1328  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:46:14.0984 1328  ============================================================
01:46:14.0984 1328  Current date / time: 2013/05/16 01:46:14.0984
01:46:14.0984 1328  SystemInfo:
01:46:14.0984 1328 
01:46:14.0984 1328  OS Version: 6.0.6002 ServicePack: 2.0
01:46:14.0984 1328  Product type: Workstation
01:46:14.0984 1328  ComputerName: SABINE-PC
01:46:14.0984 1328  UserName: Sabine
01:46:14.0984 1328  Windows directory: C:\Windows
01:46:14.0984 1328  System windows directory: C:\Windows
01:46:14.0984 1328  Processor architecture: Intel x86
01:46:14.0984 1328  Number of processors: 2
01:46:14.0984 1328  Page size: 0x1000
01:46:14.0984 1328  Boot type: Normal boot
01:46:14.0984 1328  ============================================================
01:46:16.0031 1328  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:46:16.0046 1328  Drive \Device\Harddisk4\DR42 - Size: 0x0 (0.00 Gb), SectorSize: 0x200, Cylinders: 0x0, SectorsPerTrack: 0x0, TracksPerCylinder: 0x0, Type 'W'
01:46:16.0046 1328  ============================================================
01:46:16.0046 1328  \Device\Harddisk0\DR0:
01:46:16.0046 1328  MBR partitions:
01:46:16.0046 1328  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
01:46:16.0046 1328  ============================================================
01:46:16.0062 1328  C: <-> \Device\Harddisk0\DR0\Partition1
01:46:16.0062 1328  ============================================================
01:46:16.0062 1328  Initialize success
01:46:16.0062 1328  ============================================================
01:46:33.0999 5340  ============================================================
01:46:33.0999 5340  Scan started
01:46:33.0999 5340  Mode: Manual; SigCheck; TDLFS;
01:46:33.0999 5340  ============================================================
01:46:34.0218 5340  ================ Scan system memory ========================
01:46:34.0218 5340  System memory - ok
01:46:34.0218 5340  ================ Scan services =============================
01:46:34.0328 5340  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
01:46:34.0421 5340  ACPI - ok
01:46:34.0484 5340  [ E850B0A94E8703CCBC980B31594DC408 ] acsint          C:\Windows\system32\DRIVERS\acsint.sys
01:46:34.0499 5340  acsint - ok
01:46:34.0531 5340  [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux          C:\Windows\system32\DRIVERS\acsmux.sys
01:46:34.0546 5340  acsmux - ok
01:46:34.0593 5340  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:46:34.0593 5340  AdobeFlashPlayerUpdateSvc - ok
01:46:34.0640 5340  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
01:46:34.0671 5340  adp94xx - ok
01:46:34.0734 5340  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci        C:\Windows\system32\drivers\adpahci.sys
01:46:34.0749 5340  adpahci - ok
01:46:34.0765 5340  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
01:46:34.0781 5340  adpu160m - ok
01:46:34.0796 5340  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
01:46:34.0812 5340  adpu320 - ok
01:46:34.0843 5340  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
01:46:34.0874 5340  AeLookupSvc - ok
01:46:34.0906 5340  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
01:46:34.0937 5340  AFD - ok
01:46:34.0953 5340  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
01:46:35.0015 5340  agp440 - ok
01:46:35.0031 5340  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
01:46:35.0031 5340  aic78xx - ok
01:46:35.0062 5340  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
01:46:35.0109 5340  ALG - ok
01:46:35.0140 5340  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:46:35.0156 5340  aliide - ok
01:46:35.0171 5340  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
01:46:35.0171 5340  amdagp - ok
01:46:35.0203 5340  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
01:46:35.0203 5340  amdide - ok
01:46:35.0265 5340  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
01:46:35.0312 5340  AmdK7 - ok
01:46:35.0312 5340  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
01:46:35.0359 5340  AmdK8 - ok
01:46:35.0406 5340  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
01:46:35.0421 5340  AntiVirSchedulerService - ok
01:46:35.0437 5340  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
01:46:35.0437 5340  AntiVirService - ok
01:46:35.0468 5340  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
01:46:35.0515 5340  Appinfo - ok
01:46:35.0531 5340  [ 5D2888182FB46632511ACEE92FDAD522 ] arc            C:\Windows\system32\drivers\arc.sys
01:46:35.0531 5340  arc - ok
01:46:35.0546 5340  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
01:46:35.0562 5340  arcsas - ok
01:46:35.0656 5340  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
01:46:35.0656 5340  aspnet_state - ok
01:46:35.0687 5340  AsrCDDrv - ok
01:46:35.0703 5340  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:46:35.0734 5340  AsyncMac - ok
01:46:35.0749 5340  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
01:46:35.0749 5340  atapi - ok
01:46:35.0781 5340  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:46:35.0796 5340  AudioEndpointBuilder - ok
01:46:35.0796 5340  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
01:46:35.0812 5340  Audiosrv - ok
01:46:35.0828 5340  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
01:46:35.0828 5340  avgntflt - ok
01:46:35.0843 5340  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
01:46:35.0859 5340  avipbb - ok
01:46:35.0874 5340  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
01:46:35.0874 5340  avkmgr - ok
01:46:35.0890 5340  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:46:35.0937 5340  Beep - ok
01:46:35.0968 5340  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
01:46:35.0984 5340  BFE - ok
01:46:36.0015 5340  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
01:46:36.0062 5340  BITS - ok
01:46:36.0078 5340  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
01:46:36.0109 5340  blbdrive - ok
01:46:36.0124 5340  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:46:36.0140 5340  bowser - ok
01:46:36.0171 5340  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
01:46:36.0187 5340  BrFiltLo - ok
01:46:36.0203 5340  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
01:46:36.0265 5340  BrFiltUp - ok
01:46:36.0312 5340  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
01:46:36.0406 5340  Browser - ok
01:46:36.0624 5340  [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] BrowserProtect  C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
01:46:36.0624 5340  Suspicious file (NoAccess): C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe. md5: D9C8DC2D7EC28E3FF25C99EF17C8631A
01:46:36.0640 5340  BrowserProtect ( LockedFile.Multi.Generic ) - warning
01:46:36.0640 5340  BrowserProtect - detected LockedFile.Multi.Generic (1)
01:46:36.0656 5340  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
01:46:36.0703 5340  Brserid - ok
01:46:36.0734 5340  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
01:46:36.0796 5340  BrSerWdm - ok
01:46:36.0812 5340  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
01:46:36.0874 5340  BrUsbMdm - ok
01:46:36.0906 5340  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
01:46:36.0937 5340  BrUsbSer - ok
01:46:36.0953 5340  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
01:46:37.0015 5340  BTHMODEM - ok
01:46:37.0031 5340  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:46:37.0046 5340  cdfs - ok
01:46:37.0078 5340  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
01:46:37.0093 5340  cdrom - ok
01:46:37.0109 5340  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
01:46:37.0124 5340  CertPropSvc - ok
01:46:37.0156 5340  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
01:46:37.0171 5340  circlass - ok
01:46:37.0218 5340  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
01:46:37.0234 5340  CLFS - ok
01:46:37.0281 5340  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:46:37.0281 5340  clr_optimization_v2.0.50727_32 - ok
01:46:37.0328 5340  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:46:37.0343 5340  clr_optimization_v4.0.30319_32 - ok
01:46:37.0374 5340  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:46:37.0390 5340  cmdide - ok
01:46:37.0406 5340  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
01:46:37.0421 5340  Compbatt - ok
01:46:37.0421 5340  COMSysApp - ok
01:46:37.0421 5340  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
01:46:37.0437 5340  crcdisk - ok
01:46:37.0453 5340  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
01:46:37.0484 5340  Crusoe - ok
01:46:37.0515 5340  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:46:37.0562 5340  CryptSvc - ok
01:46:37.0609 5340  [ A979E61C7A92D22F324817CDB6C1DBED ] cusrvc          C:\Program Files\Novell\Client\cusrvc.exe
01:46:37.0624 5340  cusrvc - ok
01:46:37.0656 5340  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:46:37.0734 5340  DcomLaunch - ok
01:46:37.0749 5340  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:46:37.0796 5340  DfsC - ok
01:46:37.0859 5340  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
01:46:37.0968 5340  DFSR - ok
01:46:38.0046 5340  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
01:46:38.0093 5340  Dhcp - ok
01:46:38.0109 5340  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
01:46:38.0109 5340  disk - ok
01:46:38.0156 5340  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:46:38.0187 5340  Dnscache - ok
01:46:38.0203 5340  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
01:46:38.0234 5340  dot3svc - ok
01:46:38.0249 5340  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
01:46:38.0281 5340  DPS - ok
01:46:38.0312 5340  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
01:46:38.0343 5340  drmkaud - ok
01:46:38.0374 5340  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
01:46:38.0406 5340  DXGKrnl - ok
01:46:38.0437 5340  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
01:46:38.0484 5340  E1G60 - ok
01:46:38.0499 5340  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
01:46:38.0515 5340  EapHost - ok
01:46:38.0546 5340  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
01:46:38.0562 5340  Ecache - ok
01:46:38.0609 5340  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
01:46:38.0640 5340  ehRecvr - ok
01:46:38.0671 5340  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
01:46:38.0718 5340  ehSched - ok
01:46:38.0734 5340  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
01:46:38.0749 5340  ehstart - ok
01:46:38.0781 5340  [ 23B62471681A124889978F6295B3F4C6 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
01:46:38.0796 5340  elxstor - ok
01:46:38.0874 5340  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
01:46:38.0921 5340  EMDMgmt - ok
01:46:38.0937 5340  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:46:38.0968 5340  ErrDev - ok
01:46:38.0999 5340  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
01:46:39.0031 5340  EventSystem - ok
01:46:39.0046 5340  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
01:46:39.0062 5340  exfat - ok
01:46:39.0078 5340  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
01:46:39.0093 5340  fastfat - ok
01:46:39.0109 5340  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
01:46:39.0156 5340  fdc - ok
01:46:39.0156 5340  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
01:46:39.0171 5340  fdPHost - ok
01:46:39.0187 5340  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:46:39.0234 5340  FDResPub - ok
01:46:39.0265 5340  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:46:39.0281 5340  FileInfo - ok
01:46:39.0296 5340  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
01:46:39.0328 5340  Filetrace - ok
01:46:39.0343 5340  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:46:39.0374 5340  flpydisk - ok
01:46:39.0390 5340  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:46:39.0406 5340  FltMgr - ok
01:46:39.0453 5340  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
01:46:39.0499 5340  FontCache - ok
01:46:39.0562 5340  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:46:39.0562 5340  FontCache3.0.0.0 - ok
01:46:39.0593 5340  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:46:39.0609 5340  Fs_Rec - ok
01:46:39.0624 5340  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
01:46:39.0640 5340  gagp30kx - ok
01:46:39.0718 5340  Giraffic - ok
01:46:39.0734 5340  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
01:46:39.0781 5340  gpsvc - ok
01:46:39.0921 5340  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
01:46:39.0921 5340  gupdate - ok
01:46:39.0937 5340  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
01:46:39.0937 5340  gupdatem - ok
01:46:39.0953 5340  [ 833051C6C6C42117191935F734CFBD97 ] hamachi        C:\Windows\system32\DRIVERS\hamachi.sys
01:46:39.0968 5340  hamachi - ok
01:46:40.0281 5340  [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
01:46:40.0484 5340  Hamachi2Svc - ok
01:46:40.0562 5340  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:46:40.0578 5340  HdAudAddService - ok
01:46:40.0656 5340  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
01:46:40.0749 5340  HDAudBus - ok
01:46:40.0796 5340  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
01:46:40.0843 5340  HidBth - ok
01:46:40.0874 5340  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
01:46:40.0906 5340  HidIr - ok
01:46:40.0937 5340  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
01:46:40.0953 5340  hidserv - ok
01:46:40.0953 5340  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:46:40.0968 5340  HidUsb - ok
01:46:41.0062 5340  [ 9D2C35E06CE117355ABADCEEE1558D21 ] HiPatchService  C:\Program Files\Hi-Rez Studios\HiPatchService.exe
01:46:41.0093 5340  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
01:46:41.0093 5340  HiPatchService - detected UnsignedFile.Multi.Generic (1)
01:46:41.0124 5340  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:46:41.0140 5340  hkmsvc - ok
01:46:41.0171 5340  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
01:46:41.0171 5340  HpCISSs - ok
01:46:41.0218 5340  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:46:41.0249 5340  HTTP - ok
01:46:41.0281 5340  [ C6B032D69650985468160FC9937CF5B4 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
01:46:41.0281 5340  i2omp - ok
01:46:41.0328 5340  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
01:46:41.0359 5340  i8042prt - ok
01:46:41.0390 5340  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
01:46:41.0390 5340  iaStorV - ok
01:46:41.0453 5340  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:46:41.0703 5340  idsvc - ok
01:46:41.0734 5340  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
01:46:41.0765 5340  iirsp - ok
01:46:41.0859 5340  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
01:46:41.0906 5340  IKEEXT - ok
01:46:41.0921 5340  IntcAzAudAddService - ok
01:46:41.0921 5340  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
01:46:41.0937 5340  intelide - ok
01:46:41.0953 5340  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:46:41.0968 5340  intelppm - ok
01:46:41.0999 5340  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
01:46:42.0031 5340  IPBusEnum - ok
01:46:42.0046 5340  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:46:42.0093 5340  IpFilterDriver - ok
01:46:42.0124 5340  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:46:42.0124 5340  iphlpsvc - ok
01:46:42.0140 5340  IpInIp - ok
01:46:42.0156 5340  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
01:46:42.0171 5340  IPMIDRV - ok
01:46:42.0203 5340  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
01:46:42.0218 5340  IPNAT - ok
01:46:42.0281 5340  [ 572A08A06C6BA5080EE80F170B0E627C ] iprntsrv        C:\Windows\system32\iprntsrv.exe
01:46:42.0296 5340  iprntsrv ( UnsignedFile.Multi.Generic ) - warning
01:46:42.0296 5340  iprntsrv - detected UnsignedFile.Multi.Generic (1)
01:46:42.0328 5340  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:46:42.0359 5340  IRENUM - ok
01:46:42.0374 5340  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:46:42.0390 5340  isapnp - ok
01:46:42.0421 5340  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
01:46:42.0437 5340  iScsiPrt - ok
01:46:42.0453 5340  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
01:46:42.0468 5340  iteatapi - ok
01:46:42.0484 5340  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
01:46:42.0484 5340  iteraid - ok
01:46:42.0515 5340  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
01:46:42.0531 5340  kbdclass - ok
01:46:42.0546 5340  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
01:46:42.0593 5340  kbdhid - ok
01:46:42.0609 5340  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
01:46:42.0671 5340  KeyIso - ok
01:46:55.0281 5340  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:46:55.0296 5340  KSecDD - ok
01:46:55.0328 5340  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
01:46:55.0374 5340  KtmRm - ok
01:46:55.0406 5340  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
01:46:55.0453 5340  LanmanServer - ok
01:46:55.0484 5340  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:46:55.0531 5340  LanmanWorkstation - ok
01:46:55.0562 5340  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:46:55.0593 5340  lltdio - ok
01:46:55.0624 5340  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
01:46:55.0656 5340  lltdsvc - ok
01:46:55.0671 5340  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
01:46:55.0703 5340  lmhosts - ok
01:46:55.0734 5340  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
01:46:55.0749 5340  LSI_FC - ok
01:46:55.0749 5340  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
01:46:55.0765 5340  LSI_SAS - ok
01:46:55.0781 5340  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
01:46:55.0796 5340  LSI_SCSI - ok
01:46:55.0812 5340  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
01:46:55.0843 5340  luafv - ok
01:46:55.0874 5340  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
01:46:55.0890 5340  McComponentHostService - ok
01:46:55.0906 5340  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
01:46:55.0921 5340  Mcx2Svc - ok
01:46:55.0968 5340  [ 0001CE609D66632FA17B84705F658879 ] megasas        C:\Windows\system32\drivers\megasas.sys
01:46:56.0015 5340  megasas - ok
01:46:56.0062 5340  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
01:46:56.0078 5340  MegaSR - ok
01:46:56.0109 5340  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
01:46:56.0171 5340  MMCSS - ok
01:46:56.0203 5340  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
01:46:56.0234 5340  Modem - ok
01:46:56.0234 5340  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
01:46:56.0296 5340  monitor - ok
01:46:56.0296 5340  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:46:56.0312 5340  mouclass - ok
01:46:56.0343 5340  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:46:56.0390 5340  mouhid - ok
01:46:56.0406 5340  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
01:46:56.0421 5340  MountMgr - ok
01:46:56.0453 5340  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:46:56.0468 5340  mpio - ok
01:46:56.0484 5340  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:46:56.0515 5340  mpsdrv - ok
01:46:56.0562 5340  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:46:56.0593 5340  MpsSvc - ok
01:46:56.0609 5340  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
01:46:56.0624 5340  Mraid35x - ok
01:46:56.0671 5340  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:46:56.0703 5340  MRxDAV - ok
01:46:56.0749 5340  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:46:56.0765 5340  mrxsmb - ok
01:46:56.0781 5340  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:46:56.0796 5340  mrxsmb10 - ok
01:46:56.0796 5340  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:46:56.0812 5340  mrxsmb20 - ok
01:46:56.0843 5340  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
01:46:56.0843 5340  msahci - ok
01:46:56.0859 5340  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
01:46:56.0874 5340  msdsm - ok
01:46:56.0890 5340  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
01:46:56.0921 5340  MSDTC - ok
01:46:56.0953 5340  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:46:57.0015 5340  Msfs - ok
01:46:57.0093 5340  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:46:57.0109 5340  msisadrv - ok
01:46:57.0140 5340  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
01:46:57.0171 5340  MSiSCSI - ok
01:46:57.0171 5340  msiserver - ok
01:46:57.0218 5340  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
01:46:57.0249 5340  MSKSSRV - ok
01:46:57.0281 5340  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:46:57.0296 5340  MSPCLOCK - ok
01:46:57.0312 5340  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
01:46:57.0343 5340  MSPQM - ok
01:46:57.0374 5340  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
01:46:57.0390 5340  MsRPC - ok
01:46:57.0406 5340  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
01:46:57.0406 5340  mssmbios - ok
01:46:57.0437 5340  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
01:46:57.0453 5340  MSTEE - ok
01:46:57.0468 5340  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
01:46:57.0484 5340  Mup - ok
01:46:57.0499 5340  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
01:46:57.0531 5340  napagent - ok
01:46:57.0562 5340  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
01:46:57.0562 5340  NativeWifiP - ok
01:46:57.0593 5340  [ 157E98B2DD9139C7D55049FE635BD39F ] NCFilter        C:\Windows\system32\DRIVERS\NCFilter.sys
01:46:57.0609 5340  NCFilter - ok
01:46:57.0624 5340  [ DF04002FB1F6C9DCB438B9324640CCDB ] NCFSD          C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys
01:46:57.0640 5340  NCFSD - ok
01:46:57.0640 5340  [ 54ADEC9108C5A0BF9D21E4A6EF062DB1 ] NCIOCTL        C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys
01:46:57.0656 5340  NCIOCTL - ok
01:46:57.0656 5340  [ 450B8C689B73C39816FB872404805517 ] NCRecognizer    C:\Windows\system32\DRIVERS\NCRecognizer.sys
01:46:57.0671 5340  NCRecognizer - ok
01:46:57.0687 5340  [ D28874F3CE6BADD9884C62391B39133F ] NCUncFilter    C:\Windows\system32\DRIVERS\NCUncFilter.sys
01:46:57.0687 5340  NCUncFilter - ok
01:46:57.0718 5340  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:46:57.0734 5340  NDIS - ok
01:46:57.0765 5340  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:46:57.0781 5340  NdisTapi - ok
01:46:57.0796 5340  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
01:46:57.0812 5340  Ndisuio - ok
01:46:57.0828 5340  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
01:46:57.0843 5340  NdisWan - ok
01:46:57.0843 5340  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
01:46:57.0859 5340  NDProxy - ok
01:46:57.0874 5340  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
01:46:57.0890 5340  NetBIOS - ok
01:46:57.0921 5340  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
01:46:57.0953 5340  netbt - ok
01:46:57.0984 5340  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
01:46:57.0984 5340  Netlogon - ok
01:46:57.0999 5340  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
01:46:58.0031 5340  Netman - ok
01:46:58.0046 5340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:46:58.0078 5340  NetMsmqActivator - ok
01:46:58.0078 5340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:46:58.0093 5340  NetPipeActivator - ok
01:46:58.0109 5340  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
01:46:58.0140 5340  netprofm - ok
01:46:58.0171 5340  [ 9BA2F93E4F01EC58E722B36639E0CE5D ] netr28u        C:\Windows\system32\DRIVERS\netr28u.sys
01:46:58.0249 5340  netr28u - ok
01:46:58.0249 5340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:46:58.0265 5340  NetTcpActivator - ok
01:46:58.0265 5340  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:46:58.0281 5340  NetTcpPortSharing - ok
01:46:58.0296 5340  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
01:46:58.0296 5340  nfrd960 - ok
01:46:58.0312 5340  [ A1EF820415ED5BBE0DBB3F67866BD2E1 ] NICM            C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys
01:46:58.0312 5340  NICM - ok
01:46:58.0390 5340  [ 2D2F2428012C4468B1D48939ACAF056F ] nipplpt2        C:\Windows\system32\drivers\nipplpt.sys
01:46:58.0390 5340  nipplpt2 - ok
01:46:58.0406 5340  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:46:58.0437 5340  NlaSvc - ok
01:46:58.0437 5340  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:46:58.0468 5340  Npfs - ok
01:46:58.0499 5340  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
01:46:58.0546 5340  nsi - ok
01:46:58.0578 5340  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:46:58.0609 5340  nsiproxy - ok
01:46:58.0656 5340  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:46:58.0718 5340  Ntfs - ok
01:46:58.0749 5340  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
01:46:58.0781 5340  ntrigdigi - ok
01:46:58.0812 5340  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
01:46:58.0828 5340  Null - ok
01:46:58.0874 5340  [ 6FF4A2805E7092B8162462C03AE426E8 ] NuTCRACKERService C:\Windows\system32\nutsrv4.exe
01:46:58.0890 5340  NuTCRACKERService - ok
01:46:59.0093 5340  [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:46:59.0421 5340  nvlddmkm - ok
01:46:59.0453 5340  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:46:59.0468 5340  nvraid - ok
01:46:59.0484 5340  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:46:59.0484 5340  nvstor - ok
01:46:59.0531 5340  [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc          C:\Windows\system32\nvvsvc.exe
01:46:59.0562 5340  nvsvc - ok
01:46:59.0624 5340  [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:46:59.0671 5340  nvUpdatusService - ok
01:46:59.0703 5340  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:46:59.0718 5340  nv_agp - ok
01:46:59.0718 5340  NwlnkFlt - ok
01:46:59.0734 5340  NwlnkFwd - ok
01:46:59.0781 5340  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:46:59.0828 5340  ohci1394 - ok
01:46:59.0859 5340  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
01:46:59.0921 5340  p2pimsvc - ok
01:46:59.0953 5340  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:46:59.0984 5340  p2psvc - ok
01:47:00.0031 5340  [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
01:47:00.0046 5340  Parport - ok
01:47:00.0062 5340  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
01:47:00.0078 5340  partmgr - ok
01:47:00.0093 5340  [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
01:47:00.0109 5340  Parvdm - ok
01:47:00.0140 5340  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:47:00.0156 5340  PcaSvc - ok
01:47:00.0187 5340  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
01:47:00.0203 5340  pci - ok
01:47:00.0203 5340  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
01:47:00.0218 5340  pciide - ok
01:47:00.0249 5340  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
01:47:00.0265 5340  pcmcia - ok
01:47:00.0296 5340  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:47:00.0359 5340  PEAUTH - ok
01:47:00.0406 5340  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
01:47:00.0531 5340  pla - ok
01:47:00.0562 5340  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:47:00.0609 5340  PlugPlay - ok
01:47:00.0640 5340  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
01:47:00.0656 5340  PNRPAutoReg - ok
01:47:00.0718 5340  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
01:47:00.0796 5340  PNRPsvc - ok
01:47:00.0828 5340  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
01:47:00.0843 5340  PolicyAgent - ok
01:47:01.0031 5340  [ F0ACCA9C2A3897CE9AC38820AD319093 ] PortmapperService C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe
01:47:01.0031 5340  Suspicious file (Hidden): C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe. md5: F0ACCA9C2A3897CE9AC38820AD319093
01:47:01.0031 5340  PortmapperService ( HiddenFile.Multi.Generic ) - warning
01:47:01.0031 5340  PortmapperService - detected HiddenFile.Multi.Generic (1)
01:47:01.0031 5340  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:47:01.0093 5340  PptpMiniport - ok
01:47:01.0124 5340  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor      C:\Windows\system32\drivers\processr.sys
01:47:01.0156 5340  Processor - ok
01:47:01.0171 5340  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
01:47:01.0187 5340  ProfSvc - ok
01:47:01.0203 5340  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
01:47:01.0218 5340  ProtectedStorage - ok
01:47:01.0218 5340  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
01:47:01.0249 5340  PSched - ok
01:47:01.0281 5340  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
01:47:01.0343 5340  ql2300 - ok
01:47:01.0374 5340  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
01:47:01.0390 5340  ql40xx - ok
01:47:01.0421 5340  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
01:47:01.0437 5340  QWAVE - ok
01:47:01.0437 5340  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:47:01.0468 5340  QWAVEdrv - ok
01:47:01.0468 5340  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:47:01.0499 5340  RasAcd - ok
01:47:01.0515 5340  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
01:47:01.0531 5340  RasAuto - ok
01:47:01.0546 5340  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
01:47:01.0562 5340  Rasl2tp - ok
01:47:01.0578 5340  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
01:47:01.0609 5340  RasMan - ok
01:47:01.0624 5340  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:47:01.0640 5340  RasPppoe - ok
01:47:01.0656 5340  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
01:47:01.0656 5340  RasSstp - ok
01:47:01.0671 5340  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
01:47:01.0687 5340  rdbss - ok
01:47:01.0703 5340  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:47:01.0718 5340  RDPCDD - ok
01:47:01.0749 5340  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
01:47:01.0765 5340  rdpdr - ok
01:47:01.0765 5340  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:47:01.0812 5340  RDPENCDD - ok
01:47:01.0843 5340  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
01:47:01.0874 5340  RDPWD - ok
01:47:01.0906 5340  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:47:01.0937 5340  RemoteAccess - ok
01:47:01.0953 5340  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:47:01.0968 5340  RemoteRegistry - ok
01:47:01.0984 5340  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
01:47:02.0015 5340  RpcLocator - ok
01:47:02.0031 5340  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
01:47:02.0062 5340  RpcSs - ok
01:47:02.0109 5340  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:47:02.0171 5340  rspndr - ok
01:47:02.0265 5340  [ 174B9514CD1A0C33CE4BBC02A3C81A62 ] RTL8169        C:\Windows\system32\DRIVERS\Rtlh86.sys
01:47:02.0406 5340  RTL8169 - ok
01:47:02.0484 5340  [ 3E322976D9414490DF552D63A0DBE288 ] RTL8192su      C:\Windows\system32\DRIVERS\RTL8192su.sys
01:47:02.0499 5340  RTL8192su - ok
01:47:02.0562 5340  [ 93E699215095CAE67E2631468A45F750 ] SaiKA50A        C:\Windows\system32\DRIVERS\SaiKA50A.sys
01:47:02.0578 5340  SaiKA50A - ok
01:47:02.0624 5340  [ F8591353036D0D7B28FFAC373DF95D22 ] SaiMini        C:\Windows\system32\DRIVERS\SaiMini.sys
01:47:02.0624 5340  SaiMini - ok
01:47:02.0640 5340  [ B6BA8F537D63FDF425C9245699AE2565 ] SaiNtBus        C:\Windows\system32\drivers\SaiBus.sys
01:47:02.0656 5340  SaiNtBus - ok
01:47:02.0687 5340  [ 3BF2B0FA7A45A7AC0141B737765BAE9D ] SaiUA50A        C:\Windows\system32\DRIVERS\SaiUA50A.sys
01:47:02.0703 5340  SaiUA50A - ok
01:47:02.0703 5340  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
01:47:02.0703 5340  SamSs - ok
01:47:02.0718 5340  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:47:02.0734 5340  sbp2port - ok
01:47:02.0765 5340  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:47:02.0781 5340  SCardSvr - ok
01:47:02.0812 5340  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
01:47:02.0921 5340  Schedule - ok
01:47:02.0937 5340  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
01:47:02.0953 5340  SCPolicySvc - ok
01:47:02.0999 5340  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:47:03.0046 5340  SDRSVC - ok
01:47:03.0078 5340  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:47:03.0124 5340  secdrv - ok
01:47:03.0140 5340  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
01:47:03.0156 5340  seclogon - ok
01:47:03.0171 5340  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
01:47:03.0203 5340  SENS - ok
01:47:03.0234 5340  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
01:47:03.0249 5340  Serenum - ok
01:47:03.0265 5340  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
01:47:03.0281 5340  Serial - ok
01:47:03.0296 5340  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
01:47:03.0312 5340  sermouse - ok
01:47:03.0343 5340  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:47:03.0374 5340  SessionEnv - ok
01:47:03.0390 5340  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
01:47:03.0406 5340  sffdisk - ok
01:47:03.0437 5340  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:47:03.0468 5340  sffp_mmc - ok
01:47:03.0499 5340  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
01:47:03.0562 5340  sffp_sd - ok
01:47:03.0593 5340  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
01:47:03.0640 5340  sfloppy - ok
01:47:03.0671 5340  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:47:03.0687 5340  SharedAccess - ok
01:47:03.0703 5340  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:47:03.0734 5340  ShellHWDetection - ok
01:47:03.0749 5340  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
01:47:03.0765 5340  sisagp - ok
01:47:03.0781 5340  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
01:47:03.0796 5340  SiSRaid2 - ok
01:47:03.0812 5340  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
01:47:03.0812 5340  SiSRaid4 - ok
01:47:03.0890 5340  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
01:47:03.0890 5340  SkypeUpdate - ok
01:47:03.0968 5340  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
01:47:04.0218 5340  slsvc - ok
01:47:04.0265 5340  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
01:47:04.0312 5340  SLUINotify - ok
01:47:04.0343 5340  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
01:47:04.0374 5340  Smb - ok
01:47:04.0390 5340  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:47:04.0406 5340  SNMPTRAP - ok
01:47:04.0437 5340  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
01:47:04.0437 5340  spldr - ok
01:47:04.0468 5340  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
01:47:04.0499 5340  Spooler - ok
01:47:04.0531 5340  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
01:47:04.0546 5340  srv - ok
01:47:04.0578 5340  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:47:04.0578 5340  srv2 - ok
01:47:04.0609 5340  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:47:04.0640 5340  srvnet - ok
01:47:04.0671 5340  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
01:47:04.0703 5340  SSDPSRV - ok
01:47:04.0718 5340  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
01:47:04.0734 5340  ssmdrv - ok
01:47:04.0749 5340  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
01:47:04.0796 5340  SstpSvc - ok
01:47:04.0843 5340  Steam Client Service - ok
01:47:04.0906 5340  [ E4EBF293D1F612BDA19B646C36715B20 ] STEC3          C:\Windows\system32\STEC3.sys
01:47:04.0921 5340  STEC3 ( UnsignedFile.Multi.Generic ) - warning
01:47:04.0921 5340  STEC3 - detected UnsignedFile.Multi.Generic (1)
01:47:04.0999 5340  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:47:05.0046 5340  Stereo Service - ok
01:47:05.0140 5340  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
01:47:05.0171 5340  stisvc - ok
01:47:05.0187 5340  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
01:47:05.0203 5340  swenum - ok
01:47:05.0218 5340  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
01:47:05.0249 5340  swprv - ok
01:47:05.0265 5340  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
01:47:05.0281 5340  Symc8xx - ok
01:47:05.0296 5340  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
01:47:05.0296 5340  Sym_hi - ok
01:47:05.0312 5340  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
01:47:05.0328 5340  Sym_u3 - ok
01:47:05.0359 5340  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
01:47:05.0390 5340  SysMain - ok
01:47:05.0421 5340  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:47:05.0437 5340  TabletInputService - ok
01:47:05.0453 5340  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
01:47:05.0484 5340  TapiSrv - ok
01:47:05.0515 5340  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
01:47:05.0531 5340  TBS - ok
01:47:05.0562 5340  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
01:47:05.0593 5340  Tcpip - ok
01:47:05.0640 5340  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
01:47:05.0671 5340  Tcpip6 - ok
01:47:05.0718 5340  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:47:05.0734 5340  tcpipreg - ok
01:47:05.0765 5340  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:47:05.0796 5340  TDPIPE - ok
01:47:05.0796 5340  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
01:47:05.0812 5340  TDTCP - ok
01:47:05.0843 5340  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
01:47:05.0859 5340  tdx - ok
01:47:05.0874 5340  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
01:47:05.0874 5340  TermDD - ok
01:47:05.0890 5340  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
01:47:05.0968 5340  TermService - ok
01:47:06.0031 5340  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
01:47:06.0031 5340  Themes - ok
01:47:06.0046 5340  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
01:47:06.0062 5340  THREADORDER - ok
01:47:06.0078 5340  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
01:47:06.0093 5340  TrkWks - ok
01:47:06.0140 5340  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:47:06.0156 5340  TrustedInstaller - ok
01:47:06.0171 5340  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:47:06.0203 5340  tssecsrv - ok
01:47:06.0265 5340  [ FC740E4FF236B72CA59B8F762D30C7F3 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
01:47:06.0374 5340  TuneUp.UtilitiesSvc - ok
01:47:06.0453 5340  [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
01:47:06.0453 5340  TuneUpUtilitiesDrv - ok
01:47:06.0546 5340  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
01:47:06.0562 5340  tunmp - ok
01:47:06.0593 5340  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:47:06.0593 5340  tunnel - ok
01:47:06.0624 5340  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
01:47:06.0640 5340  uagp35 - ok
01:47:06.0671 5340  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:47:06.0687 5340  udfs - ok
01:47:06.0687 5340  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
01:47:06.0718 5340  UI0Detect - ok
01:47:06.0734 5340  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:47:06.0749 5340  uliagpkx - ok
01:47:06.0765 5340  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci        C:\Windows\system32\drivers\uliahci.sys
01:47:06.0781 5340  uliahci - ok
01:47:06.0796 5340  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
01:47:06.0812 5340  UlSata - ok
01:47:06.0828 5340  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
01:47:06.0843 5340  ulsata2 - ok
01:47:06.0859 5340  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
01:47:06.0890 5340  umbus - ok
01:47:06.0906 5340  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
01:47:06.0937 5340  upnphost - ok
01:47:06.0953 5340  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
01:47:06.0984 5340  usbaudio - ok
01:47:07.0015 5340  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
01:47:07.0046 5340  usbccgp - ok
01:47:07.0062 5340  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:47:07.0093 5340  usbcir - ok
01:47:07.0124 5340  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
01:47:07.0140 5340  usbehci - ok
01:47:07.0156 5340  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:47:07.0203 5340  usbhub - ok
01:47:07.0218 5340  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
01:47:07.0249 5340  usbohci - ok
01:47:07.0281 5340  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:47:07.0296 5340  usbprint - ok
01:47:07.0312 5340  [ A508C9BD8724980512136B039BBA65E9 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
01:47:07.0343 5340  usbscan - ok
01:47:07.0374 5340  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:47:07.0390 5340  USBSTOR - ok
01:47:07.0406 5340  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
01:47:07.0437 5340  usbuhci - ok
01:47:07.0453 5340  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
01:47:07.0515 5340  UxSms - ok
01:47:07.0562 5340  [ 57324E62405EC114C6C1A6F1C9704E8F ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
01:47:07.0562 5340  UxTuneUp - ok
01:47:07.0609 5340  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
01:47:07.0703 5340  vds - ok
01:47:07.0749 5340  [ 87B06E1F30B749A114F74622D013F8D4 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
01:47:07.0765 5340  vga - ok
01:47:07.0796 5340  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
01:47:07.0812 5340  VgaSave - ok
01:47:07.0843 5340  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
01:47:07.0859 5340  viaagp - ok
01:47:07.0874 5340  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7          C:\Windows\system32\drivers\viac7.sys
01:47:07.0890 5340  ViaC7 - ok
01:47:07.0906 5340  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
01:47:07.0906 5340  viaide - ok
01:47:07.0921 5340  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:47:07.0921 5340  volmgr - ok
01:47:07.0968 5340  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
01:47:07.0968 5340  volmgrx - ok
01:47:08.0031 5340  [ 786DB5771F05EF300390399F626BF30A ] volsnap        C:\Windows\system32\drivers\volsnap.sys
01:47:08.0046 5340  volsnap - ok
01:47:08.0109 5340  [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
01:47:08.0124 5340  vpnagent - ok
01:47:08.0171 5340  [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva          C:\Windows\system32\DRIVERS\vpnva.sys
01:47:08.0171 5340  vpnva - ok
01:47:08.0187 5340  [ 587253E09325E6BF226B299774B728A9 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
01:47:08.0203 5340  vsmraid - ok
01:47:08.0234 5340  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
01:47:08.0281 5340  VSS - ok
01:47:08.0296 5340  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
01:47:08.0328 5340  W32Time - ok
01:47:08.0359 5340  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
01:47:08.0406 5340  WacomPen - ok
01:47:08.0406 5340  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
01:47:08.0421 5340  Wanarp - ok
01:47:08.0421 5340  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:47:08.0437 5340  Wanarpv6 - ok
01:47:08.0468 5340  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
01:47:08.0515 5340  wcncsvc - ok
01:47:08.0531 5340  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:47:08.0562 5340  WcsPlugInService - ok
01:47:08.0578 5340  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
01:47:08.0593 5340  Wd - ok
01:47:08.0640 5340  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:47:08.0671 5340  Wdf01000 - ok
01:47:08.0687 5340  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:47:08.0718 5340  WdiServiceHost - ok
01:47:08.0718 5340  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
01:47:08.0734 5340  WdiSystemHost - ok
01:47:08.0765 5340  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
01:47:08.0781 5340  WebClient - ok
01:47:08.0812 5340  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:47:08.0843 5340  Wecsvc - ok
01:47:08.0874 5340  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
01:47:08.0890 5340  wercplsupport - ok
01:47:08.0921 5340  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:47:08.0937 5340  WerSvc - ok
01:47:08.0968 5340  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
01:47:08.0984 5340  WinDefend - ok
01:47:08.0984 5340  WinHttpAutoProxySvc - ok
01:47:09.0015 5340  Winmgmt - ok
01:47:09.0046 5340  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
01:47:09.0093 5340  WinRM - ok
01:47:09.0124 5340  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
01:47:09.0171 5340  Wlansvc - ok
01:47:09.0281 5340  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:47:09.0453 5340  wlidsvc - ok
01:47:09.0468 5340  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
01:47:09.0515 5340  WmiAcpi - ok
01:47:09.0593 5340  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:47:09.0640 5340  wmiApSrv - ok
01:47:09.0671 5340  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
01:47:09.0765 5340  WMPNetworkSvc - ok
01:47:09.0843 5340  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:47:09.0968 5340  WPCSvc - ok
01:47:09.0999 5340  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:47:10.0031 5340  WPDBusEnum - ok
01:47:10.0078 5340  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:47:10.0140 5340  WPFFontCache_v0400 - ok
01:47:10.0171 5340  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
01:47:10.0234 5340  ws2ifsl - ok
01:47:10.0234 5340  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
01:47:10.0265 5340  wscsvc - ok
01:47:10.0265 5340  WSearch - ok
01:47:10.0312 5340  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
01:47:10.0406 5340  wuauserv - ok
01:47:10.0437 5340  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:47:10.0499 5340  WudfPf - ok
01:47:10.0515 5340  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:47:10.0531 5340  WUDFRd - ok
01:47:10.0562 5340  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
01:47:10.0578 5340  wudfsvc - ok
01:47:10.0593 5340  [ 3D130383A56DB5DE539AA6BB269E1A6C ] XTSvcMgr        C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
01:47:10.0609 5340  XTSvcMgr - ok
01:47:10.0624 5340  ================ Scan global ===============================
01:47:10.0640 5340  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
01:47:10.0687 5340  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
01:47:10.0703 5340  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
01:47:10.0718 5340  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
01:47:10.0734 5340  [Global] - ok
01:47:10.0734 5340  ================ Scan MBR ==================================
01:47:10.0734 5340  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:47:11.0109 5340  \Device\Harddisk0\DR0 - ok
01:47:11.0109 5340  ================ Scan VBR ==================================
01:47:11.0124 5340  [ B6DFDB9B4F02D57757EC3ABAFB56DC56 ] \Device\Harddisk0\DR0\Partition1
01:47:11.0124 5340  \Device\Harddisk0\DR0\Partition1 - ok
01:47:11.0124 5340  ============================================================
01:47:11.0124 5340  Scan finished
01:47:11.0124 5340  ============================================================
01:47:11.0124 4960  Detected object count: 5
01:47:11.0124 4960  Actual detected object count: 5
01:47:37.0359 4960  BrowserProtect ( LockedFile.Multi.Generic ) - skipped by user
01:47:37.0359 4960  BrowserProtect ( LockedFile.Multi.Generic ) - User select action: Skip
01:47:37.0359 4960  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
01:47:37.0359 4960  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:47:37.0359 4960  iprntsrv ( UnsignedFile.Multi.Generic ) - skipped by user
01:47:37.0359 4960  iprntsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:47:37.0359 4960  PortmapperService ( HiddenFile.Multi.Generic ) - skipped by user
01:47:37.0359 4960  PortmapperService ( HiddenFile.Multi.Generic ) - User select action: Skip
01:47:37.0374 4960  STEC3 ( UnsignedFile.Multi.Generic ) - skipped by user
01:47:37.0374 4960  STEC3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:47:49.0421 5764  Deinitialize success

Cypher00 16.05.2013 20:12
hier nochmal den TDSSKiller Log als zip-Anhang

sieht bis jetzt ganz gut aus ,der Trojaner wird nicht mehr gestartet und alles andere funktioniert wieder

markusg 16.05.2013 23:33
Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Cypher00 17.05.2013 13:56
Hier der Log von Combofix:

Code:
ComboFix 13-05-16.02 - Sabine 17.05.2013  14:26:39.1.2 - x86
Running from: c:\users\Sabine\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPlyTune.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdate.log
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\smartdl
c:\program files\smartdl\cc
c:\program files\smartdl\gunzip.exe
c:\program files\smartdl\installid
c:\program files\smartdl\status-o
c:\program files\smartdl\status
c:\program files\smartdl\TorrentSearch.exe
c:\program files\TSearch
c:\program files\TSearch\client.py
c:\program files\TSearch\easydownload.exe
c:\program files\TSearch\header.bmp
c:\program files\TSearch\libtorrent.pyd
c:\program files\TSearch\python25.dll
c:\program files\TSearch\results
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Sabine\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
c:\users\Sabine\AppData\Roaming\ie_util.exe
c:\users\Sabine\AppData\Roaming\Uriwik
c:\users\Sabine\AppData\Roaming\Uriwik\anup.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_STEC3
-------\Service_STEC3
.
.
(((((((((((((((((((((((((  Files Created from 2013-04-17 to 2013-05-17  )))))))))))))))))))))))))))))))
.
.
2013-05-17 12:38 . 2013-05-17 12:42        --------        d-----w-        c:\users\Sabine\AppData\Local\temp
2013-05-17 12:38 . 2013-05-17 12:38        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-05-17 12:38 . 2013-05-17 12:38        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-16 19:09 . 2013-05-16 19:09        --------        d-----w-        C:\TDSSKiller Log
2013-05-16 18:48 . 2013-05-13 06:19        7016152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{16E03CF5-5251-4223-AB02-D7C3EA81F93E}\mpengine.dll
2013-05-16 15:18 . 2013-05-05 19:12        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-05-16 00:12 . 2013-04-15 14:20        638328        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 00:12 . 2013-04-13 10:56        37376        ----a-w-        c:\windows\system32\cdd.dll
2013-05-16 00:12 . 2013-04-09 01:36        2049024        ----a-w-        c:\windows\system32\win32k.sys
2013-05-16 00:07 . 2013-05-16 21:34        --------        d-----w-        c:\users\Sabine\AppData\Roaming\Tayv
2013-05-16 00:07 . 2013-05-16 00:07        --------        d-----w-        c:\users\Sabine\AppData\Roaming\Wuqao
2013-05-15 23:04 . 2013-05-15 23:34        --------        d-----w-        C:\_OTL
2013-05-15 12:11 . 2013-05-15 12:11        --------        d-----w-        c:\users\FH
2013-05-12 12:11 . 2013-05-12 12:11        --------        d-----w-        c:\users\Sabine\AppData\Local\Program Files
2013-05-05 21:32 . 2013-05-05 21:32        --------        d-----w-        c:\users\Sabine\AppData\Local\Game Dev Tycoon
2013-05-05 16:54 . 2013-05-05 16:56        --------        d-----w-        c:\users\Sabine\AppData\Roaming\mysearchdial
2013-05-05 16:54 . 2013-05-05 16:56        --------        d-----w-        c:\program files\Mysearchdial
2013-05-04 16:13 . 2013-05-04 16:13        --------        d-----w-        c:\users\Public\Games
2013-05-03 09:51 . 2013-05-03 17:05        --------        d-----w-        c:\program files\Common Files\PTC
2013-05-03 09:45 . 2013-05-03 09:48        --------        d-----w-        c:\users\Sabine\AppData\Local\PTC
2013-05-03 07:37 . 2013-05-03 17:07        --------        d-----w-        c:\program files\PTC
2013-05-03 07:22 . 2013-05-03 07:38        --------        d-----w-        c:\programdata\PTC
2013-05-03 07:15 . 2013-05-03 07:15        --------        d-----w-        c:\progra~2\02517~1
2013-05-02 12:25 . 2013-05-02 12:25        --------        d-----w-        c:\progra~2\04113~1
2013-05-01 19:01 . 2013-05-01 19:01        --------        d-----w-        c:\program files\mixiedj
2013-05-01 19:01 . 2013-05-01 19:01        --------        d-----w-        c:\program files\mixidj
2013-05-01 18:35 . 2013-05-01 19:01        --------        d-----w-        c:\users\Sabine\AppData\Roaming\Download Manager
2013-04-30 06:40 . 2013-04-30 06:40        --------        d-----w-        c:\progra~2\0A41F~1
2013-04-28 10:25 . 2013-04-28 10:25        --------        d-----w-        c:\program files\DomaIQ Uninstaller
2013-04-28 10:24 . 2013-04-28 10:24        --------        d-----w-        c:\users\Sabine\AppData\Roaming\player
2013-04-28 10:24 . 2013-04-28 10:24        --------        d-----w-        c:\program files\Tuguu SL
2013-04-28 10:23 . 2013-04-28 10:23        --------        d-----w-        c:\users\Sabine\AppData\Roaming\Driver Pro
2013-04-28 10:23 . 2013-04-28 10:23        --------        d-----w-        c:\program files\Driver Pro
2013-04-28 09:33 . 2013-04-28 09:33        --------        d-----w-0        c:\progra~2\WW0~1
2013-04-27 09:49 . 2013-04-27 09:49        --------        d-----w-        c:\progra~2\0321F~1
2013-04-25 10:04 . 2013-04-25 10:04        --------        d-----w-        c:\progra~2\0241B~1
2013-04-24 14:30 . 2013-04-24 14:30        --------        d-----w-        c:\progra~2\08517~1
2013-04-22 15:24 . 2013-04-22 15:24        --------        d-----w-        c:\progra~2\0DF0B~1
2013-04-22 06:05 . 2013-04-22 06:05        --------        d-----w-        c:\progra~2\0811B~1
2013-04-21 07:57 . 2013-04-21 07:57        --------        d-----w-        c:\progra~2\0601B~1
2013-04-20 16:38 . 2013-04-20 16:38        --------        d-----w-        c:\progra~2\UU0~2
2013-04-19 11:09 . 2013-04-19 11:09        --------        d-----w-        c:\program files\Common Files\Skype
2013-04-18 15:04 . 2013-04-18 15:04        --------        d-----w-0        c:\progra~2\220B~1.0
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 19:10 . 2013-05-16 19:10        23832        ----a-w-        C:\TDSSKiller Log.zip
2013-05-15 23:35 . 2012-08-11 14:39        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 23:35 . 2012-08-11 14:39        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-08-10 14:45        238872        ------w-        c:\windows\system32\MpSigStub.exe
2013-03-15 15:21 . 2013-03-15 15:21        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-03-15 15:21 . 2012-08-12 21:06        861088        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-03-15 15:21 . 2012-08-12 21:06        782240        ----a-w-        c:\windows\system32\deployJava1.dll
2013-03-11 13:25 . 2013-04-10 14:52        3603816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 14:52        3551080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 14:52        49152        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 14:52        64000        ----a-w-        c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 14:52        376320        ----a-w-        c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 14:52        2067968        ----a-w-        c:\windows\system32\mstscax.dll
2013-03-03 19:07 . 2013-04-10 14:52        1082232        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-02-25 22:22 . 2013-02-25 22:22        1985824        ----a-w-        c:\windows\system32\nvcuvenc.dll
2013-02-25 22:22 . 2012-02-09 20:43        1017120        ----a-w-        c:\windows\system32\nvdispco32.dll
2013-02-25 22:22 . 2013-02-25 22:22        6262608        ----a-w-        c:\windows\system32\nvopencl.dll
2013-02-25 22:22 . 2012-08-25 09:37        892704        ----a-w-        c:\windows\system32\nvdispgenco32.dll
2013-02-25 22:22 . 2012-08-13 13:34        12641992        ----a-w-        c:\windows\system32\nvwgf2um.dll
2013-02-25 22:22 . 2012-08-13 13:34        2505144        ----a-w-        c:\windows\system32\nvapi.dll
2013-02-25 22:22 . 2012-02-09 20:43        15129960        ----a-w-        c:\windows\system32\nvd3dum.dll
2013-02-25 22:22 . 2013-02-25 22:22        7932256        ----a-w-        c:\windows\system32\nvcuda.dll
2013-02-25 22:22 . 2013-02-25 22:22        17560352        ----a-w-        c:\windows\system32\nvcompiler.dll
2013-02-25 22:22 . 2013-02-25 22:22        20449056        ----a-w-        c:\windows\system32\nvoglv32.dll
2013-02-25 22:22 . 2013-02-25 22:22        8939296        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:22 . 2013-02-25 22:22        2720544        ----a-w-        c:\windows\system32\nvcuvid.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\prxtbVeoh.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
2011-05-09 09:49        176936        ----a-w-        c:\program files\Veoh_Web_Player\prxtbVeoh.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\prxtbVeoh.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\prxtbVeoh.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2013-05-03 1635752]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2012-04-16 67960]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-06-11 4692840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Driver Pro"="c:\program files\Driver Pro\DPLauncher.exe" [2012-10-30 340512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"NWTRAY"="NWTRAY.EXE" [2011-11-27 34904]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2012-04-25 68184]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2012-04-25 72280]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-09-26 522232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"NuTCSetupEnviron"="c:\progra~1\PTC\MKSTOO~1\bin\ncoeenv.exe" [2009-11-23 37160]
.
c:\users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
msconfig.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2013-2-14 523264]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli iPrntWinCredMan
Authentication Packages        REG_MULTI_SZ          msv1_0 ncv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [x]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 21:29        1642448        ----a-w-        c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 23:35]
.
2013-05-17 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2012-08-11 12:24]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-07 13:12]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-07 13:12]
.
2013-05-17 c:\windows\Tasks\OptimizerProUpdaterTask{2CE03A48-B8B3-4E05-A2FF-7C30D795730E}.job
- c:\programdata\Premium\OptimizerPro\OptimizerPro.exe [2012-12-24 14:50]
.
2013-05-17 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-09-04 12:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEtD0D0A0FyD0E0AtDzzyDtN0D0Tzu0CyEzytCtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu2Z2Y1N2Y1H1B1Q&cr=1207875316&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEtD0D0A0FyD0E0AtDzzyDtN0D0Tzu0CyEzytCtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu2Z2Y1N2Y1H1B1Q&cr=1207875316&ir=
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=33360bb7-7237-4abc-a443-f4f7cfe757f5&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: %SystemRoot%\system32\nutafun4.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Optimizer Pro - c:\program files\Optimizer Pro\OptProLauncher.exe
HKCU-Run-GameCenter - c:\program files\Joyvy\GameCenter.exe
HKCU-Run-Oqsaixvivy - c:\users\Sabine\AppData\Roaming\Epmo\tiyv.exe
HKCU-Run-IExplorer Util - c:\users\Sabine\AppData\Roaming\ie_util.exe
HKCU-Run-AmazonMP3DownloaderHelper - c:\users\Sabine\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKCU-Run-Kaseums - c:\users\Sabine\AppData\Roaming\Uriwik\anup.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-Katawa Shoujo - c:\program files\Katawa Shoujo\Uninstall Katawa Shoujo.exe
AddRemove-Optimizer Pro_is1 - c:\program files\Optimizer Pro\unins000.exe
AddRemove-Amazon MP3-Downloader - c:\users\Sabine\AppData\Local\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AddRemove-GoforFiles - c:\program files\GoforFiles\uninstall.exe
AddRemove-YourFileDownloader - c:\program files\YourFileDownloader\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-17 14:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortmapperService]
"ImagePath"="c:\program files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\Installation]
"strAbsolutePath"="c:\\age\\マブラヴ11\\"
"strObjectOcean"="c:\\age\\マブラヴ11\\マブラヴ11.rio"
"strIciPath"="c:\\age\\マブラヴ11\\マブラヴ11.rio.ici\00cations"
"strTTFileName"="マブラヴ11.rbt"
"strInstallSourcePath"="i:\\"
"bInstalled"=dword:00000001
"strInstallTypeSelect"="1"
"strInstallSystemType"=""
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\InstallFont]
"MS Pゴシック%#16%$-B"="マブラヴ11.rio\\MS Pゴシック16B.5RF"
"MS Pゴシック%#24%$-B%$-A"="マブラヴ11.rio\\MS Pゴシック24BA.5RF"
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\PeculiarToTheApp]
"strTheAppName"="マブラヴ1.1\0011\00E"
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rUGPBasic]
"strRugpPluginFolder"="c:\\age\\マブラヴ11\\Plugins"
"bIsIllegalTerminateCheck"=dword:00000000
"nRugpVersion"=dword:0000157c
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmBoxSettings]
"nWndFrameLevel"=dword:00000003
"nWndBaseRatioSrc"=dword:000000c0
"nWndBaseRatioDst"=dword:00000006
"nWndBaseColor1"=dword:002020a0
"nWndBaseColor2"=dword:00c0c0ff
"nWndBaseGradation"=dword:00000001
"nFontBlank"=dword:00000002
"nMainFontColor"=dword:ffffffff
"nSelectedFontColor"=dword:ff8090c0
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmInstallation]
"strFontCachePath"="c:\\age\\マブラヴ11\\"
"strVirtuaRegistryAbsolutePath"="c:\\age\\マブラヴ11\\Vmreg\\"
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmPeculiarToTheApp]
"bCanSettingWindow"=dword:00000001
"bCanSettingFont"=dword:00000001
"bPageOverNext"=dword:00000000
"bUucAccessMasterKey"=dword:00000001
"strLowSpecFont"="MS Pゴシック%#16%$-B"
"strStandardFont"="MS Pゴシック%#24%$-B%$-A"
"bCanSettingSound"=dword:00000001
"bFullScreenMenuOff"=dword:00000000
"bWindowMenuAccessMasterKey"=dword:00000001
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmUISettings]
"bFullScreen"=dword:00000001
"dwMainFontStyle"=dword:0000000c
"nTextSpeed"=dword:00000030
"strCurrentMonitorDevice"="\\\\.\\DISPLAY1"
"dwCurrentMonitorFlag"=dword:00000001
"nWindowSize"=dword:00000003
"nFaceWindowSize"=dword:00000003
"isBgm"=dword:00000001
"isEffect"=dword:00000001
"nVoiceLevel"=dword:00000001
"nLayeredEffect"=dword:00000001
"nSeenMsgSkip"=dword:00000000
"nAutoMsgSkip"=dword:00000000
"bMouseTrace"=dword:00000001
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,89,31,a3,ec,25,e6,40,ab,92,39,0a,71,a7,40,0c,56,b7,cb,75,68,
  69,00,d0,4c,2f,19,ad,e6,4b,50,d7,7b,28,2b,69,c2,9c,5c,bf,d1,b9,cb,9b,d7,40,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\Installation]
"strAbsolutePath"="c:\\age\\マブラヴ11\\"
"strObjectOcean"="c:\\age\\マブラヴ11\\マブラヴ11.rio"
"strIciPath"="c:\\age\\マブラヴ11\\マブラヴ11.rio.ici"
"strTTFileName"="マブラヴ11.rbt"
"strInstallSourcePath"="i:\\"
"bInstalled"=dword:00000001
"strInstallTypeSelect"="1"
"strInstallSystemType"=""
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\InstallFont]
"MS Pゴシック%#24%$-B%$-A"="マブラヴ11.rio\\MS Pゴシック24BA.5RF"
"MS Pゴシック%#16%$-B"="マブラヴ11.rio\\MS Pゴシック16B.5RF"
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\PeculiarToTheApp]
"strTheAppName"="マブラヴ1.1"
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rUGPBasic]
"strRugpPluginFolder"="c:\\age\\マブラヴ11\\Plugins"
"bIsIllegalTerminateCheck"=dword:00000000
"nRugpVersion"=dword:0000157c
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmBoxSettings]
"nWndFrameLevel"=dword:00000003
"nWndBaseRatioSrc"=dword:000000c0
"nWndBaseRatioDst"=dword:00000006
"nWndBaseColor1"=dword:002020a0
"nWndBaseColor2"=dword:00c0c0ff
"nWndBaseGradation"=dword:00000001
"nFontBlank"=dword:00000002
"nMainFontColor"=dword:ffffffff
"nSelectedFontColor"=dword:ff8090c0
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmInstallation]
"strFontCachePath"="c:\\age\\マブラヴ11\\"
"strVirtuaRegistryAbsolutePath"="c:\\age\\マブラヴ11\\Vmreg\\"
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmPeculiarToTheApp]
"strStandardFont"="MS Pゴシック%#24%$-B%$-A"
"strLowSpecFont"="MS Pゴシック%#16%$-B"
"bCanSettingWindow"=dword:00000001
"bCanSettingFont"=dword:00000001
"bPageOverNext"=dword:00000000
"bUucAccessMasterKey"=dword:00000001
"bCanSettingSound"=dword:00000001
"bFullScreenMenuOff"=dword:00000000
"bWindowMenuAccessMasterKey"=dword:00000001
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmUISettings]
"dwMainFontStyle"=dword:00000005
"bFullScreen"=dword:00000001
"nTextSpeed"=dword:00000030
"strCurrentMonitorDevice"="\\\\.\\DISPLAY1"
"dwCurrentMonitorFlag"=dword:00000001
"nWindowSize"=dword:00000003
"nFaceWindowSize"=dword:00000003
"isBgm"=dword:00000001
"isEffect"=dword:00000001
"nVoiceLevel"=dword:00000001
"nLayeredEffect"=dword:00000001
"nSeenMsgSkip"=dword:00000001
"nAutoMsgSkip"=dword:00000000
"bMouseTrace"=dword:00000001
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\NETWIN32.DLL
.
- - - - - - - > 'Explorer.exe'(2892)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\windows\system32\NETWIN32.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Novell\Client\cusrvc.exe
c:\program files\Giraffic\Veoh_GirafficWatchdog.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Hi-Rez Studios\HiPatchService.exe
c:\windows\system32\iprntsrv.exe
c:\windows\system32\nutsrv4.exe
c:\program files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Giraffic\Veoh_Giraffic.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\windows\System32\nwtray.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2013-05-17  14:52:50 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-17 12:52
.
Pre-Run: 12 Verzeichnis(se), 574.919.929.856 Bytes frei
Post-Run: 16 Verzeichnis(se), 577.036.746.752 Bytes frei
.
- - End Of File - - 68A2502FC4BD7B92984609376CB040FC

markusg 17.05.2013 14:04
Hi
öffne mal bitte Computer, c: qoobox
rechtsklick Quarantain, dann mit winrar oder ähnlichem archivierungsprogramm packen und hochladen:
Trojaner-Board Upload Channel

markusg 17.05.2013 16:13
danke fürs hochladen.
Nutzt du den PC für Onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?

Cypher00 18.05.2013 11:38
nein,nichts dergleichen,ich benutze ih nur zum im Internet surfen,zum Spielen und für das Studium um Berichte oder dergleichen zu schreiben.

markusg 20.05.2013 12:13
ok wenn wir fertig sind, alle Passwörter ändern.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Cypher00 29.05.2013 22:14
Ich hab jetzt ein noch größeres Problem als vorher..

Da ich das Programm zuerst in der falschen Sprache installiert hatte wollte ich es neu installieren,nach der Deinstallation war jedoch der Virus wieder aktiv und dieses mal sogar noch schlimmer als vorher.:headbang:

Ich kann auf meinem Rechner nicht einmal mehr im abgesicherten Modus arbeiten,selbst dort taucht der GVU-Bildschirm sofort auf.

Hätte vorher fragen sollen als die Installation nicht geklappt hat,ich hoffe das kann noch gerettet werden.

Ich arbeite grad von dem Laptop meines Bruders aus.
Die Programme sind alle noch auf meinen Rechner,falls man irgendwie direkt auf sie zugreifen kann.
Wenn nicht müsste ich irgendwo noch ein Paar Cds rumliegen haben.

MfG Cyph

Habe mir jetzt die Programme defogger,OTL und gmer auf eine CD gebrannt.
Wie kann ich diese direkt bei Start starten?

Ich hab mir jetzt defogger, OTL und Gmer auf eine CD gebrannt.
Wie kann ich diese abspielen ohne mich anmelden zu müssen?

markusg 30.05.2013 13:49
Hi,

kommst du an nen pc mit brenner?
download:
http://filepony.de/download-otlpe/
und brenne es mit ISOBurner auf eine CD.
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

Cypher00 30.05.2013 17:41
kann komischerweise wieder den PC normal starten,weiß leider nicht woran das liegt aber das Programm mit dem Virus wird wieder wie zuvor gesperrt und nicht gestartet.

Habe mich auch gestern gewundert,da ich zwar den Signalton gehört habe das ein Programm gesperrt wurde aber die weiße Seite trotzdem erschienen ist.

Sol ich jetzt trotzdem zur Sicherheit wieder von vorne beginnen?
oder mit malware weiter machen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:18 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131