| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Virus, wie werde ich ihn vollständig los?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.10.2012, 10:05
| #1 |
| |  GVU-Virus, wie werde ich ihn vollständig los? Guten morgen, Mein PC ist mit dem GVU Virus infiziert. Taskmanager geht nicht mehr und sobald ich Internet Verbindung hab öffnet sich die Erpresser-Seite. Hab mir hier einige Threads dazu durchgelesen und es scheint mit so als ließe sich der Virus nicht einmal durch neuformatieren vollständig entfernen, also wende ich mich an euch. Bis jetzt hab ich lediglich Malwarebytes im Abgesichertem Modus durchlaufen lassen, hier die Logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.05.04 Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Kevin :: KEVIN-PC [Administrator] Schutz: Deaktiviert 05.10.2012 10:47:21 mbam-log-2012-10-05 (10-50-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214807 Laufzeit: 2 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Kevin\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt. C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt. C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende)  Niemand der helfen kann? |
|
05.10.2012, 17:26
| #2 |
| /// TB-Ausbilder   | GVU-Virus, wie werde ich ihn vollständig los? Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern und führe die folgenden Schritte dort aus. Schritt 1
Schritt 2 Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.scr dds.pif
Schritt 3 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 4 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 5 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
07.10.2012, 17:22
| #3 |
| | GVU-Virus, wie werde ich ihn vollständig los? Also,
__________________ich hab den Malwarebytes Scan durchlaufen lassen. Es wurden 3 infizierte Objekte gefunden, die nun in Quarantäne sind. Nach dem Neustart funktionierte Taskmanager usw. auch wieder im normalen Modus. Die anderen Tools hab ich dann auch dort ausgeführt oder sollten die unbedingt im abgesichertem Modus ausgeführt werden? Hier aufjedenfall die Logs: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.05.05 Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Kevin :: KEVIN-PC [Administrator] Schutz: Deaktiviert 05.10.2012 16:02:27 mbam-log-2012-10-05 (16-02-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214527 Laufzeit: 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Kevin\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\lsass.exe (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) [code].DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Kevin at 17:41:29 on 2012-10-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.8190.6122 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EWX249~1.LNK - C:\Program Files (x86)\AudioSystem EWX 2496\EwxCpl.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BF59F3F9-8E22-475F-BF5D-8CFB6DD4DAC4} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-2 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-2 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 FontCache;Windows-Dienst für Schriftartencache;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-5 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-5 676936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-1 2253120]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 TotRec8;Total Recorder WDM audio filter driver;\??\C:\Windows\system32\drivers\TotRec8.sys --> C:\Windows\system32\drivers\TotRec8.sys [?]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
R3 WSDScan;WSD-Scanunterstützung durch UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 ews88mt;EWS88 WDM Audio;C:\Windows\system32\drivers\ews88wdm.sys --> C:\Windows\system32\drivers\ews88wdm.sys [?]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 PerfHost;Leistungsindikator-DLL-Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-11-1 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-10-05 14:21:30 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC3A6C30-246C-4674-8E53-0041398C994B}\mpengine.dll
2012-10-05 08:44:26 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2012-10-05 08:44:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-05 08:44:07 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-05 08:44:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-09-26 19:25:48 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-09-26 19:25:48 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-09-26 19:25:33 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-13 18:29:30 122128 ----a-w- C:\Windows\System32\drivers\TotRec8.sys
.
============= FINISH: 17:42:00,72 ===============
--- --- --- attach.txt : Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 01.11.2011 15:03:15
System Uptime: 07.10.2012 17:32:17 (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7514
Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz | CPU 1 | 2833/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 350 GiB total, 19,41 GiB free.
D: is FIXED (NTFS) - 349 GiB total, 348,814 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: AudioSystem EWX 24/96
Device ID: PCI\VEN_1412&DEV_1712&SUBSYS_1130153B&REV_02\4&23B21F5D&0&10F0
Manufacturer: TerraTec
Name: AudioSystem EWX 24/96
PNP Device ID: PCI\VEN_1412&DEV_1712&SUBSYS_1130153B&REV_02\4&23B21F5D&0&10F0
Service: ews88mt
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Reader X (10.1.1) - Deutsch
Apple Application Support
Apple Software Update
ASIO4ALL
Avira Free Antivirus
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield 3™
Battlelog Web Plugins
Deckadance
ESN Sonar
EWX 24/96
FL Studio 10
Foto-Mosaik-Edda Standard V6.6.11281.1
Free Audio Converter version 5.0.9.412
Free Video to MP3 Converter version 5.0.15.706
Free YouTube to MP3 Converter version 3.10.11.923
Garena Plus
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IL Download Manager
Java Auto Updater
Java(TM) 6 Update 22
JMB36X Raid Configurer
Malwarebytes Anti-Malware Version 1.65.0.1400
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.3
Origin
PunkBuster Services
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.10
Total Recorder 8.3 Standard Edition
TuxGuitar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VirtualDJ Home FREE
Warcraft III
Warcraft III: All Products
.
==== End Of File ===========================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:45 on 07/10/2012 (Kevin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-07 17:46:07
-----------------------------
17:46:07.825 OS Version: Windows x64 6.0.6002 Service Pack 2
17:46:07.825 Number of processors: 4 586 0x170A
17:46:07.825 ComputerName: KEVIN-PC UserName: Kevin
17:46:13.402 Initialize success
17:49:18.989 AVAST engine defs: 12100701
17:49:31.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:49:31.892 Disk 0 Vendor: MAXTOR_STM3750330AS MX1A Size: 715404MB BusType: 3
17:49:31.905 Disk 0 MBR read successfully
17:49:31.908 Disk 0 MBR scan
17:49:31.912 Disk 0 Windows VISTA default MBR code
17:49:31.922 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 357917 MB offset 2048
17:49:31.939 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 357485 MB offset 733016064
17:49:31.969 Disk 0 scanning C:\Windows\system32\drivers
17:49:41.152 Service scanning
17:50:00.194 Modules scanning
17:50:00.201 Disk 0 trace - called modules:
17:50:00.222 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:50:00.226 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008004790]
17:50:00.231 3 CLASSPNP.SYS[fffffa6000fd2c33] -> nt!IofCallDriver -> [0xfffffa8007c54930]
17:50:00.236 5 acpi.sys[fffffa60008fbfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007c57940]
17:50:01.339 AVAST engine scan C:\Windows
17:50:03.779 AVAST engine scan C:\Windows\system32
17:53:53.525 AVAST engine scan C:\Windows\system32\drivers
17:54:06.686 AVAST engine scan C:\Users\Kevin
18:06:47.131 AVAST engine scan C:\ProgramData
18:07:34.938 Scan finished successfully
18:08:52.980 Disk 0 MBR has been saved successfully to "C:\Users\Kevin\Desktop\MBR.dat"
18:08:52.985 The log file has been saved successfully to "C:\Users\Kevin\Desktop\aswMBR.txt"
Code:
ATTFilter 18:10:14.0251 4168 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:10:14.0453 4168 ============================================================
18:10:14.0453 4168 Current date / time: 2012/10/07 18:10:14.0453
18:10:14.0453 4168 SystemInfo:
18:10:14.0453 4168
18:10:14.0453 4168 OS Version: 6.0.6002 ServicePack: 2.0
18:10:14.0453 4168 Product type: Workstation
18:10:14.0453 4168 ComputerName: KEVIN-PC
18:10:14.0454 4168 UserName: Kevin
18:10:14.0454 4168 Windows directory: C:\Windows
18:10:14.0454 4168 System windows directory: C:\Windows
18:10:14.0454 4168 Running under WOW64
18:10:14.0454 4168 Processor architecture: Intel x64
18:10:14.0454 4168 Number of processors: 4
18:10:14.0454 4168 Page size: 0x1000
18:10:14.0454 4168 Boot type: Normal boot
18:10:14.0454 4168 ============================================================
18:10:15.0392 4168 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:10:15.0448 4168 ============================================================
18:10:15.0448 4168 \Device\Harddisk0\DR0:
18:10:15.0448 4168 MBR partitions:
18:10:15.0448 4168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BB0E800
18:10:15.0448 4168 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2BB0F000, BlocksNum 0x2BA36800
18:10:15.0448 4168 ============================================================
18:10:15.0467 4168 C: <-> \Device\Harddisk0\DR0\Partition1
18:10:15.0497 4168 D: <-> \Device\Harddisk0\DR0\Partition2
18:10:15.0497 4168 ============================================================
18:10:15.0497 4168 Initialize success
18:10:15.0497 4168 ============================================================
18:10:40.0143 3564 ============================================================
18:10:40.0143 3564 Scan started
18:10:40.0143 3564 Mode: Manual;
18:10:40.0143 3564 ============================================================
18:10:40.0877 3564 ================ Scan system memory ========================
18:10:40.0877 3564 System memory - ok
18:10:40.0878 3564 ================ Scan services =============================
18:10:41.0039 3564 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:10:41.0041 3564 ACPI - ok
18:10:41.0120 3564 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:10:41.0120 3564 AdobeARMservice - ok
18:10:41.0165 3564 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:10:41.0169 3564 adp94xx - ok
18:10:41.0204 3564 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:10:41.0207 3564 adpahci - ok
18:10:41.0227 3564 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:10:41.0228 3564 adpu160m - ok
18:10:41.0242 3564 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:10:41.0244 3564 adpu320 - ok
18:10:41.0270 3564 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:10:41.0271 3564 AeLookupSvc - ok
18:10:41.0300 3564 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
18:10:41.0303 3564 AFD - ok
18:10:41.0332 3564 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:10:41.0332 3564 agp440 - ok
18:10:41.0345 3564 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:10:41.0346 3564 aic78xx - ok
18:10:41.0366 3564 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
18:10:41.0367 3564 ALG - ok
18:10:41.0386 3564 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
18:10:41.0387 3564 aliide - ok
18:10:41.0395 3564 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
18:10:41.0395 3564 amdide - ok
18:10:41.0406 3564 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:10:41.0407 3564 AmdK8 - ok
18:10:41.0497 3564 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:10:41.0498 3564 AntiVirSchedulerService - ok
18:10:41.0541 3564 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:10:41.0542 3564 AntiVirService - ok
18:10:41.0566 3564 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
18:10:41.0567 3564 Appinfo - ok
18:10:41.0646 3564 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:10:41.0647 3564 Apple Mobile Device - ok
18:10:41.0669 3564 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
18:10:41.0670 3564 arc - ok
18:10:41.0705 3564 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:10:41.0706 3564 arcsas - ok
18:10:41.0806 3564 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:10:41.0807 3564 aspnet_state - ok
18:10:41.0820 3564 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:10:41.0821 3564 AsyncMac - ok
18:10:41.0847 3564 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
18:10:41.0847 3564 atapi - ok
18:10:41.0887 3564 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:10:41.0891 3564 AudioEndpointBuilder - ok
18:10:41.0897 3564 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:10:41.0900 3564 AudioSrv - ok
18:10:41.0909 3564 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:10:41.0910 3564 avgntflt - ok
18:10:41.0923 3564 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:10:41.0924 3564 avipbb - ok
18:10:41.0937 3564 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:10:41.0938 3564 avkmgr - ok
18:10:41.0982 3564 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
18:10:41.0986 3564 BFE - ok
18:10:42.0020 3564 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
18:10:42.0032 3564 BITS - ok
18:10:42.0050 3564 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:10:42.0050 3564 blbdrive - ok
18:10:42.0107 3564 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:10:42.0111 3564 Bonjour Service - ok
18:10:42.0142 3564 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:10:42.0143 3564 bowser - ok
18:10:42.0160 3564 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:10:42.0161 3564 BrFiltLo - ok
18:10:42.0172 3564 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:10:42.0172 3564 BrFiltUp - ok
18:10:42.0248 3564 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
18:10:42.0249 3564 Browser - ok
18:10:42.0273 3564 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
18:10:42.0274 3564 Brserid - ok
18:10:42.0290 3564 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:10:42.0290 3564 BrSerWdm - ok
18:10:42.0302 3564 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:10:42.0303 3564 BrUsbMdm - ok
18:10:42.0314 3564 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:10:42.0314 3564 BrUsbSer - ok
18:10:42.0332 3564 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:10:42.0332 3564 BTHMODEM - ok
18:10:42.0338 3564 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:10:42.0339 3564 cdfs - ok
18:10:42.0366 3564 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:10:42.0367 3564 cdrom - ok
18:10:42.0404 3564 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
18:10:42.0404 3564 CertPropSvc - ok
18:10:42.0426 3564 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
18:10:42.0426 3564 circlass - ok
18:10:42.0458 3564 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
18:10:42.0461 3564 CLFS - ok
18:10:42.0532 3564 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:10:42.0532 3564 clr_optimization_v2.0.50727_32 - ok
18:10:42.0575 3564 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:10:42.0577 3564 clr_optimization_v2.0.50727_64 - ok
18:10:42.0673 3564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:10:42.0674 3564 clr_optimization_v4.0.30319_32 - ok
18:10:42.0690 3564 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:10:42.0691 3564 clr_optimization_v4.0.30319_64 - ok
18:10:42.0708 3564 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:10:42.0709 3564 cmdide - ok
18:10:42.0718 3564 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:10:42.0719 3564 Compbatt - ok
18:10:42.0722 3564 COMSysApp - ok
18:10:42.0726 3564 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:10:42.0726 3564 crcdisk - ok
18:10:42.0756 3564 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:10:42.0758 3564 CryptSvc - ok
18:10:42.0805 3564 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:10:42.0813 3564 DcomLaunch - ok
18:10:42.0831 3564 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:10:42.0831 3564 DfsC - ok
18:10:42.0941 3564 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
18:10:42.0999 3564 DFSR - ok
18:10:43.0032 3564 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:10:43.0035 3564 Dhcp - ok
18:10:43.0078 3564 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
18:10:43.0079 3564 disk - ok
18:10:43.0113 3564 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:10:43.0115 3564 Dnscache - ok
18:10:43.0125 3564 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
18:10:43.0128 3564 dot3svc - ok
18:10:43.0158 3564 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
18:10:43.0160 3564 DPS - ok
18:10:43.0191 3564 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:10:43.0192 3564 drmkaud - ok
18:10:43.0228 3564 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:10:43.0237 3564 DXGKrnl - ok
18:10:43.0267 3564 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
18:10:43.0268 3564 E1G60 - ok
18:10:43.0281 3564 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
18:10:43.0282 3564 EapHost - ok
18:10:43.0318 3564 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
18:10:43.0319 3564 Ecache - ok
18:10:43.0390 3564 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:10:43.0394 3564 ehRecvr - ok
18:10:43.0409 3564 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
18:10:43.0412 3564 ehSched - ok
18:10:43.0419 3564 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
18:10:43.0420 3564 ehstart - ok
18:10:43.0447 3564 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:10:43.0451 3564 elxstor - ok
18:10:43.0489 3564 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:10:43.0492 3564 EMDMgmt - ok
18:10:43.0513 3564 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:10:43.0514 3564 ErrDev - ok
18:10:43.0544 3564 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
18:10:43.0548 3564 EventSystem - ok
18:10:43.0586 3564 [ C3101D1AA9FE9A43B6B25D4B405C15B8 ] ews88mt C:\Windows\system32\drivers\ews88wdm.sys
18:10:43.0587 3564 ews88mt - ok
18:10:43.0605 3564 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
18:10:43.0606 3564 exfat - ok
18:10:43.0624 3564 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:10:43.0626 3564 fastfat - ok
18:10:43.0644 3564 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:10:43.0644 3564 fdc - ok
18:10:43.0659 3564 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
18:10:43.0660 3564 fdPHost - ok
18:10:43.0673 3564 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
18:10:43.0673 3564 FDResPub - ok
18:10:43.0677 3564 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:10:43.0678 3564 FileInfo - ok
18:10:43.0698 3564 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:10:43.0699 3564 Filetrace - ok
18:10:43.0714 3564 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:10:43.0714 3564 flpydisk - ok
18:10:43.0721 3564 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:10:43.0723 3564 FltMgr - ok
18:10:43.0791 3564 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
18:10:43.0815 3564 FontCache - ok
18:10:43.0863 3564 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:10:43.0864 3564 FontCache3.0.0.0 - ok
18:10:43.0890 3564 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:10:43.0891 3564 Fs_Rec - ok
18:10:43.0925 3564 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:10:43.0926 3564 gagp30kx - ok
18:10:43.0936 3564 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:10:43.0937 3564 GEARAspiWDM - ok
18:10:44.0005 3564 GGSAFERDriver - ok
18:10:44.0008 3564 GMSIPCI - ok
18:10:44.0061 3564 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
18:10:44.0069 3564 gpsvc - ok
18:10:44.0107 3564 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:10:44.0107 3564 hamachi - ok
18:10:44.0172 3564 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:10:44.0174 3564 HdAudAddService - ok
18:10:44.0212 3564 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:10:44.0236 3564 HDAudBus - ok
18:10:44.0265 3564 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:10:44.0265 3564 HidBth - ok
18:10:44.0280 3564 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:10:44.0281 3564 HidIr - ok
18:10:44.0294 3564 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
18:10:44.0295 3564 hidserv - ok
18:10:44.0315 3564 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:10:44.0316 3564 HidUsb - ok
18:10:44.0349 3564 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
18:10:44.0350 3564 hkmsvc - ok
18:10:44.0374 3564 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:10:44.0375 3564 HpCISSs - ok
18:10:44.0416 3564 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:10:44.0422 3564 HTTP - ok
18:10:44.0439 3564 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:10:44.0440 3564 i2omp - ok
18:10:44.0456 3564 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:10:44.0457 3564 i8042prt - ok
18:10:44.0485 3564 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:10:44.0487 3564 iaStorV - ok
18:10:44.0539 3564 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:10:44.0549 3564 idsvc - ok
18:10:44.0562 3564 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:10:44.0562 3564 iirsp - ok
18:10:44.0608 3564 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
18:10:44.0613 3564 IKEEXT - ok
18:10:44.0662 3564 [ 197EBB23CAAC8A29A5F166D186C5A117 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:10:44.0688 3564 IntcAzAudAddService - ok
18:10:44.0720 3564 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
18:10:44.0721 3564 intelide - ok
18:10:44.0744 3564 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:10:44.0744 3564 intelppm - ok
18:10:44.0775 3564 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:10:44.0776 3564 IPBusEnum - ok
18:10:44.0802 3564 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:10:44.0802 3564 IpFilterDriver - ok
18:10:44.0830 3564 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:10:44.0832 3564 iphlpsvc - ok
18:10:44.0836 3564 IpInIp - ok
18:10:44.0852 3564 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:10:44.0853 3564 IPMIDRV - ok
18:10:44.0870 3564 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:10:44.0871 3564 IPNAT - ok
18:10:44.0949 3564 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:10:44.0961 3564 iPod Service - ok
18:10:44.0995 3564 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:10:44.0996 3564 IRENUM - ok
18:10:45.0025 3564 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:10:45.0026 3564 isapnp - ok
18:10:45.0046 3564 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:10:45.0047 3564 iScsiPrt - ok
18:10:45.0065 3564 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:10:45.0065 3564 iteatapi - ok
18:10:45.0090 3564 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:10:45.0091 3564 iteraid - ok
18:10:45.0112 3564 [ 3AF672AB77E21FCDC2DC0E10B55BEF4F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
18:10:45.0113 3564 JRAID - ok
18:10:45.0118 3564 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:10:45.0118 3564 kbdclass - ok
18:10:45.0132 3564 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:10:45.0132 3564 kbdhid - ok
18:10:45.0160 3564 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
18:10:45.0161 3564 KeyIso - ok
18:10:45.0243 3564 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:10:45.0251 3564 KSecDD - ok
18:10:45.0259 3564 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:10:45.0259 3564 ksthunk - ok
18:10:45.0274 3564 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
18:10:45.0278 3564 KtmRm - ok
18:10:45.0308 3564 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:10:45.0310 3564 LanmanServer - ok
18:10:45.0341 3564 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:10:45.0343 3564 LanmanWorkstation - ok
18:10:45.0358 3564 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:10:45.0358 3564 lltdio - ok
18:10:45.0381 3564 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:10:45.0401 3564 lltdsvc - ok
18:10:45.0414 3564 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:10:45.0415 3564 lmhosts - ok
18:10:45.0433 3564 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:10:45.0434 3564 LSI_FC - ok
18:10:45.0443 3564 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:10:45.0443 3564 LSI_SAS - ok
18:10:45.0460 3564 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:10:45.0461 3564 LSI_SCSI - ok
18:10:45.0465 3564 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
18:10:45.0466 3564 luafv - ok
18:10:45.0506 3564 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:10:45.0507 3564 MBAMProtector - ok
18:10:45.0550 3564 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:10:45.0553 3564 MBAMScheduler - ok
18:10:45.0570 3564 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:10:45.0576 3564 MBAMService - ok
18:10:45.0605 3564 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:10:45.0606 3564 Mcx2Svc - ok
18:10:45.0613 3564 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
18:10:45.0614 3564 megasas - ok
18:10:45.0634 3564 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:10:45.0638 3564 MegaSR - ok
18:10:45.0653 3564 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
18:10:45.0655 3564 MMCSS - ok
18:10:45.0690 3564 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
18:10:45.0691 3564 Modem - ok
18:10:45.0709 3564 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:10:45.0710 3564 monitor - ok
18:10:45.0716 3564 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:10:45.0717 3564 mouclass - ok
18:10:45.0724 3564 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:10:45.0725 3564 mouhid - ok
18:10:45.0732 3564 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:10:45.0733 3564 MountMgr - ok
18:10:45.0766 3564 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
18:10:45.0767 3564 mpio - ok
18:10:45.0785 3564 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:10:45.0786 3564 mpsdrv - ok
18:10:45.0819 3564 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
18:10:45.0825 3564 MpsSvc - ok
18:10:45.0842 3564 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:10:45.0843 3564 Mraid35x - ok
18:10:45.0868 3564 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:10:45.0869 3564 MRxDAV - ok
18:10:45.0910 3564 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:10:45.0911 3564 mrxsmb - ok
18:10:45.0925 3564 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:10:45.0927 3564 mrxsmb10 - ok
18:10:45.0932 3564 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:10:45.0933 3564 mrxsmb20 - ok
18:10:45.0948 3564 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
18:10:45.0948 3564 msahci - ok
18:10:45.0960 3564 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:10:45.0961 3564 msdsm - ok
18:10:45.0975 3564 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
18:10:45.0977 3564 MSDTC - ok
18:10:45.0993 3564 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:10:45.0993 3564 Msfs - ok
18:10:46.0002 3564 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:10:46.0002 3564 msisadrv - ok
18:10:46.0018 3564 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:10:46.0020 3564 MSiSCSI - ok
18:10:46.0022 3564 msiserver - ok
18:10:46.0070 3564 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:10:46.0070 3564 MSKSSRV - ok
18:10:46.0082 3564 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:10:46.0082 3564 MSPCLOCK - ok
18:10:46.0092 3564 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:10:46.0092 3564 MSPQM - ok
18:10:46.0110 3564 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:10:46.0113 3564 MsRPC - ok
18:10:46.0127 3564 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:10:46.0128 3564 mssmbios - ok
18:10:46.0150 3564 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:10:46.0150 3564 MSTEE - ok
18:10:46.0174 3564 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
18:10:46.0174 3564 Mup - ok
18:10:46.0211 3564 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
18:10:46.0216 3564 napagent - ok
18:10:46.0222 3564 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:10:46.0223 3564 NativeWifiP - ok
18:10:46.0254 3564 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:10:46.0277 3564 NDIS - ok
18:10:46.0284 3564 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:10:46.0285 3564 NdisTapi - ok
18:10:46.0296 3564 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:10:46.0296 3564 Ndisuio - ok
18:10:46.0312 3564 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:10:46.0313 3564 NdisWan - ok
18:10:46.0326 3564 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:10:46.0327 3564 NDProxy - ok
18:10:46.0341 3564 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:10:46.0341 3564 NetBIOS - ok
18:10:46.0400 3564 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:10:46.0401 3564 netbt - ok
18:10:46.0409 3564 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
18:10:46.0410 3564 Netlogon - ok
18:10:46.0425 3564 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
18:10:46.0429 3564 Netman - ok
18:10:46.0456 3564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:46.0458 3564 NetMsmqActivator - ok
18:10:46.0462 3564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:46.0463 3564 NetPipeActivator - ok
18:10:46.0487 3564 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
18:10:46.0490 3564 netprofm - ok
18:10:46.0524 3564 [ A340658E437668352C0CB5080E6A67D1 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
18:10:46.0528 3564 netr28ux - ok
18:10:46.0532 3564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:46.0533 3564 NetTcpActivator - ok
18:10:46.0537 3564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:10:46.0538 3564 NetTcpPortSharing - ok
18:10:46.0549 3564 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:10:46.0550 3564 nfrd960 - ok
18:10:46.0564 3564 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
18:10:46.0566 3564 NlaSvc - ok
18:10:46.0571 3564 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:10:46.0571 3564 Npfs - ok
18:10:46.0589 3564 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
18:10:46.0590 3564 nsi - ok
18:10:46.0606 3564 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:10:46.0606 3564 nsiproxy - ok
18:10:46.0645 3564 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:10:46.0679 3564 Ntfs - ok
18:10:46.0688 3564 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
18:10:46.0689 3564 Null - ok
18:10:47.0018 3564 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:10:47.0228 3564 nvlddmkm - ok
18:10:47.0259 3564 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:10:47.0260 3564 nvraid - ok
18:10:47.0278 3564 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:10:47.0279 3564 nvstor - ok
18:10:47.0329 3564 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:10:47.0360 3564 nvsvc - ok
18:10:47.0436 3564 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:10:47.0453 3564 nvUpdatusService - ok
18:10:47.0469 3564 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:10:47.0470 3564 nv_agp - ok
18:10:47.0474 3564 NwlnkFlt - ok
18:10:47.0477 3564 NwlnkFwd - ok
18:10:47.0506 3564 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:10:47.0506 3564 ohci1394 - ok
18:10:47.0541 3564 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:10:47.0552 3564 p2pimsvc - ok
18:10:47.0563 3564 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
18:10:47.0570 3564 p2psvc - ok
18:10:47.0612 3564 [ 3A6DCEB1848470320E4A3C12D7A35B1C ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
18:10:47.0618 3564 PAC207 - ok
18:10:47.0661 3564 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:10:47.0662 3564 Parport - ok
18:10:47.0696 3564 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:10:47.0697 3564 partmgr - ok
18:10:47.0733 3564 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
18:10:47.0734 3564 PcaSvc - ok
18:10:47.0763 3564 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
18:10:47.0764 3564 pci - ok
18:10:47.0788 3564 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
18:10:47.0788 3564 pciide - ok
18:10:47.0807 3564 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:10:47.0808 3564 pcmcia - ok
18:10:47.0832 3564 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:10:47.0838 3564 PEAUTH - ok
18:10:47.0916 3564 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:10:47.0917 3564 PerfHost - ok
18:10:47.0955 3564 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
18:10:47.0979 3564 pla - ok
18:10:48.0009 3564 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:10:48.0012 3564 PlugPlay - ok
18:10:48.0016 3564 PnkBstrA - ok
18:10:48.0030 3564 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:10:48.0035 3564 PNRPAutoReg - ok
18:10:48.0047 3564 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:10:48.0052 3564 PNRPsvc - ok
18:10:48.0101 3564 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:10:48.0105 3564 PolicyAgent - ok
18:10:48.0137 3564 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:10:48.0138 3564 PptpMiniport - ok
18:10:48.0154 3564 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
18:10:48.0154 3564 Processor - ok
18:10:48.0173 3564 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
18:10:48.0175 3564 ProfSvc - ok
18:10:48.0182 3564 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
18:10:48.0183 3564 ProtectedStorage - ok
18:10:48.0196 3564 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:10:48.0197 3564 PSched - ok
18:10:48.0234 3564 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:10:48.0259 3564 ql2300 - ok
18:10:48.0273 3564 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:10:48.0274 3564 ql40xx - ok
18:10:48.0310 3564 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
18:10:48.0314 3564 QWAVE - ok
18:10:48.0326 3564 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:10:48.0326 3564 QWAVEdrv - ok
18:10:48.0329 3564 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:10:48.0330 3564 RasAcd - ok
18:10:48.0352 3564 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
18:10:48.0354 3564 RasAuto - ok
18:10:48.0362 3564 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:10:48.0363 3564 Rasl2tp - ok
18:10:48.0374 3564 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
18:10:48.0378 3564 RasMan - ok
18:10:48.0382 3564 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:10:48.0383 3564 RasPppoe - ok
18:10:48.0389 3564 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:10:48.0390 3564 RasSstp - ok
18:10:48.0402 3564 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:10:48.0404 3564 rdbss - ok
18:10:48.0411 3564 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:10:48.0412 3564 RDPCDD - ok
18:10:48.0434 3564 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:10:48.0436 3564 rdpdr - ok
18:10:48.0439 3564 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:10:48.0440 3564 RDPENCDD - ok
18:10:48.0473 3564 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:10:48.0474 3564 RDPWD - ok
18:10:48.0510 3564 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:10:48.0511 3564 RemoteAccess - ok
18:10:48.0523 3564 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:10:48.0525 3564 RemoteRegistry - ok
18:10:48.0554 3564 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
18:10:48.0555 3564 RpcLocator - ok
18:10:48.0574 3564 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
18:10:48.0580 3564 RpcSs - ok
18:10:48.0591 3564 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:10:48.0592 3564 rspndr - ok
18:10:48.0618 3564 [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
18:10:48.0619 3564 RTL8169 - ok
18:10:48.0623 3564 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
18:10:48.0624 3564 SamSs - ok
18:10:48.0641 3564 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:10:48.0642 3564 sbp2port - ok
18:10:48.0660 3564 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:10:48.0662 3564 SCardSvr - ok
18:10:48.0700 3564 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
18:10:48.0708 3564 Schedule - ok
18:10:48.0719 3564 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:10:48.0719 3564 SCPolicySvc - ok
18:10:48.0746 3564 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:10:48.0749 3564 SDRSVC - ok
18:10:48.0758 3564 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:10:48.0758 3564 secdrv - ok
18:10:48.0767 3564 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
18:10:48.0769 3564 seclogon - ok
18:10:48.0779 3564 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
18:10:48.0781 3564 SENS - ok
18:10:48.0822 3564 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:10:48.0823 3564 Serenum - ok
18:10:48.0832 3564 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:10:48.0833 3564 Serial - ok
18:10:48.0851 3564 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:10:48.0852 3564 sermouse - ok
18:10:48.0871 3564 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
18:10:48.0873 3564 SessionEnv - ok
18:10:48.0886 3564 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:10:48.0887 3564 sffdisk - ok
18:10:48.0894 3564 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:10:48.0895 3564 sffp_mmc - ok
18:10:48.0903 3564 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:10:48.0903 3564 sffp_sd - ok
18:10:48.0909 3564 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:10:48.0910 3564 sfloppy - ok
18:10:48.0935 3564 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:10:48.0938 3564 SharedAccess - ok
18:10:48.0975 3564 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:10:48.0979 3564 ShellHWDetection - ok
18:10:48.0988 3564 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:10:48.0989 3564 SiSRaid2 - ok
18:10:48.0997 3564 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:10:48.0998 3564 SiSRaid4 - ok
18:10:49.0141 3564 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:10:49.0158 3564 Skype C2C Service - ok
18:10:49.0217 3564 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:10:49.0218 3564 SkypeUpdate - ok
18:10:49.0280 3564 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
18:10:49.0316 3564 slsvc - ok
18:10:49.0338 3564 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:10:49.0340 3564 SLUINotify - ok
18:10:49.0352 3564 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:10:49.0353 3564 Smb - ok
18:10:49.0364 3564 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:10:49.0365 3564 SNMPTRAP - ok
18:10:49.0385 3564 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
18:10:49.0386 3564 spldr - ok
18:10:49.0424 3564 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
18:10:49.0427 3564 Spooler - ok
18:10:49.0467 3564 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
18:10:49.0471 3564 srv - ok
18:10:49.0477 3564 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:10:49.0479 3564 srv2 - ok
18:10:49.0483 3564 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:10:49.0484 3564 srvnet - ok
18:10:49.0493 3564 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:10:49.0496 3564 SSDPSRV - ok
18:10:49.0514 3564 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:10:49.0517 3564 SstpSvc - ok
18:10:49.0555 3564 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:10:49.0557 3564 Stereo Service - ok
18:10:49.0599 3564 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
18:10:49.0607 3564 stisvc - ok
18:10:49.0619 3564 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:10:49.0619 3564 swenum - ok
18:10:49.0651 3564 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
18:10:49.0656 3564 swprv - ok
18:10:49.0668 3564 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:10:49.0669 3564 Symc8xx - ok
18:10:49.0677 3564 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:10:49.0677 3564 Sym_hi - ok
18:10:49.0695 3564 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:10:49.0695 3564 Sym_u3 - ok
18:10:49.0735 3564 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
18:10:49.0744 3564 SysMain - ok
18:10:49.0749 3564 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:10:49.0751 3564 TabletInputService - ok
18:10:49.0802 3564 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:10:49.0806 3564 TapiSrv - ok
18:10:49.0821 3564 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
18:10:49.0823 3564 TBS - ok
18:10:49.0874 3564 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:10:49.0900 3564 Tcpip - ok
18:10:49.0931 3564 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:10:49.0943 3564 Tcpip6 - ok
18:10:49.0958 3564 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:10:49.0958 3564 tcpipreg - ok
18:10:49.0974 3564 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:10:49.0975 3564 TDPIPE - ok
18:10:49.0986 3564 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:10:49.0987 3564 TDTCP - ok
18:10:50.0010 3564 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:10:50.0010 3564 tdx - ok
18:10:50.0020 3564 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:10:50.0021 3564 TermDD - ok
18:10:50.0043 3564 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
18:10:50.0050 3564 TermService - ok
18:10:50.0066 3564 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
18:10:50.0070 3564 Themes - ok
18:10:50.0083 3564 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
18:10:50.0085 3564 THREADORDER - ok
18:10:50.0125 3564 [ 39728992FAEA5D27D49BB530F3BAC6D9 ] TotRec8 C:\Windows\system32\drivers\TotRec8.sys
18:10:50.0126 3564 TotRec8 - ok
18:10:50.0180 3564 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
18:10:50.0182 3564 TrkWks - ok
18:10:50.0234 3564 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:10:50.0235 3564 TrustedInstaller - ok
18:10:50.0248 3564 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:10:50.0249 3564 tssecsrv - ok
18:10:50.0272 3564 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:10:50.0273 3564 tunmp - ok
18:10:50.0307 3564 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:10:50.0308 3564 tunnel - ok
18:10:50.0321 3564 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:10:50.0322 3564 uagp35 - ok
18:10:50.0341 3564 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:10:50.0343 3564 udfs - ok
18:10:50.0348 3564 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:10:50.0350 3564 UI0Detect - ok
18:10:50.0363 3564 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:10:50.0363 3564 uliagpkx - ok
18:10:50.0379 3564 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:10:50.0381 3564 uliahci - ok
18:10:50.0404 3564 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:10:50.0404 3564 UlSata - ok
18:10:50.0424 3564 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:10:50.0424 3564 ulsata2 - ok
18:10:50.0438 3564 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:10:50.0439 3564 umbus - ok
18:10:50.0450 3564 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
18:10:50.0454 3564 upnphost - ok
18:10:50.0484 3564 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:10:50.0485 3564 USBAAPL64 - ok
18:10:50.0507 3564 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:10:50.0508 3564 usbaudio - ok
18:10:50.0539 3564 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:10:50.0540 3564 usbccgp - ok
18:10:50.0558 3564 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:10:50.0559 3564 usbcir - ok
18:10:50.0580 3564 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:10:50.0580 3564 usbehci - ok
18:10:50.0591 3564 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:10:50.0593 3564 usbhub - ok
18:10:50.0615 3564 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:10:50.0616 3564 usbohci - ok
18:10:50.0625 3564 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:10:50.0626 3564 usbprint - ok
18:10:50.0639 3564 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:10:50.0640 3564 USBSTOR - ok
18:10:50.0646 3564 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:10:50.0647 3564 usbuhci - ok
18:10:50.0656 3564 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
18:10:50.0657 3564 UxSms - ok
18:10:50.0672 3564 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
18:10:50.0678 3564 vds - ok
18:10:50.0692 3564 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:10:50.0692 3564 vga - ok
18:10:50.0711 3564 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:10:50.0711 3564 VgaSave - ok
18:10:50.0729 3564 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
18:10:50.0730 3564 viaide - ok
18:10:50.0751 3564 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:10:50.0751 3564 volmgr - ok
18:10:50.0760 3564 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:10:50.0764 3564 volmgrx - ok
18:10:50.0787 3564 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:10:50.0790 3564 volsnap - ok
18:10:50.0805 3564 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:10:50.0806 3564 vsmraid - ok
18:10:50.0842 3564 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
18:10:50.0861 3564 VSS - ok
18:10:50.0877 3564 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
18:10:50.0883 3564 W32Time - ok
18:10:50.0902 3564 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:10:50.0903 3564 WacomPen - ok
18:10:50.0930 3564 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:10:50.0931 3564 Wanarp - ok
18:10:50.0934 3564 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:10:50.0935 3564 Wanarpv6 - ok
18:10:50.0950 3564 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:10:50.0957 3564 wcncsvc - ok
18:10:50.0971 3564 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:10:50.0973 3564 WcsPlugInService - ok
18:10:50.0989 3564 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
18:10:50.0990 3564 Wd - ok
18:10:51.0030 3564 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:10:51.0039 3564 Wdf01000 - ok
18:10:51.0053 3564 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:10:51.0055 3564 WdiServiceHost - ok
18:10:51.0059 3564 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:10:51.0061 3564 WdiSystemHost - ok
18:10:51.0088 3564 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
18:10:51.0091 3564 WebClient - ok
18:10:51.0175 3564 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:10:51.0188 3564 Wecsvc - ok
18:10:51.0203 3564 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:10:51.0205 3564 wercplsupport - ok
18:10:51.0213 3564 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
18:10:51.0215 3564 WerSvc - ok
18:10:51.0233 3564 WinDefend - ok
18:10:51.0239 3564 WinHttpAutoProxySvc - ok
18:10:51.0290 3564 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:10:51.0292 3564 Winmgmt - ok
18:10:51.0355 3564 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
18:10:51.0387 3564 WinRM - ok
18:10:51.0417 3564 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:10:51.0425 3564 Wlansvc - ok
18:10:51.0435 3564 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:10:51.0435 3564 WmiAcpi - ok
18:10:51.0479 3564 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:10:51.0480 3564 wmiApSrv - ok
18:10:51.0487 3564 WMPNetworkSvc - ok
18:10:51.0523 3564 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:10:51.0526 3564 WPCSvc - ok
18:10:51.0553 3564 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:10:51.0555 3564 WPDBusEnum - ok
18:10:51.0604 3564 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:10:51.0605 3564 WpdUsb - ok
18:10:51.0707 3564 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:10:51.0719 3564 WPFFontCache_v0400 - ok
18:10:51.0731 3564 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:10:51.0731 3564 ws2ifsl - ok
18:10:51.0754 3564 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
18:10:51.0756 3564 wscsvc - ok
18:10:51.0791 3564 [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:10:51.0792 3564 WSDPrintDevice - ok
18:10:51.0796 3564 [ C48E6EF92BE6BFEF9EE2430C42EAF2BD ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
18:10:51.0796 3564 WSDScan - ok
18:10:51.0799 3564 WSearch - ok
18:10:51.0871 3564 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:10:51.0911 3564 wuauserv - ok
18:10:51.0924 3564 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:10:51.0925 3564 WUDFRd - ok
18:10:51.0956 3564 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:10:51.0958 3564 wudfsvc - ok
18:10:51.0964 3564 ================ Scan global ===============================
18:10:52.0008 3564 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
18:10:52.0044 3564 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:10:52.0054 3564 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:10:52.0089 3564 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
18:10:52.0093 3564 [Global] - ok
18:10:52.0093 3564 ================ Scan MBR ==================================
18:10:52.0103 3564 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:10:52.0280 3564 \Device\Harddisk0\DR0 - ok
18:10:52.0280 3564 ================ Scan VBR ==================================
18:10:52.0284 3564 [ 21148A1C2DB2980BC9DDFA78FBDF4527 ] \Device\Harddisk0\DR0\Partition1
18:10:52.0287 3564 \Device\Harddisk0\DR0\Partition1 - ok
18:10:52.0305 3564 [ 561FC7B90AE0FF463DB9E54D1C1835F9 ] \Device\Harddisk0\DR0\Partition2
18:10:52.0308 3564 \Device\Harddisk0\DR0\Partition2 - ok
18:10:52.0308 3564 ============================================================
18:10:52.0308 3564 Scan finished
18:10:52.0308 3564 ============================================================
18:10:52.0316 2020 Detected object count: 0
18:10:52.0316 2020 Actual detected object count: 0
18:11:44.0105 4416 Deinitialize success
so das wars, vielen dank |
|
07.10.2012, 19:16
| #4 |
| /// TB-Ausbilder | GVU-Virus, wie werde ich ihn vollständig los? Servus, du hast alles richtig gemacht. Gibt es noch Probleme mit deinem Rechner? Wenn ja, welche? Schritt 1 ESET Online Scanner
Schritt 2 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
|
08.10.2012, 15:40
| #5 |
| | GVU-Virus, wie werde ich ihn vollständig los? Probleme gibt es keine mehr, zumindest nichts offensichtliches jedoch hat mich die Anzahl der Funde von ESET schon etwas beunruhigt. Hier die Logs ESET Code:
ATTFilter C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[1].htm HTML/Iframe.B.Gen virus
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[2].htm HTML/Iframe.B.Gen virus
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[3].htm HTML/Iframe.B.Gen virus
C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\77147[1].pdf JS/Exploit.Pdfka.PSK trojan
C:\Users\Kevin\AppData\Local\Temp\FSOJDJ a variant of Java/Exploit.CVE-2012-4681.BC trojan
C:\Users\Kevin\AppData\Local\Temp\jar_cache3580896879128515954.tmp a variant of Java/Exploit.CVE-2012-4681.BC trojan
C:\Windows.old\Documents and Settings\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[2].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[3].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Documents and Settings\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\77147[1].pdf JS/Exploit.Pdfka.PSK trojan
C:\Windows.old\Documents and Settings\Kevin\AppData\Local\Temp\FSOJDJ a variant of Java/Exploit.CVE-2012-4681.BC trojan
C:\Windows.old\Documents and Settings\Kevin\AppData\Local\Temp\jar_cache3580896879128515954.tmp a variant of Java/Exploit.CVE-2012-4681.BC trojan
C:\Windows.old\Users\Kevin\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Kevin\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[2].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Kevin\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[3].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Kevin\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\77147[1].pdf JS/Exploit.Pdfka.PSK trojan
C:\Windows.old\Users\Kevin\AppData\Local\Anwendungsdaten\Temp\FSOJDJ a variant of Java/Exploit.CVE-2012-4681.BC trojan
C:\Windows.old\Users\Kevin\AppData\Local\Anwendungsdaten\Temp\jar_cache3580896879128515954.tmp a variant of Java/Exploit.CVE-2012-4681.BC trojan
C:\Windows.old\Users\Kevin\AppData\Local\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Kevin\AppData\Local\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[2].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Kevin\AppData\Local\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[3].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Kevin\AppData\Local\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\77147[1].pdf JS/Exploit.Pdfka.PSK trojan
C:\Windows.old\Users\Kevin\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[1].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Kevin\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[2].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Kevin\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\3a52f3c22ed6fcde5bf696a6c02c9e73[3].htm HTML/Iframe.B.Gen virus
C:\Windows.old\Users\Kevin\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WXRGR2DA\77147[1].pdf JS/Exploit.Pdfka.PSK trojan
C:\Windows.old\Users\Kevin\Lokale Einstellungen\Temp\FSOJDJ a variant of Java/Exploit.CVE-2012-4681.BC trojan
C:\Windows.old\Users\Kevin\Lokale Einstellungen\Temp\jar_cache3580896879128515954.tmp a variant of Java/Exploit.CVE-2012-4681.BC trojan
securitycheck Code:
ATTFilter Results of screen317's Security Check version 0.99.51 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.0.1400 Java(TM) 6 Update 22 Java version out of Date! Adobe Reader X 10.1.1 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe Windows Defender MSASCui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
08.10.2012, 15:46
| #6 | |
| /// TB-Ausbilder | GVU-Virus, wie werde ich ihn vollständig los? Servus, Zitat:
 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter :Commands
[emptytemp]
|
|
08.10.2012, 16:02
| #7 |
| | GVU-Virus, wie werde ich ihn vollständig los? hier das log von OTL Code:
ATTFilter All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Kevin
->Temp folder emptied: 463081941 bytes
->Temporary Internet Files folder emptied: 421530987 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 274293346 bytes
->Flash cache emptied: 131352 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 302776305 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7711751820 bytes
Total Files Cleaned = 8.749,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10082012_165119
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
08.10.2012, 16:12
| #8 |
| /// TB-Ausbilder | GVU-Virus, wie werde ich ihn vollständig los? Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 3 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 4 Ich würde dir empfehlen, 1 mal pro Woche auch mit diesem Scanner dein System zu prüfen. Möchtest Du ESET denoch deinstallieren, Drücke bitte die  + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
Schritt 5 Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Schritt 6 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich diesen Thread aus meinen Abos löschen kann. |
|
10.10.2012, 16:25
| #9 |
| /// TB-Ausbilder | GVU-Virus, wie werde ich ihn vollständig los? Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu GVU-Virus, wie werde ich ihn vollständig los? |
| administrator, anti-malware, appdata, autostart, code, dateien, entfernen, explorer, geht nicht mehr, gvu-virus, infiziert., internet, lsass.exe, malwarebytes, microsoft, nicht mehr, roaming, service pack 2, speicher, taskmanager, temp, test, verbindung, virus, vista, vollständig entfernen, wgsdgsdgdsgsd.exe, öffnet |
Textbox.
Linear-Darstellung
