| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner, Kaspersky Unlock funktionierte nicht.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.01.2013, 16:40
| #1 |
| |  GVU Trojaner, Kaspersky Unlock funktionierte nicht. Hallo, habe seit ein paar Tagen den GVU Trojaner aufm Laptop. Nach Recherche habe ich versucht mit Kaspersky Unlock Windows wieder auf den Benutzer zuzugreifen, hat aber nichts ergeben. Danach habe ich Dr. Web Live CD durchlaufen lassen, hat aber leider auch nichts gefunden, daher bin ich nun hier, weil ich nicht mehr weiter weiß. Komme auf den zweiten Benutzer des Laptops, und kann daher alles als ADmin ausführen usw... Nachfolgend die ganzen Logs die man erstellen soll, bevor man ein neues Thema erstellt. Ich hoffe, dass ich von euch Hilfe bekomme. OTL.txt Code:
ATTFilter OTL logfile created on: 1/22/2013 11:36:48 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jessi\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.18 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 71.69% Memory free 6.35 Gb Paging File | 5.25 Gb Available in Paging File | 82.58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 565.07 Gb Total Space | 516.41 Gb Free Space | 91.39% Space Free | Partition Type: NTFS Drive D: | 30.00 Gb Total Space | 9.62 Gb Free Space | 32.05% Space Free | Partition Type: NTFS Computer Name: RALF-PC | User Name: ralf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/22 11:26:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessi\Desktop\OTL.exe PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/08/08 19:13:40 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/07/12 10:59:28 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Jessi\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe PRC - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe PRC - [2012/05/02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/01 23:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012/05/01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/04/24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/04/18 10:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011/12/14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/06/17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 13:17:16 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe PRC - [2010/10/19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010/07/27 07:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/06/21 21:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe PRC - [2010/06/02 15:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010/05/10 20:28:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/05/10 20:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/04/27 09:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/12/14 19:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2009/12/11 23:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/10/23 01:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2009/07/14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\program files\windows defender\MpCmdRun.exe PRC - [2009/05/13 16:05:08 | 002,033,544 | ---- | M] (zoneLINK) -- C:\Program Files\zoneLINK\SystemUp 2009\Tuning\DefragService.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008/11/25 13:23:40 | 000,721,288 | ---- | M] () -- C:\Program Files\zoneLINK\SystemUp 2009\Tuning\FSExMenu.dll ========== Services (SafeList) ========== SRV - [2013/01/19 16:42:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/10 18:01:40 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2012/05/02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/01 23:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012/05/01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/12/14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/06/17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2010/10/19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010/07/27 07:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/05/10 20:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/05/10 20:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets) SRV - [2009/10/23 01:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/05/13 16:05:08 | 002,033,544 | ---- | M] (zoneLINK) [Auto | Running] -- C:\Program Files\zoneLINK\SystemUp 2009\Tuning\DefragService.exe -- (zoneLINKDefrag) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2012/04/27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/07/26 15:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/07/26 15:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt) DRV - [2010/06/21 08:14:36 | 000,246,272 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/05/24 14:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/05/10 20:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2010/04/27 08:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/04/27 08:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010/04/01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/03/04 16:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/02/26 22:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009/08/13 07:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/05/13 20:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009/05/13 20:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://medion.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {C75126F6-B2ED-4D6E-82D2-A1A5BBE379C4} IE - HKCU\..\SearchScopes\{032AB631-3774-4EF2-8B87-0AAB7C78E305}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=b9a4643d-c2ae-40de-be56-a2eedeff24f6&apn_sauid=B315BD7B-8B3C-41FE-B048-7CB5972468D5 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C75126F6-B2ED-4D6E-82D2-A1A5BBE379C4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=b9a4643d-c2ae-40de-be56-a2eedeff24f6&apn_ptnrs=%5EABT&apn_sauid=B315BD7B-8B3C-41FE-B048-7CB5972468D5&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ralf\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 16:42:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/14 13:13:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 16:42:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/14 13:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ralf\AppData\Roaming\mozilla\Extensions [2010/11/14 13:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ralf\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/10/24 19:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\t7is0ig6.default\extensions [2013/01/19 16:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/01/19 16:42:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/01/19 16:42:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/24 19:25:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/08/30 18:08:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/03/24 19:25:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/03/24 19:25:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/03/24 19:25:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/03/24 19:25:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKCU..\Run: [ieodjrzotp] C:\Users\ralf\AppData\Roaming\phxzbypky.exe (BitTech Co. Ltd.) O4 - Startup: C:\Users\ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\klickTel OEM Herbst 2010 - Schnellstarter.lnk = C:\Program Files\klickTel\klickTel OEM Herbst 2010\KSTART32.EXE (telegate MEDIA AG) O4 - Startup: C:\Users\ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG) O4 - Startup: C:\Users\ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1e5c3300-f49f-11df-a5d8-00262dc12bfb}\Shell - "" = AutoRun O33 - MountPoints2\{1e5c3300-f49f-11df-a5d8-00262dc12bfb}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{b9a7b062-717d-11e0-b4ae-00262dc12bfb}\Shell - "" = AutoRun O33 - MountPoints2\{b9a7b062-717d-11e0-b4ae-00262dc12bfb}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/21 02:10:49 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013/01/20 11:34:00 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- C:\Users\ralf\AppData\Roaming\phxzbypky.exe [2013/01/20 11:31:48 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- C:\Users\ralf\AppData\Local\phxzbypky.exe [2013/01/20 11:31:47 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- C:\ProgramData\phxzbypky.exe [2013/01/19 16:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/22 11:31:55 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/01/22 11:31:55 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/01/22 11:31:55 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/01/22 11:31:55 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/01/22 11:31:12 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/22 11:31:12 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/22 11:30:04 | 000,000,000 | ---- | M] () -- C:\Users\ralf\defogger_reenable [2013/01/22 11:22:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/22 11:22:20 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys [2013/01/22 11:20:26 | 000,174,592 | ---- | M] (BitTech Co. Ltd.) -- C:\Users\ralf\AppData\Roaming\phxzbypky.exe [2013/01/21 02:56:08 | 000,174,592 | ---- | M] (BitTech Co. Ltd.) -- C:\Users\ralf\AppData\Local\phxzbypky.exe [2013/01/21 02:56:06 | 000,174,592 | ---- | M] (BitTech Co. Ltd.) -- C:\ProgramData\phxzbypky.exe [2013/01/21 02:55:47 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/20 12:54:37 | 000,003,344 | ---- | M] () -- C:\bootsqm.dat [2013/01/17 18:04:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1872332486-475291910-2526044967-1004UA.job [2013/01/10 07:21:10 | 000,313,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/01/01 12:04:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1872332486-475291910-2526044967-1004Core.job [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/22 11:30:04 | 000,000,000 | ---- | C] () -- C:\Users\ralf\defogger_reenable [2013/01/20 12:54:37 | 000,003,344 | ---- | C] () -- C:\bootsqm.dat [2011/04/05 16:15:00 | 000,000,696 | ---- | C] () -- C:\Users\ralf\Bibliotheken - Verknüpfung.lnk ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010/12/20 17:46:08 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Ashampoo [2010/11/20 13:44:02 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\klickTel [2011/01/04 20:15:48 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Langenscheidt [2012/10/05 09:53:21 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Leadertech [2011/04/05 07:52:21 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\OpenOffice.org [2012/12/29 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\SoftGrid Client [2010/11/20 14:25:11 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\SystemUp [2010/11/14 19:25:21 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\T-Online [2011/06/21 19:01:00 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\TeamViewer [2010/11/14 13:13:25 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Thunderbird [2010/11/20 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\TP [2012/07/11 14:58:02 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Unity [2010/11/18 16:57:55 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 1/22/2013 11:36:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jessi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.18 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 71.69% Memory free
6.35 Gb Paging File | 5.25 Gb Available in Paging File | 82.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 565.07 Gb Total Space | 516.41 Gb Free Space | 91.39% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 9.62 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
Computer Name: RALF-PC | User Name: ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1992D581-232F-4FE2-A165-BCB75AD8B493}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27B49F13-6CF1-45F7-A233-7A34522DA9B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{3BB819C6-98C6-4F6D-86B4-D318F2149588}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44161480-6CD1-4343-B6E6-D0D371D80C9C}" = lport=139 | protocol=6 | dir=in | app=system |
"{49408788-3F47-4374-84F8-B5690FC7550B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4B2BED6B-4E3D-4C2E-B6A5-54FC14B8E731}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4BA22D58-796A-4D62-A738-5EE9F92D4221}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C04D52B-69E2-4774-B90F-000F9A3AD915}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54059DF7-FC37-402D-B088-D2C8F598ED4E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{56D34D7E-7446-463B-8BB5-D8F698039440}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C2FA124-E118-484E-8081-982D18E5D3E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75549B47-AA4F-4DED-A1D5-030A32B3D4B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{7A37B4C9-9530-4DA1-8042-BA654C688657}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8CB9FD0F-5BDF-49B4-A260-5B6E6C12DEC9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99BF49F3-8186-4E13-9362-6E1BEFD478A4}" = rport=138 | protocol=17 | dir=out | app=system |
"{9AE34EDF-27A3-454A-B99D-A8749A41151D}" = lport=138 | protocol=17 | dir=in | app=system |
"{A11A5F2B-D5EE-46EF-B0F8-390A0F72794B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7604BF6-361A-4C01-9C29-E286CC09E746}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C3F090CD-C813-4B2D-9A2C-BC084CB652E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{CF351839-1A63-4793-9F64-33103FD78C61}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D494B5C3-47A7-436F-B88E-79F2B800081A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E39AA0D2-AFE8-4E0B-B03B-17DB0CF2BC6A}" = rport=137 | protocol=17 | dir=out | app=system |
"{ECE899B4-564D-4561-9DFA-91A80D7B464D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0298F489-00FC-434F-82FF-77B79C4671AE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{101694CC-978D-4204-AF2E-84C24C6CE28B}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{2829FBEA-74C1-472C-8A84-AC3DB9514718}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2C9C12E9-3D97-413F-8C5F-2C56B8F5DC7C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{341B4D3B-40B7-4A49-894E-BE199500EFC9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{38A09150-00D8-4DB9-AAD6-AF8371D6DBFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4522982A-CCB3-4158-8276-74BE189C9B4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46A7FE4C-9514-42D7-BE98-38420645B807}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{48E9E3C8-D858-4C7A-B473-86742C41DEE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{51D9E062-BC3E-460A-9DA1-EC00C0E61AFB}" = protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe |
"{58F7FD59-8CFD-4FB8-912A-5ADCF3AB8AFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D21F418-BDED-4FCE-B120-86C63E950BE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{625C91B8-0342-4013-A059-BC58F5ECF94B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{723B0637-366C-4656-A5FD-0C7A6C8C38EF}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{74FC673B-2ACE-4243-B05E-7D9F69C7548A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89ED4FD5-7FFD-4408-A521-889718CF4165}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9001CC0F-C718-4B8A-BD39-BD30142B9EF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{94CCB33B-87A4-4C0A-A7E4-90EF75BDD2AA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{967BB4E1-1EEF-40B2-BBD8-BCA977DF6D74}" = protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe |
"{A34E9A59-3B59-4F41-B8F2-1710240C5D87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BAD36BE9-FD2F-4514-A51B-4D5E2E2ED928}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BBE28281-D8EF-4987-AD41-D7177491BB68}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{C3C352D1-C1D5-4416-9533-71D46F6020BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5EFFBA4-4E7D-4C5E-8405-BCB81D44B38D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C88E4CFF-4308-4ABD-B6FC-D224911761E2}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{D48753A3-757B-45B9-AA03-F9B5A355B28B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D5EF5A9A-D75F-4C69-B37C-FB1F17DBE4F4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E89A5CE1-C5D0-4899-90BC-C8C37B324D5A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{E95727E2-7E46-44C6-A4C1-2392833722BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EF29AF76-127C-4D7C-B307-A745DF8E6CB5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{EFA6A0F6-00ED-4A7F-8AFF-12065E4838FA}" = protocol=6 | dir=out | app=system |
"{F96D13D5-A658-42C8-9F5A-CECBAF6E249B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCE5CD38-4092-4F45-958E-040DDF4D1333}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{33D33F38-E7D4-4F5A-9926-9C83C579A200}C:\users\jessi\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\jessi\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{7836AFC9-DBB1-4BE3-945B-E6B17F9B9929}H:\klasse c\hl.exe" = protocol=6 | dir=in | app=h:\klasse c\hl.exe |
"UDP Query User{2A9EAE9E-240B-493E-B365-F795E215D4F7}H:\klasse c\hl.exe" = protocol=17 | dir=in | app=h:\klasse c\hl.exe |
"UDP Query User{E12C57A7-ADD3-43AF-867B-D8AFA60B211C}C:\users\jessi\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\jessi\appdata\local\facebook\video\skype\facebookvideocalling.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E051BCE7-495F-437D-A429-50F31A58CA50}" = klickTel OEM Herbst 2010
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"HaaliMkx" = Haali Media Splitter
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"LAME_is1" = LAME v3.99.3 (for Windows)
"McAfee Security Scan" = McAfee Security Scan Plus
"Meine Dienste Software" = Meine Dienste Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"TeamViewer 7" = TeamViewer 7
"Telekom Fotoservice" = Telekom Fotoservice
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"zonelink_TUNING_is1" = zoneLINK SystemUp 2009 Tuning
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/14/2012 7:14:55 AM | Computer Name = ralf-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=17:app=Microsoft Word Starter 2010 9014006604070000:tid=8E8:usr=Jessi}
Der
Client konnte keine Verbindung mit Application Virtualization Server herstellen
(Rückgabecode 16001E0A-000001D1).
Error - 4/14/2012 7:15:57 AM | Computer Name = ralf-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=18:app=Microsoft Word Starter 2010 9014006604070000:tid=11C4:usr=Jessi}
Application
Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6114.5002.sft'
herstellen (Rückgabecode 16001E0A-000001D1, ursprünglicher Rückgabecode 16001E0A-000001D1).
Error - 4/14/2012 7:15:57 AM | Computer Name = ralf-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=18:app=Microsoft Word Starter 2010 9014006604070000:tid=11C4:usr=Jessi}
Der
Client konnte keine Verbindung mit Application Virtualization Server herstellen
(Rückgabecode 16001E0A-000001D1).
Error - 4/15/2012 8:40:49 AM | Computer Name = ralf-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=12:app=Microsoft Word Starter 2010 9014006604070000:tid=122C:usr=Jessi}
Application
Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6114.5002.sft'
herstellen (Rückgabecode 16001E0A-000001D1, ursprünglicher Rückgabecode 16001E0A-000001D1).
Error - 4/15/2012 8:40:49 AM | Computer Name = ralf-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=12:app=Microsoft Word Starter 2010 9014006604070000:tid=122C:usr=Jessi}
Der
Client konnte keine Verbindung mit Application Virtualization Server herstellen
(Rückgabecode 16001E0A-000001D1).
Error - 4/15/2012 8:53:34 AM | Computer Name = ralf-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=13:app=Microsoft Word Starter 2010 9014006604070000:tid=1360:usr=Jessi}
Application
Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.6114.5002.sft'
herstellen (Rückgabecode 16001E0A-000001D1, ursprünglicher Rückgabecode 16001E0A-000001D1).
Error - 4/15/2012 8:53:34 AM | Computer Name = ralf-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=13:app=Microsoft Word Starter 2010 9014006604070000:tid=1360:usr=Jessi}
Der
Client konnte keine Verbindung mit Application Virtualization Server herstellen
(Rückgabecode 16001E0A-000001D1).
Error - 4/15/2012 12:35:22 PM | Computer Name = ralf-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 4/18/2012 2:42:44 PM | Computer Name = ralf-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: BITS connection error Type: 150::InternetConnectionFailure.
Error - 4/20/2012 1:04:32 PM | Computer Name = ralf-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
[ Media Center Events ]
Error - 1/5/2011 4:29:54 PM | Computer Name = ralf-PC | Source = MCUpdate | ID = 0
Description = 21:29:54 - Fehler beim Herstellen der Internetverbindung. 21:29:54
- Serververbindung konnte nicht hergestellt werden..
Error - 1/5/2011 4:30:02 PM | Computer Name = ralf-PC | Source = MCUpdate | ID = 0
Description = 21:29:59 - Fehler beim Herstellen der Internetverbindung. 21:29:59
- Serververbindung konnte nicht hergestellt werden..
Error - 6/7/2011 6:39:14 AM | Computer Name = ralf-PC | Source = MCUpdate | ID = 0
Description = 12:39:13 - Fehler beim Herstellen der Internetverbindung. 12:39:14
- Serververbindung konnte nicht hergestellt werden..
Error - 6/7/2011 6:39:23 AM | Computer Name = ralf-PC | Source = MCUpdate | ID = 0
Description = 12:39:19 - Fehler beim Herstellen der Internetverbindung. 12:39:19
- Serververbindung konnte nicht hergestellt werden..
Error - 9/27/2012 1:47:25 AM | Computer Name = ralf-PC | Source = MCUpdate | ID = 0
Description = 07:47:25 - Fehler beim Herstellen der Internetverbindung. 07:47:25
- Serververbindung konnte nicht hergestellt werden..
Error - 9/27/2012 1:50:37 AM | Computer Name = ralf-PC | Source = MCUpdate | ID = 0
Description = 07:50:34 - Fehler beim Herstellen der Internetverbindung. 07:50:34
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 1/22/2013 6:29:58 AM | Computer Name = ralf-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
Error - 1/22/2013 6:29:58 AM | Computer Name = ralf-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
Error - 1/22/2013 6:30:33 AM | Computer Name = ralf-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
Error - 1/22/2013 6:30:33 AM | Computer Name = ralf-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
Error - 1/22/2013 6:32:02 AM | Computer Name = ralf-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
Error - 1/22/2013 6:32:02 AM | Computer Name = ralf-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
Error - 1/22/2013 6:32:02 AM | Computer Name = ralf-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
Error - 1/22/2013 6:44:41 AM | Computer Name = ralf-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
Error - 1/22/2013 6:44:41 AM | Computer Name = ralf-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
Error - 1/22/2013 6:44:41 AM | Computer Name = ralf-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
< End of report >
Den GMER habe ich auch durchlaufen lassen, eigentlich auch die TXT abgespeichert, kann die aber nicht mehr finden. Ist die nach dem Scan noch irgendwo vorhanden?, wenn ja, wo??? Bei den durchläufen mit OTL und GMER kamen beide male, dass die Datein beschädigt sind. War aber nicht schnell genug den Fehler abzuschreiben. Danke schon vorab für die Hilfe. |
|
22.01.2013, 16:59
| #2 |
| /// Malware-holic   | GVU Trojaner, Kaspersky Unlock funktionierte nicht. hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [ieodjrzotp] C:\Users\ralf\AppData\Roaming\phxzbypky.exe (BitTech Co. Ltd.)
[2013/01/20 11:34:00 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- C:\Users\ralf\AppData\Roaming\phxzbypky.exe
[2013/01/20 11:31:48 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- C:\Users\ralf\AppData\Local\phxzbypky.exe
[2013/01/20 11:31:47 | 000,174,592 | ---- | C] (BitTech Co. Ltd.) -- C:\ProgramData\phxzbypky.exe
:Files
C:\Users\ralf\AppData\Roaming\phxzbypky.exe
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
22.01.2013, 18:00
| #3 |
| | GVU Trojaner, Kaspersky Unlock funktionierte nicht. Hallo,
__________________hab die Punkte mal abgearbeitet, alles problemlos geklappt, auch der Upload hat wunderbar funktioniert. Hier noch die Textdatei, die nach dem Neustart erschien. Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ieodjrzotp deleted successfully.
C:\Users\ralf\AppData\Roaming\phxzbypky.exe moved successfully.
File C:\Users\ralf\AppData\Roaming\phxzbypky.exe not found.
C:\Users\ralf\AppData\Local\phxzbypky.exe moved successfully.
C:\ProgramData\phxzbypky.exe moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
|
|
22.01.2013, 18:02
| #4 |
| /// Malware-holic | GVU Trojaner, Kaspersky Unlock funktionierte nicht. hi dann mal weiter: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.01.2013, 19:59
| #5 |
| | GVU Trojaner, Kaspersky Unlock funktionierte nicht. Ok, alles erledigt, hier der Inhalt vom TDSS Killer. Code:
ATTFilter 19:55:01.0043 5464 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:55:01.0233 5464 ============================================================
19:55:01.0233 5464 Current date / time: 2013/01/22 19:55:01.0233
19:55:01.0233 5464 SystemInfo:
19:55:01.0233 5464
19:55:01.0233 5464 OS Version: 6.1.7601 ServicePack: 1.0
19:55:01.0233 5464 Product type: Workstation
19:55:01.0233 5464 ComputerName: RALF-PC
19:55:01.0233 5464 UserName: ralf
19:55:01.0233 5464 Windows directory: C:\Windows
19:55:01.0233 5464 System windows directory: C:\Windows
19:55:01.0233 5464 Processor architecture: Intel x86
19:55:01.0233 5464 Number of processors: 4
19:55:01.0233 5464 Page size: 0x1000
19:55:01.0233 5464 Boot type: Normal boot
19:55:01.0233 5464 ============================================================
19:55:01.0833 5464 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:55:01.0833 5464 ============================================================
19:55:01.0833 5464 \Device\Harddisk0\DR0:
19:55:01.0833 5464 MBR partitions:
19:55:01.0833 5464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:55:01.0833 5464 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x46A24000
19:55:01.0833 5464 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x46A56800, BlocksNum 0x3C00000
19:55:01.0833 5464 ============================================================
19:55:01.0863 5464 C: <-> \Device\Harddisk0\DR0\Partition2
19:55:01.0903 5464 D: <-> \Device\Harddisk0\DR0\Partition3
19:55:01.0903 5464 ============================================================
19:55:01.0903 5464 Initialize success
19:55:01.0903 5464 ============================================================
19:55:49.0078 4836 ============================================================
19:55:49.0078 4836 Scan started
19:55:49.0078 4836 Mode: Manual; SigCheck; TDLFS;
19:55:49.0078 4836 ============================================================
19:55:49.0437 4836 ================ Scan system memory ========================
19:55:49.0437 4836 System memory - ok
19:55:49.0437 4836 ================ Scan services =============================
19:55:49.0609 4836 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:55:49.0749 4836 1394ohci - ok
19:55:49.0796 4836 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:55:49.0843 4836 ACPI - ok
19:55:49.0889 4836 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:55:49.0936 4836 AcpiPmi - ok
19:55:50.0030 4836 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:55:50.0061 4836 AdobeFlashPlayerUpdateSvc - ok
19:55:50.0123 4836 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:55:50.0170 4836 adp94xx - ok
19:55:50.0201 4836 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:55:50.0248 4836 adpahci - ok
19:55:50.0295 4836 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:55:50.0326 4836 adpu320 - ok
19:55:50.0373 4836 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:55:50.0435 4836 AeLookupSvc - ok
19:55:50.0498 4836 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:55:50.0545 4836 AFD - ok
19:55:50.0591 4836 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:55:50.0623 4836 agp440 - ok
19:55:50.0669 4836 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:55:50.0701 4836 aic78xx - ok
19:55:50.0747 4836 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:55:50.0825 4836 ALG - ok
19:55:50.0857 4836 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:55:50.0888 4836 aliide - ok
19:55:50.0919 4836 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:55:50.0950 4836 amdagp - ok
19:55:50.0981 4836 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:55:51.0013 4836 amdide - ok
19:55:51.0044 4836 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:55:51.0091 4836 AmdK8 - ok
19:55:51.0106 4836 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:55:51.0184 4836 AmdPPM - ok
19:55:51.0215 4836 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:55:51.0262 4836 amdsata - ok
19:55:51.0293 4836 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:55:51.0340 4836 amdsbs - ok
19:55:51.0371 4836 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:55:51.0403 4836 amdxata - ok
19:55:51.0496 4836 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:55:51.0527 4836 AntiVirSchedulerService - ok
19:55:51.0590 4836 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:55:51.0621 4836 AntiVirService - ok
19:55:51.0699 4836 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:55:51.0730 4836 AntiVirWebService - ok
19:55:51.0761 4836 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:55:51.0855 4836 AppID - ok
19:55:51.0902 4836 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:55:51.0995 4836 AppIDSvc - ok
19:55:52.0027 4836 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:55:52.0105 4836 Appinfo - ok
19:55:52.0136 4836 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:55:52.0183 4836 arc - ok
19:55:52.0214 4836 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:55:52.0245 4836 arcsas - ok
19:55:52.0292 4836 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:55:52.0370 4836 AsyncMac - ok
19:55:52.0432 4836 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:55:52.0463 4836 atapi - ok
19:55:52.0526 4836 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:55:52.0619 4836 AudioEndpointBuilder - ok
19:55:52.0619 4836 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:55:52.0697 4836 Audiosrv - ok
19:55:52.0744 4836 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:55:52.0994 4836 avgntflt - ok
19:55:53.0041 4836 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:55:53.0087 4836 avipbb - ok
19:55:53.0134 4836 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:55:53.0165 4836 avkmgr - ok
19:55:53.0197 4836 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:55:53.0306 4836 AxInstSV - ok
19:55:53.0368 4836 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:55:53.0446 4836 b06bdrv - ok
19:55:53.0493 4836 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:55:53.0555 4836 b57nd60x - ok
19:55:53.0649 4836 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
19:55:53.0680 4836 BBSvc - ok
19:55:53.0743 4836 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
19:55:53.0774 4836 BBUpdate - ok
19:55:53.0836 4836 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:55:53.0914 4836 BDESVC - ok
19:55:53.0930 4836 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:55:54.0023 4836 Beep - ok
19:55:54.0086 4836 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:55:54.0179 4836 BFE - ok
19:55:54.0226 4836 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:55:54.0304 4836 BITS - ok
19:55:54.0351 4836 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:55:54.0382 4836 blbdrive - ok
19:55:54.0413 4836 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:55:54.0460 4836 bowser - ok
19:55:54.0491 4836 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:55:54.0538 4836 BrFiltLo - ok
19:55:54.0554 4836 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:55:54.0616 4836 BrFiltUp - ok
19:55:54.0663 4836 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:55:54.0725 4836 Browser - ok
19:55:54.0741 4836 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:55:54.0819 4836 Brserid - ok
19:55:54.0835 4836 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:55:54.0897 4836 BrSerWdm - ok
19:55:54.0928 4836 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:55:54.0991 4836 BrUsbMdm - ok
19:55:55.0022 4836 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:55:55.0069 4836 BrUsbSer - ok
19:55:55.0100 4836 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:55:55.0162 4836 BTHMODEM - ok
19:55:55.0209 4836 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:55:55.0303 4836 bthserv - ok
19:55:55.0318 4836 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:55:55.0412 4836 cdfs - ok
19:55:55.0443 4836 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:55:55.0505 4836 cdrom - ok
19:55:55.0552 4836 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:55:55.0646 4836 CertPropSvc - ok
19:55:55.0661 4836 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:55:55.0724 4836 circlass - ok
19:55:55.0755 4836 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:55:55.0786 4836 CLFS - ok
19:55:55.0880 4836 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:55.0911 4836 clr_optimization_v2.0.50727_32 - ok
19:55:55.0973 4836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:55:55.0989 4836 clr_optimization_v4.0.30319_32 - ok
19:55:56.0020 4836 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:55:56.0083 4836 CmBatt - ok
19:55:56.0114 4836 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:55:56.0145 4836 cmdide - ok
19:55:56.0176 4836 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:55:56.0254 4836 CNG - ok
19:55:56.0285 4836 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:55:56.0317 4836 Compbatt - ok
19:55:56.0379 4836 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:55:56.0457 4836 CompositeBus - ok
19:55:56.0488 4836 COMSysApp - ok
19:55:56.0519 4836 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:55:56.0551 4836 crcdisk - ok
19:55:56.0597 4836 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:55:56.0675 4836 CryptSvc - ok
19:55:56.0769 4836 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:55:56.0831 4836 cvhsvc - ok
19:55:56.0894 4836 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:55:56.0987 4836 DcomLaunch - ok
19:55:57.0034 4836 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:55:57.0143 4836 defragsvc - ok
19:55:57.0175 4836 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:55:57.0268 4836 DfsC - ok
19:55:57.0315 4836 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:55:57.0377 4836 Dhcp - ok
19:55:57.0409 4836 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:55:57.0487 4836 discache - ok
19:55:57.0549 4836 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:55:57.0580 4836 Disk - ok
19:55:57.0611 4836 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:55:57.0674 4836 Dnscache - ok
19:55:57.0736 4836 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:55:57.0830 4836 dot3svc - ok
19:55:57.0861 4836 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:55:57.0955 4836 DPS - ok
19:55:57.0986 4836 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:55:58.0033 4836 drmkaud - ok
19:55:58.0079 4836 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:55:58.0157 4836 DXGKrnl - ok
19:55:58.0204 4836 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:55:58.0282 4836 EapHost - ok
19:55:58.0391 4836 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:55:58.0547 4836 ebdrv - ok
19:55:58.0579 4836 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:55:58.0610 4836 EFS - ok
19:55:58.0672 4836 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:55:58.0781 4836 ehRecvr - ok
19:55:58.0797 4836 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:55:58.0875 4836 ehSched - ok
19:55:58.0922 4836 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:55:58.0984 4836 elxstor - ok
19:55:59.0000 4836 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:55:59.0047 4836 ErrDev - ok
19:55:59.0093 4836 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:55:59.0187 4836 EventSystem - ok
19:55:59.0218 4836 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:55:59.0312 4836 exfat - ok
19:55:59.0327 4836 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:55:59.0405 4836 fastfat - ok
19:55:59.0452 4836 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:55:59.0515 4836 Fax - ok
19:55:59.0561 4836 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:55:59.0608 4836 fdc - ok
19:55:59.0639 4836 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:55:59.0717 4836 fdPHost - ok
19:55:59.0749 4836 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:55:59.0827 4836 FDResPub - ok
19:55:59.0858 4836 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:55:59.0889 4836 FileInfo - ok
19:55:59.0905 4836 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:55:59.0998 4836 Filetrace - ok
19:56:00.0045 4836 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:56:00.0076 4836 flpydisk - ok
19:56:00.0107 4836 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:56:00.0154 4836 FltMgr - ok
19:56:00.0201 4836 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:56:00.0295 4836 FontCache - ok
19:56:00.0357 4836 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:56:00.0388 4836 FontCache3.0.0.0 - ok
19:56:00.0419 4836 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:56:00.0451 4836 FsDepends - ok
19:56:00.0482 4836 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:56:00.0513 4836 Fs_Rec - ok
19:56:00.0544 4836 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:56:00.0607 4836 fvevol - ok
19:56:00.0653 4836 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:56:00.0685 4836 gagp30kx - ok
19:56:00.0731 4836 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:56:00.0825 4836 gpsvc - ok
19:56:00.0903 4836 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:56:00.0934 4836 gusvc - ok
19:56:00.0965 4836 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:56:01.0028 4836 hcw85cir - ok
19:56:01.0075 4836 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:56:01.0153 4836 HdAudAddService - ok
19:56:01.0199 4836 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:56:01.0231 4836 HDAudBus - ok
19:56:01.0277 4836 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
19:56:01.0324 4836 HECI - ok
19:56:01.0355 4836 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:56:01.0402 4836 HidBatt - ok
19:56:01.0433 4836 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:56:01.0511 4836 HidBth - ok
19:56:01.0543 4836 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:56:01.0605 4836 HidIr - ok
19:56:01.0621 4836 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:56:01.0699 4836 hidserv - ok
19:56:01.0730 4836 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:56:01.0777 4836 HidUsb - ok
19:56:01.0808 4836 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:56:01.0901 4836 hkmsvc - ok
19:56:01.0933 4836 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:56:02.0011 4836 HomeGroupListener - ok
19:56:02.0042 4836 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:56:02.0120 4836 HomeGroupProvider - ok
19:56:02.0151 4836 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:56:02.0198 4836 HpSAMD - ok
19:56:02.0245 4836 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:56:02.0323 4836 HTTP - ok
19:56:02.0354 4836 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:56:02.0385 4836 hwpolicy - ok
19:56:02.0432 4836 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:56:02.0479 4836 i8042prt - ok
19:56:02.0541 4836 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:56:02.0557 4836 iaStor - ok
19:56:02.0666 4836 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:56:02.0681 4836 IAStorDataMgrSvc - ok
19:56:02.0728 4836 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:56:02.0791 4836 iaStorV - ok
19:56:02.0853 4836 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:56:02.0947 4836 idsvc - ok
19:56:03.0181 4836 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:56:03.0571 4836 igfx - ok
19:56:03.0602 4836 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:56:03.0633 4836 iirsp - ok
19:56:03.0680 4836 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:56:03.0758 4836 IKEEXT - ok
19:56:03.0836 4836 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:56:03.0883 4836 Impcd - ok
19:56:03.0992 4836 [ ACEC5BBEE4AA34D74BE0E2E512CC2026 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:56:04.0179 4836 IntcAzAudAddService - ok
19:56:04.0226 4836 [ AF6D1E38BCE11DABA4C01D6A6DE94410 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:56:04.0273 4836 IntcDAud - ok
19:56:04.0319 4836 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:56:04.0351 4836 intelide - ok
19:56:04.0382 4836 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:56:04.0413 4836 intelppm - ok
19:56:04.0444 4836 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:56:04.0538 4836 IPBusEnum - ok
19:56:04.0569 4836 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:56:04.0647 4836 IpFilterDriver - ok
19:56:04.0694 4836 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:56:04.0741 4836 iphlpsvc - ok
19:56:04.0772 4836 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:56:04.0819 4836 IPMIDRV - ok
19:56:04.0850 4836 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:56:04.0943 4836 IPNAT - ok
19:56:04.0975 4836 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:56:05.0021 4836 IRENUM - ok
19:56:05.0053 4836 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:56:05.0084 4836 isapnp - ok
19:56:05.0115 4836 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:56:05.0162 4836 iScsiPrt - ok
19:56:05.0193 4836 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:56:05.0224 4836 kbdclass - ok
19:56:05.0255 4836 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:56:05.0318 4836 kbdhid - ok
19:56:05.0333 4836 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:56:05.0365 4836 KeyIso - ok
19:56:05.0380 4836 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:56:05.0411 4836 KSecDD - ok
19:56:05.0443 4836 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:56:05.0489 4836 KSecPkg - ok
19:56:05.0521 4836 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:56:05.0614 4836 KtmRm - ok
19:56:05.0645 4836 [ 4566FD5F4416E7FEF3600E4B30D086C3 ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
19:56:05.0677 4836 L1C - ok
19:56:05.0723 4836 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:56:05.0786 4836 LanmanServer - ok
19:56:05.0817 4836 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:56:05.0911 4836 LanmanWorkstation - ok
19:56:05.0942 4836 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:56:06.0035 4836 lltdio - ok
19:56:06.0067 4836 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:56:06.0176 4836 lltdsvc - ok
19:56:06.0191 4836 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:56:06.0254 4836 lmhosts - ok
19:56:06.0316 4836 [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:56:06.0332 4836 LMS - ok
19:56:06.0379 4836 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:56:06.0425 4836 LSI_FC - ok
19:56:06.0441 4836 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:56:06.0488 4836 LSI_SAS - ok
19:56:06.0519 4836 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:56:06.0550 4836 LSI_SAS2 - ok
19:56:06.0566 4836 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:56:06.0597 4836 LSI_SCSI - ok
19:56:06.0644 4836 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:56:06.0722 4836 luafv - ok
19:56:06.0831 4836 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
19:56:06.0862 4836 McComponentHostService - ok
19:56:06.0893 4836 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:56:06.0940 4836 Mcx2Svc - ok
19:56:06.0971 4836 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:56:07.0003 4836 megasas - ok
19:56:07.0034 4836 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:56:07.0081 4836 MegaSR - ok
19:56:07.0127 4836 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:56:07.0205 4836 MMCSS - ok
19:56:07.0268 4836 [ 5B9CA81817E046666E7ABF8B9B101545 ] mod7700 C:\Windows\system32\DRIVERS\mod7700.sys
19:56:07.0346 4836 mod7700 - ok
19:56:07.0361 4836 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:56:07.0455 4836 Modem - ok
19:56:07.0486 4836 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:56:07.0517 4836 monitor - ok
19:56:07.0564 4836 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:56:07.0595 4836 mouclass - ok
19:56:07.0627 4836 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:56:07.0673 4836 mouhid - ok
19:56:07.0720 4836 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:56:07.0751 4836 mountmgr - ok
19:56:07.0829 4836 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:56:07.0876 4836 MozillaMaintenance - ok
19:56:07.0907 4836 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:56:07.0954 4836 mpio - ok
19:56:07.0985 4836 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:56:08.0063 4836 mpsdrv - ok
19:56:08.0110 4836 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:56:08.0204 4836 MpsSvc - ok
19:56:08.0251 4836 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:56:08.0297 4836 MRxDAV - ok
19:56:08.0344 4836 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:56:08.0391 4836 mrxsmb - ok
19:56:08.0422 4836 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:56:08.0469 4836 mrxsmb10 - ok
19:56:08.0500 4836 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:56:08.0547 4836 mrxsmb20 - ok
19:56:08.0578 4836 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:56:08.0609 4836 msahci - ok
19:56:08.0656 4836 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:56:08.0687 4836 msdsm - ok
19:56:08.0703 4836 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:56:08.0765 4836 MSDTC - ok
19:56:08.0812 4836 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:56:08.0890 4836 Msfs - ok
19:56:08.0906 4836 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:56:08.0984 4836 mshidkmdf - ok
19:56:09.0015 4836 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:56:09.0046 4836 msisadrv - ok
19:56:09.0093 4836 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:56:09.0187 4836 MSiSCSI - ok
19:56:09.0187 4836 msiserver - ok
19:56:09.0218 4836 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:56:09.0296 4836 MSKSSRV - ok
19:56:09.0296 4836 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:56:09.0374 4836 MSPCLOCK - ok
19:56:09.0389 4836 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:56:09.0436 4836 MSPQM - ok
19:56:09.0452 4836 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:56:09.0483 4836 MsRPC - ok
19:56:09.0499 4836 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:56:09.0514 4836 mssmbios - ok
19:56:09.0530 4836 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:56:09.0577 4836 MSTEE - ok
19:56:09.0608 4836 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:56:09.0623 4836 MTConfig - ok
19:56:09.0655 4836 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:56:09.0686 4836 Mup - ok
19:56:09.0733 4836 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:56:09.0811 4836 napagent - ok
19:56:09.0873 4836 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:56:09.0920 4836 NativeWifiP - ok
19:56:09.0967 4836 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:56:10.0029 4836 NDIS - ok
19:56:10.0045 4836 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:56:10.0123 4836 NdisCap - ok
19:56:10.0154 4836 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:56:10.0232 4836 NdisTapi - ok
19:56:10.0263 4836 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:56:10.0357 4836 Ndisuio - ok
19:56:10.0388 4836 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:56:10.0466 4836 NdisWan - ok
19:56:10.0466 4836 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:56:10.0559 4836 NDProxy - ok
19:56:10.0591 4836 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:56:10.0669 4836 NetBIOS - ok
19:56:10.0700 4836 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:56:10.0762 4836 NetBT - ok
19:56:10.0793 4836 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:56:10.0825 4836 Netlogon - ok
19:56:10.0871 4836 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:56:10.0965 4836 Netman - ok
19:56:10.0965 4836 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:56:11.0059 4836 netprofm - ok
19:56:11.0090 4836 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:56:11.0121 4836 NetTcpPortSharing - ok
19:56:11.0168 4836 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:56:11.0199 4836 nfrd960 - ok
19:56:11.0230 4836 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:56:11.0277 4836 NlaSvc - ok
19:56:11.0293 4836 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:56:11.0371 4836 Npfs - ok
19:56:11.0402 4836 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:56:11.0480 4836 nsi - ok
19:56:11.0511 4836 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:56:11.0605 4836 nsiproxy - ok
19:56:11.0667 4836 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:56:11.0776 4836 Ntfs - ok
19:56:11.0776 4836 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:56:11.0854 4836 Null - ok
19:56:11.0885 4836 [ 03AD379554B50FA1802BE4EC2E291E92 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:56:11.0917 4836 nusb3hub - ok
19:56:11.0963 4836 [ 06FE87C9D181AF5F04D192E604E10E6C ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:56:12.0010 4836 nusb3xhc - ok
19:56:12.0307 4836 [ 011C6E2E44A36ED7ACB57FD6197F0516 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:56:12.0884 4836 nvlddmkm - ok
19:56:12.0946 4836 [ 47188871F2A151746A93DEEF0DBC26D9 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
19:56:12.0962 4836 nvpciflt - ok
19:56:12.0993 4836 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:56:13.0024 4836 nvraid - ok
19:56:13.0040 4836 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:56:13.0071 4836 nvstor - ok
19:56:13.0102 4836 [ 07428D1C6FA4011085E8610AA37769E5 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:56:13.0118 4836 nvsvc - ok
19:56:13.0211 4836 [ 6CC0B075295589730917B17ECBBCB6B3 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:56:13.0289 4836 nvUpdatusService - ok
19:56:13.0336 4836 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:56:13.0367 4836 nv_agp - ok
19:56:13.0399 4836 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:56:13.0477 4836 ohci1394 - ok
19:56:13.0523 4836 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:56:13.0539 4836 ose - ok
19:56:13.0679 4836 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:56:13.0929 4836 osppsvc - ok
19:56:13.0960 4836 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:56:14.0023 4836 p2pimsvc - ok
19:56:14.0069 4836 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:56:14.0101 4836 p2psvc - ok
19:56:14.0132 4836 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:56:14.0163 4836 Parport - ok
19:56:14.0194 4836 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:56:14.0225 4836 partmgr - ok
19:56:14.0241 4836 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:56:14.0288 4836 Parvdm - ok
19:56:14.0319 4836 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:56:14.0350 4836 PcaSvc - ok
19:56:14.0381 4836 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:56:14.0413 4836 pci - ok
19:56:14.0428 4836 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:56:14.0459 4836 pciide - ok
19:56:14.0506 4836 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:56:14.0553 4836 pcmcia - ok
19:56:14.0569 4836 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:56:14.0615 4836 pcw - ok
19:56:14.0647 4836 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:56:14.0771 4836 PEAUTH - ok
19:56:14.0834 4836 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:56:14.0990 4836 pla - ok
19:56:15.0052 4836 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:56:15.0130 4836 PlugPlay - ok
19:56:15.0146 4836 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:56:15.0193 4836 PNRPAutoReg - ok
19:56:15.0239 4836 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:56:15.0271 4836 PNRPsvc - ok
19:56:15.0302 4836 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:56:15.0411 4836 PolicyAgent - ok
19:56:15.0442 4836 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:56:15.0520 4836 Power - ok
19:56:15.0567 4836 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:56:15.0661 4836 PptpMiniport - ok
19:56:15.0676 4836 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:56:15.0739 4836 Processor - ok
19:56:15.0770 4836 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:56:15.0832 4836 ProfSvc - ok
19:56:15.0832 4836 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:56:15.0863 4836 ProtectedStorage - ok
19:56:15.0895 4836 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:56:15.0988 4836 Psched - ok
19:56:16.0019 4836 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:56:16.0051 4836 PSI_SVC_2 - ok
19:56:16.0113 4836 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:56:16.0222 4836 ql2300 - ok
19:56:16.0238 4836 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:56:16.0285 4836 ql40xx - ok
19:56:16.0316 4836 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:56:16.0378 4836 QWAVE - ok
19:56:16.0425 4836 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:56:16.0472 4836 QWAVEdrv - ok
19:56:16.0503 4836 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:56:16.0581 4836 RasAcd - ok
19:56:16.0612 4836 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:56:16.0690 4836 RasAgileVpn - ok
19:56:16.0721 4836 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:56:16.0799 4836 RasAuto - ok
19:56:16.0815 4836 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:56:16.0909 4836 Rasl2tp - ok
19:56:16.0940 4836 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:56:17.0033 4836 RasMan - ok
19:56:17.0049 4836 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:56:17.0127 4836 RasPppoe - ok
19:56:17.0158 4836 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:56:17.0252 4836 RasSstp - ok
19:56:17.0283 4836 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:56:17.0392 4836 rdbss - ok
19:56:17.0423 4836 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:56:17.0470 4836 rdpbus - ok
19:56:17.0517 4836 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:56:17.0595 4836 RDPCDD - ok
19:56:17.0642 4836 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:56:17.0720 4836 RDPENCDD - ok
19:56:17.0735 4836 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:56:17.0813 4836 RDPREFMP - ok
19:56:17.0845 4836 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:56:17.0907 4836 RDPWD - ok
19:56:17.0938 4836 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:56:17.0969 4836 rdyboost - ok
19:56:18.0032 4836 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:56:18.0110 4836 RemoteAccess - ok
19:56:18.0141 4836 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:56:18.0235 4836 RemoteRegistry - ok
19:56:18.0344 4836 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
19:56:18.0375 4836 RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:56:18.0375 4836 RichVideo - detected UnsignedFile.Multi.Generic (1)
19:56:18.0422 4836 [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
19:56:18.0484 4836 RimUsb - ok
19:56:18.0515 4836 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:56:18.0609 4836 RpcEptMapper - ok
19:56:18.0640 4836 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:56:18.0687 4836 RpcLocator - ok
19:56:18.0718 4836 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:56:18.0781 4836 RpcSs - ok
19:56:18.0843 4836 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:56:18.0921 4836 rspndr - ok
19:56:18.0983 4836 [ 0340A381B920A6E68178B832889F33F8 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
19:56:19.0015 4836 RSUSBSTOR - ok
19:56:19.0061 4836 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
19:56:19.0124 4836 RTL8167 - ok
19:56:19.0171 4836 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
19:56:19.0233 4836 rtl8192se - ok
19:56:19.0249 4836 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:56:19.0280 4836 SamSs - ok
19:56:19.0327 4836 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:56:19.0374 4836 sbp2port - ok
19:56:19.0405 4836 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:56:19.0498 4836 SCardSvr - ok
19:56:19.0514 4836 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:56:19.0608 4836 scfilter - ok
19:56:19.0639 4836 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:56:19.0732 4836 Schedule - ok
19:56:19.0764 4836 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:56:19.0810 4836 SCPolicySvc - ok
19:56:19.0826 4836 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:56:19.0904 4836 SDRSVC - ok
19:56:19.0935 4836 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:56:20.0029 4836 secdrv - ok
19:56:20.0044 4836 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:56:20.0138 4836 seclogon - ok
19:56:20.0169 4836 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:56:20.0247 4836 SENS - ok
19:56:20.0263 4836 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:56:20.0310 4836 SensrSvc - ok
19:56:20.0356 4836 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:56:20.0403 4836 Serenum - ok
19:56:20.0434 4836 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:56:20.0481 4836 Serial - ok
19:56:20.0512 4836 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:56:20.0559 4836 sermouse - ok
19:56:20.0590 4836 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:56:20.0700 4836 SessionEnv - ok
19:56:20.0715 4836 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:56:20.0762 4836 sffdisk - ok
19:56:20.0762 4836 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:56:20.0809 4836 sffp_mmc - ok
19:56:20.0824 4836 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:56:20.0871 4836 sffp_sd - ok
19:56:20.0902 4836 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:56:20.0949 4836 sfloppy - ok
19:56:20.0996 4836 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:56:21.0058 4836 Sftfs - ok
19:56:21.0121 4836 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
19:56:21.0168 4836 sftlist - ok
19:56:21.0183 4836 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:56:21.0230 4836 Sftplay - ok
19:56:21.0246 4836 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:56:21.0261 4836 Sftredir - ok
19:56:21.0277 4836 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:56:21.0308 4836 Sftvol - ok
19:56:21.0324 4836 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
19:56:21.0339 4836 sftvsa - ok
19:56:21.0386 4836 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:56:21.0495 4836 SharedAccess - ok
19:56:21.0542 4836 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:56:21.0620 4836 ShellHWDetection - ok
19:56:21.0636 4836 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:56:21.0682 4836 sisagp - ok
19:56:21.0714 4836 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:56:21.0745 4836 SiSRaid2 - ok
19:56:21.0776 4836 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:56:21.0807 4836 SiSRaid4 - ok
19:56:21.0854 4836 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:56:21.0948 4836 SkypeUpdate - ok
19:56:21.0979 4836 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:56:22.0072 4836 Smb - ok
19:56:22.0104 4836 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:56:22.0166 4836 SNMPTRAP - ok
19:56:22.0182 4836 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:56:22.0213 4836 spldr - ok
19:56:22.0260 4836 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:56:22.0322 4836 Spooler - ok
19:56:22.0416 4836 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:56:22.0587 4836 sppsvc - ok
19:56:22.0603 4836 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:56:22.0696 4836 sppuinotify - ok
19:56:22.0728 4836 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:56:22.0806 4836 srv - ok
19:56:22.0821 4836 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:56:22.0899 4836 srv2 - ok
19:56:22.0915 4836 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:56:22.0962 4836 srvnet - ok
19:56:22.0993 4836 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:56:23.0071 4836 SSDPSRV - ok
19:56:23.0133 4836 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:56:23.0164 4836 ssmdrv - ok
19:56:23.0180 4836 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:56:23.0274 4836 SstpSvc - ok
19:56:23.0305 4836 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:56:23.0336 4836 stexstor - ok
19:56:23.0383 4836 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:56:23.0445 4836 StiSvc - ok
19:56:23.0476 4836 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:56:23.0508 4836 swenum - ok
19:56:23.0523 4836 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:56:23.0617 4836 swprv - ok
19:56:23.0664 4836 [ D776EB85A20696D9D43129CCF6E703E2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:56:23.0695 4836 SynTP - ok
19:56:23.0742 4836 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:56:23.0835 4836 SysMain - ok
19:56:23.0866 4836 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:56:23.0944 4836 TabletInputService - ok
19:56:23.0976 4836 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:56:24.0054 4836 TapiSrv - ok
19:56:24.0100 4836 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:56:24.0178 4836 TBS - ok
19:56:24.0241 4836 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:56:24.0334 4836 Tcpip - ok
19:56:24.0381 4836 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:56:24.0459 4836 TCPIP6 - ok
19:56:24.0475 4836 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:56:24.0506 4836 tcpipreg - ok
19:56:24.0553 4836 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:56:24.0615 4836 TDPIPE - ok
19:56:24.0631 4836 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:56:24.0662 4836 TDTCP - ok
19:56:24.0693 4836 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:56:24.0771 4836 tdx - ok
19:56:24.0880 4836 [ 2A64C802F4C8AA00AC8472C771688E00 ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
19:56:24.0974 4836 TeamViewer5 - ok
19:56:25.0099 4836 [ 33966A658FF37E0C65D46E59F37E2380 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:56:25.0239 4836 TeamViewer7 - ok
19:56:25.0255 4836 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:56:25.0286 4836 TermDD - ok
19:56:25.0333 4836 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:56:25.0426 4836 TermService - ok
19:56:25.0442 4836 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:56:25.0473 4836 Themes - ok
19:56:25.0473 4836 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:56:25.0536 4836 THREADORDER - ok
19:56:25.0536 4836 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:56:25.0598 4836 TrkWks - ok
19:56:25.0660 4836 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:56:25.0723 4836 TrustedInstaller - ok
19:56:25.0754 4836 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:56:25.0832 4836 tssecsrv - ok
19:56:25.0879 4836 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:56:25.0941 4836 TsUsbFlt - ok
19:56:25.0972 4836 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:56:26.0050 4836 tunnel - ok
19:56:26.0082 4836 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:56:26.0113 4836 uagp35 - ok
19:56:26.0144 4836 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:56:26.0238 4836 udfs - ok
19:56:26.0269 4836 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:56:26.0331 4836 UI0Detect - ok
19:56:26.0362 4836 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:56:26.0394 4836 uliagpkx - ok
19:56:26.0440 4836 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:56:26.0487 4836 umbus - ok
19:56:26.0534 4836 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:56:26.0581 4836 UmPass - ok
19:56:26.0674 4836 [ AF905F4966CFC8B973623AB150CD4B2B ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:56:26.0799 4836 UNS - ok
19:56:26.0815 4836 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:56:26.0908 4836 upnphost - ok
19:56:26.0971 4836 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:56:27.0033 4836 usbaudio - ok
19:56:27.0064 4836 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:56:27.0111 4836 usbccgp - ok
19:56:27.0127 4836 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:56:27.0189 4836 usbcir - ok
19:56:27.0220 4836 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:56:27.0252 4836 usbehci - ok
19:56:27.0283 4836 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:56:27.0330 4836 usbhub - ok
19:56:27.0361 4836 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:56:27.0408 4836 usbohci - ok
19:56:27.0423 4836 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:56:27.0454 4836 usbprint - ok
19:56:27.0486 4836 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:56:27.0548 4836 USBSTOR - ok
19:56:27.0579 4836 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:56:27.0626 4836 usbuhci - ok
19:56:27.0673 4836 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:56:27.0735 4836 usbvideo - ok
19:56:27.0798 4836 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
19:56:27.0844 4836 usb_rndisx - ok
19:56:27.0876 4836 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:56:27.0954 4836 UxSms - ok
19:56:27.0969 4836 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:56:28.0000 4836 VaultSvc - ok
19:56:28.0032 4836 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:56:28.0063 4836 vdrvroot - ok
19:56:28.0094 4836 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:56:28.0203 4836 vds - ok
19:56:28.0250 4836 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:56:28.0297 4836 vga - ok
19:56:28.0312 4836 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:56:28.0390 4836 VgaSave - ok
19:56:28.0422 4836 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:56:28.0453 4836 vhdmp - ok
19:56:28.0500 4836 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:56:28.0531 4836 viaagp - ok
19:56:28.0546 4836 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:56:28.0593 4836 ViaC7 - ok
19:56:28.0624 4836 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:56:28.0671 4836 viaide - ok
19:56:28.0671 4836 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:56:28.0718 4836 volmgr - ok
19:56:28.0749 4836 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:56:28.0796 4836 volmgrx - ok
19:56:28.0827 4836 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:56:28.0874 4836 volsnap - ok
19:56:28.0921 4836 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:56:28.0968 4836 vsmraid - ok
19:56:29.0014 4836 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:56:29.0108 4836 VSS - ok
19:56:29.0124 4836 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:56:29.0170 4836 vwifibus - ok
19:56:29.0186 4836 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:56:29.0248 4836 vwififlt - ok
19:56:29.0280 4836 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:56:29.0326 4836 vwifimp - ok
19:56:29.0373 4836 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:56:29.0467 4836 W32Time - ok
19:56:29.0482 4836 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:56:29.0529 4836 WacomPen - ok
19:56:29.0576 4836 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:56:29.0638 4836 WANARP - ok
19:56:29.0654 4836 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:56:29.0716 4836 Wanarpv6 - ok
19:56:29.0763 4836 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:56:29.0857 4836 wbengine - ok
19:56:29.0888 4836 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:56:29.0935 4836 WbioSrvc - ok
19:56:29.0982 4836 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:56:30.0044 4836 wcncsvc - ok
19:56:30.0060 4836 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:56:30.0138 4836 WcsPlugInService - ok
19:56:30.0169 4836 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:56:30.0200 4836 Wd - ok
19:56:30.0231 4836 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:56:30.0309 4836 Wdf01000 - ok
19:56:30.0325 4836 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:56:30.0418 4836 WdiServiceHost - ok
19:56:30.0418 4836 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:56:30.0465 4836 WdiSystemHost - ok
19:56:30.0496 4836 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:56:30.0574 4836 WebClient - ok
19:56:30.0606 4836 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:56:30.0684 4836 Wecsvc - ok
19:56:30.0715 4836 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:56:30.0793 4836 wercplsupport - ok
19:56:30.0824 4836 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:56:30.0918 4836 WerSvc - ok
19:56:30.0980 4836 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:56:31.0058 4836 WfpLwf - ok
19:56:31.0136 4836 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:56:31.0167 4836 WIMMount - ok
19:56:31.0276 4836 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:56:31.0339 4836 WinDefend - ok
19:56:31.0339 4836 WinHttpAutoProxySvc - ok
19:56:31.0432 4836 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:56:31.0510 4836 Winmgmt - ok
19:56:31.0620 4836 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:56:31.0760 4836 WinRM - ok
19:56:31.0822 4836 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:56:31.0885 4836 WinUsb - ok
19:56:31.0916 4836 [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc C:\Program Files\Launch Manager\WisLMSvc.exe
19:56:31.0947 4836 WisLMSvc - ok
19:56:31.0994 4836 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:56:32.0072 4836 Wlansvc - ok
19:56:32.0103 4836 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:56:32.0150 4836 WmiAcpi - ok
19:56:32.0181 4836 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:56:32.0212 4836 wmiApSrv - ok
19:56:32.0306 4836 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:56:32.0384 4836 WMPNetworkSvc - ok
19:56:32.0415 4836 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:56:32.0478 4836 WPCSvc - ok
19:56:32.0493 4836 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:56:32.0556 4836 WPDBusEnum - ok
19:56:32.0602 4836 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:56:32.0665 4836 ws2ifsl - ok
19:56:32.0680 4836 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:56:32.0727 4836 wscsvc - ok
19:56:32.0743 4836 WSearch - ok
19:56:32.0805 4836 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:56:32.0914 4836 wuauserv - ok
19:56:32.0946 4836 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:56:32.0977 4836 WudfPf - ok
19:56:32.0992 4836 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:56:33.0008 4836 WUDFRd - ok
19:56:33.0024 4836 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:56:33.0055 4836 wudfsvc - ok
19:56:33.0086 4836 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:56:33.0133 4836 WwanSvc - ok
19:56:33.0180 4836 [ 1F93FCB5BAB3A921ECBA522F63586F4A ] X10Hid C:\Windows\System32\Drivers\x10hid.sys
19:56:33.0211 4836 X10Hid - ok
19:56:33.0273 4836 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
19:56:33.0304 4836 x10nets ( UnsignedFile.Multi.Generic ) - warning
19:56:33.0304 4836 x10nets - detected UnsignedFile.Multi.Generic (1)
19:56:33.0336 4836 [ 378DC1B0B1F62A7488EE8D31A3C6E949 ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
19:56:33.0367 4836 XUIF - ok
19:56:33.0460 4836 [ 82FA1A47C2BB762203BFAFFCFE2ECF47 ] zoneLINKDefrag C:\Program Files\zoneLINK\SystemUp 2009\Tuning\DefragService.exe
19:56:33.0570 4836 zoneLINKDefrag - ok
19:56:33.0616 4836 ================ Scan global ===============================
19:56:33.0648 4836 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:56:33.0663 4836 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
19:56:33.0679 4836 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
19:56:33.0710 4836 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:56:33.0741 4836 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:56:33.0757 4836 [Global] - ok
19:56:33.0757 4836 ================ Scan MBR ==================================
19:56:33.0757 4836 [ 7827CE22D5B6A2E3FA5111270DD20242 ] \Device\Harddisk0\DR0
19:56:37.0298 4836 \Device\Harddisk0\DR0 - ok
19:56:37.0298 4836 ================ Scan VBR ==================================
19:56:37.0298 4836 [ B0D5A8FBF3D19023AA16814C187EBAFB ] \Device\Harddisk0\DR0\Partition1
19:56:37.0298 4836 \Device\Harddisk0\DR0\Partition1 - ok
19:56:37.0329 4836 [ 94A25F0864972491B870D83B6C2142C2 ] \Device\Harddisk0\DR0\Partition2
19:56:37.0329 4836 \Device\Harddisk0\DR0\Partition2 - ok
19:56:37.0360 4836 [ E07850F3D6AF56E0D1116A7339A3B2DB ] \Device\Harddisk0\DR0\Partition3
19:56:37.0360 4836 \Device\Harddisk0\DR0\Partition3 - ok
19:56:37.0360 4836 ============================================================
19:56:37.0360 4836 Scan finished
19:56:37.0360 4836 ============================================================
19:56:37.0376 2096 Detected object count: 2
19:56:37.0376 2096 Actual detected object count: 2
19:56:56.0314 2096 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:56.0314 2096 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:56:56.0314 2096 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:56.0314 2096 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:03.0132 3928 Deinitialize success
|
|
23.01.2013, 12:42
| #6 | |
| /// Malware-holic | GVU Trojaner, Kaspersky Unlock funktionierte nicht. hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> GVU Trojaner, Kaspersky Unlock funktionierte nicht. |
|
23.01.2013, 22:41
| #7 |
| | GVU Trojaner, Kaspersky Unlock funktionierte nicht. Ok, denn gehts hier weiter, mit dem Lofgile. Logfile-Combofix [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 13-01-23.01 - ralf 23.01.2013 22:24:03.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3253.2212 [GMT 1:00]
ausgeführt von:: c:\users\ralf\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-23 bis 2013-01-23 ))))))))))))))))))))))))))))))
.
.
2013-01-22 16:50 . 2013-01-22 16:50 -------- d-----w- C:\found.000
2013-01-22 16:41 . 2013-01-22 16:54 -------- d-----w- C:\_OTL
2013-01-22 15:33 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8559D954-7D29-4F7D-82E7-0DE4AD9B7921}\mpengine.dll
2013-01-21 01:10 . 2013-01-21 02:52 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-01-09 18:52 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 18:52 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 18:52 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 18:48 . 2012-11-30 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 18:47 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-23 21:32 . 2013-01-23 21:32 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8559D954-7D29-4F7D-82E7-0DE4AD9B7921}\offreg.dll
2013-01-10 17:01 . 2012-06-04 12:49 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-10 17:01 . 2011-08-07 15:45 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 14:13 . 2012-12-21 12:07 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-12 11:52 . 2012-12-12 18:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 18:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 18:52 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-27 06:26 . 2012-12-12 18:51 981504 ----a-w- c:\windows\system32\wininet.dll
2013-01-19 15:42 . 2013-01-19 15:42 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-02 9222760]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-02 1481320]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-06-21 436264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-10 1594664]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-18 1557160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2010-05-12 268800]
.
c:\users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
klickTel OEM Herbst 2010 - Schnellstarter.lnk - c:\program files\klickTel\klickTel OEM Herbst 2010\KSTART32.EXE [2010-11-20 469504]
Meine Dienste.lnk - c:\program files\Telekom\Meine Dienste\StartMeineDienste.exe [2012-4-29 269944]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 zoneLINKDefrag;SystemUp DEFRAG Client Service;c:\program files\zoneLINK\SystemUp 2009\Tuning\DefragService.exe [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 17:01]
.
2013-01-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872332486-475291910-2526044967-1004Core.job
- c:\users\Jessi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 09:59]
.
2013-01-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1872332486-475291910-2526044967-1004UA.job
- c:\users\Jessi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 09:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://medion.msn.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\ralf\AppData\Roaming\Mozilla\Firefox\Profiles\t7is0ig6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=b9a4643d-c2ae-40de-be56-a2eedeff24f6&apn_ptnrs=%5EABT&apn_sauid=B315BD7B-8B3C-41FE-B048-7CB5972468D5&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
SafeBoot-BsScanner
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-23 22:33:49
ComboFix-quarantined-files.txt 2013-01-23 21:33
.
Vor Suchlauf: 8 Verzeichnis(se), 556.731.936.768 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 556.635.648.000 Bytes frei
.
- - End Of File - - D4094F54694B5AA036346BEB1088BA82
|
|
24.01.2013, 12:25
| #8 |
| /// Malware-holic | GVU Trojaner, Kaspersky Unlock funktionierte nicht. hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.01.2013, 17:58
| #9 |
| | GVU Trojaner, Kaspersky Unlock funktionierte nicht. Hi, Ergebnisse anzeigen war nicht da, hat auch nichts gefunden. Daher konnte ich auch keine Funde entfernen. Logdatei Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.24.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 ralf :: RALF-PC [Administrator] 24.01.2013 16:35:44 mbam-log-2013-01-24 (16-35-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 382400 Laufzeit: 1 Stunde(n), 17 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
24.01.2013, 21:26
| #10 |
| /// Malware-holic | GVU Trojaner, Kaspersky Unlock funktionierte nicht. ist doch das log :-) lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.01.2013, 21:51
| #11 |
| | GVU Trojaner, Kaspersky Unlock funktionierte nicht. Ok, denn mal weiter  Code:
ATTFilter Adobe AIR Adobe Systems Inc. 06.07.2010 1.5.0.7220 (unbekannt) Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 (unbekannt) Adobe Flash Player 11 Plugin Adobe Systems Incorporated 10.01.2013 6,00MB 11.5.502.146 (notwendig) Adobe Reader 9.4.2 - Deutsch Adobe Systems Incorporated 23.02.2011 245MB 9.4.2 (notwendig) Ashampoo Burning Studio ashampoo GmbH & Co. KG 09.08.2010 129MB 9.23.0 (unnötig) Ashampoo Photo Commander ashampoo GmbH & Co. KG 09.08.2010 113MB 8.1.0 (unnötig) Ashampoo Snap ashampoo GmbH & Co. KG 09.08.2010 27,3MB 3.4.0 (unbekannt) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 09.08.2010 1.0.0.27 (unbekannt) Audacity 2.0 Audacity Team 29.07.2012 42,8MB (unbekannt) Avira Free Antivirus Avira 14.11.2012 124MB 12.1.9.1236 (notwendig) Avira SearchFree Toolbar plus Web Protection Ask.com 16.05.2012 3,78MB 1.15.1.0 (unbekannt) Avira SearchFree Toolbar plus Web Protection Updater Ask.com 16.05.2012 1.2.1.22229 (unbekannt) Bing Bar Microsoft Corporation 14.10.2012 464KB 7.1.391.0 (unbekannt) CCleaner Piriform 23.01.2013 3.27 (notwendig) Cisco EAP-FAST Module Cisco Systems, Inc. 09.08.2010 1,15MB 2.2.14 (unbekannt) Cisco LEAP Module Cisco Systems, Inc. 09.08.2010 492KB 1.0.19 (unbekannt) Cisco PEAP Module Cisco Systems, Inc. 09.08.2010 924KB 1.1.6 (unbekannt) CorelDRAW Essentials 4 Corel Corporation 14.11.2010 (unbekannt) CorelDRAW Essentials 4 - Windows Shell Extension Corel Corporation 14.11.2010 2,93MB (unbekannt) CyberLink LabelPrint CyberLink Corp. 09.08.2010 143MB 2.5.2602 (unbekannt) CyberLink MediaShow Espresso CyberLink Corp. 09.08.2010 82,0MB 5.5.1412_24021 (unbekannt) CyberLink Power2Go CyberLink Corp. 09.08.2010 104MB 6.1.3602c (unbekannt) CyberLink PowerDirector CyberLink Corp. 09.08.2010 284MB 8.0.2718 (unbekannt) CyberLink PowerDVD 9 CyberLink Corp. 09.08.2010 179MB 9.0.2925.52 (unbekannt) CyberLink PowerDVD Copy CyberLink Corp. 09.08.2010 30,7MB 1.5.1306 (unbekannt) CyberLink PowerProducer CyberLink Corp. 09.08.2010 173MB 5.0.2.2326 (unbekannt) CyberLink YouCam CyberLink Corp. 09.08.2010 132MB 3.0.2626 (unbekannt) DHTML Editing Component Microsoft Corporation 14.11.2010 554KB 6.02.0001 (unbekannt) Haali Media Splitter 29.10.2010 (unbekannt) Intel(R) Graphics Media Accelerator Driver Intel Corporation 20.11.2010 8.15.10.2182 (unbekannt) Intel(R) Management Engine Components Intel Corporation 09.08.2010 6.0.0.1179 (unbekannt) Intel(R) Rapid Storage Technology Intel Corporation 09.08.2010 9.6.0.1014 (unbekannt) Java(TM) 6 Update 21 Oracle 09.07.2010 97,0MB 6.0.210 (unnötig) klickTel OEM Herbst 2010 telegate MEDIA AG 20.11.2010 1.00.0000 (unbekannt) LAME v3.99.3 (for Windows) 29.07.2012 1,52MB (unbekannt) Launch Manager Wistron Corp. 09.08.2010 1.5.1.2 (unbekannt) Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 24.01.2013 18,4MB 1.70.0.1100 (notwendig) McAfee Security Scan Plus McAfee, Inc. 06.06.2012 10,2MB 3.0.207.4 (unbekannt) Medion Home Cinema CyberLink Corp. 09.08.2010 36,4MB 8.0.1505 (unbekannt) Meine Dienste Software Telekom 29.04.2012 31,8MB 2.0.5.0 (notwendig) Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.07.2010 38,8MB 4.0.30319 (unbekannt) Microsoft Office 2010 Microsoft Corporation 06.07.2010 6,31MB 14.0.4763.1000 (unnötig) Microsoft Office Klick-und-Los 2010 Microsoft Corporation 20.11.2010 14.0.4763.1000 (unnötig) Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 09.01.2013 266MB 12.0.6612.1000 (unnötig) Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 20.11.2010 14.0.4763.1000 (unnötig) Microsoft Silverlight Microsoft Corporation 13.05.2012 199MB 4.1.10329.0 (unnötig) Microsoft SQL Server 2005 Compact Edition [DEU] Microsoft Corporation 14.11.2010 333KB 3.1.0000 (unnötig) Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 14.11.2010 1,72MB 3.1.0000 (unnötig) Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 14.11.2010 625KB 1.0.1215.0 (unbekannt) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 14.11.2010 1,44MB 1.0.1215.0 (unbekannt) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 06.07.2010 252KB 8.0.50727.4053 (unbekannt) Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 05.10.2012 2,38MB 8.0.61001 (unbekannt) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 08.08.2010 200KB 9.0.30729.4148 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.08.2010 596KB 9.0.30729 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.11.2010 590KB 9.0.30729.4148 (unbekannt) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 18.06.2011 600KB 9.0.30729.6161 (unbekannt) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.05.2012 16,5MB 10.0.40219 (unbekannt) Microsoft Visual J# 2.0 Redistributable Package - SE Microsoft Corporation 14.11.2010 (unbekannt) Microsoft WSE 3.0 Runtime Microsoft Corp. 14.11.2010 942KB 3.0.5305.0 (unbekannt) Mozilla Firefox 18.0.1 (x86 de) Mozilla 20.01.2013 48,2MB 18.0.1 (notwendig) Mozilla Maintenance Service Mozilla 20.01.2013 330KB 18.0.1 (unbekannt) Mozilla Thunderbird (3.1.6) Mozilla 14.11.2010 3.1.6 (de) (notwendig) MSXML 4.0 SP2 (KB973688) Microsoft Corporation 06.07.2010 1,34MB 4.20.9876.0 (unbekannt) NVIDIA Display Control Panel NVIDIA Corporation 09.08.2010 6.14.12.5912 (unbekannt) NVIDIA Drivers NVIDIA Corporation 09.08.2010 63,0MB 1.10.62.40 (unbekannt) OpenOffice.org 3.2 OpenOffice.org 14.11.2010 363MB 3.2.9502 (nowendig) Paint.NET v3.5.6 dotPDN LLC 20.11.2010 10,3MB 3.56.0 (unbekannt) Picasa 3 Google, Inc. 21.06.2012 3.8 (unnötig) PlayReady PC Runtime x86 Microsoft Corporation 08.08.2010 1,65MB 1.3.0 (unbekannt) Realtek High Definition Audio Driver Realtek Semiconductor Corp. 09.08.2010 6.0.1.6128 (unbekannt) Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 09.08.2010 6.1.7600.30121 (unbekannt) REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 09.08.2010 1.00.0148 (unbekannt) Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 09.08.2010 993KB 2.0.4.0 (unbekannt) Skype Click to Call Skype Technologies S.A. 04.06.2012 13,7MB 5.10.9560 (unbekannt) Skype™ 5.10 Skype Technologies S.A. 19.09.2012 19,3MB 5.10.116 (notwendig) Synaptics Pointing Device Driver Synaptics Incorporated 09.08.2010 14.0.19.0 (unbekannt) T-Online 6.0 14.11.2010 (notwendig) T-Online WLAN-Access Finder 14.11.2010 (notwendig) TeamViewer 5 TeamViewer GmbH 14.11.2010 5.1.9385 (unnötigt) TeamViewer 7 TeamViewer 14.01.2012 7.0.12313 (unnötig) Telekom Fotoservice 14.11.2010 (unnötig) Unity Web Player Unity Technologies ApS 11.07.2012 12,0MB Windows Live Anmelde-Assistent Microsoft Corporation 14.11.2010 1,93MB 5.000.818.5 (unbekannt) Windows Live Essentials Microsoft Corporation 14.11.2010 14.0.8117.0416 (unbekannt) Windows Live Sync Microsoft Corporation 14.11.2010 2,79MB 14.0.8117.416 (unbekannt) Windows Live-Uploadtool Microsoft Corporation 14.11.2010 224KB 14.0.8014.1029 (unbekannt) Windows Media Encoder 9 Series 09.08.2010 (unbekannt) X10 Hardware(TM) 29.10.2010 (unbekannt) zoneLINK SystemUp 2009 Tuning zoneLINK 20.11.2010 1.5 (unbekannt) |
|
25.01.2013, 12:28
| #12 |
| /// Malware-holic | GVU Trojaner, Kaspersky Unlock funktionierte nicht. deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: klickTel McAfee Medion Microsoft Office : alle Microsoft Silverlight Mozilla Thunderbird : öffnen, hilfe, update, version 18 instalieren. deinstaliere: Paint.NET Picasa TeamViewer : beide Telekom Fotoservice Unity Windows Live : alle für dich unnötigen zoneLINK SystemUp Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.01.2013, 18:19
| #13 |
| | GVU Trojaner, Kaspersky Unlock funktionierte nicht. Ok, alles geschaftt, Hier die Text-Datei Code:
ATTFilter # AdwCleaner v2.108 - Datei am 25/01/2013 um 18:18:15 erstellt
# Aktualisiert am 24/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : ralf - RALF-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ralf\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\Jessi\AppData\Local\AskToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\ralf\AppData\Roaming\Mozilla\Firefox\Profiles\t7is0ig6.default\prefs.js
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Datei : C:\Users\Jessi\AppData\Roaming\Mozilla\Firefox\Profiles\kp6unrmj.default\prefs.js
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale[...]
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]
*************************
AdwCleaner[R1].txt - [1898 octets] - [25/01/2013 18:18:15]
########## EOF - C:\AdwCleaner[R1].txt - [1958 octets] ##########
|
|
28.01.2013, 17:52
| #14 |
| /// Malware-holic | GVU Trojaner, Kaspersky Unlock funktionierte nicht. hi lösche bitte deine kopie vom ADW cleaner. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU Trojaner, Kaspersky Unlock funktionierte nicht. |
| antivir, audacity, autorun, avira, avira searchfree toolbar, bho, bingbar, dr.web, error, failed, fehler, firefox, flash player, google, helper, home, install.exe, kaspersky, launch, live cd, logfile, microsoft office starter 2010, mozilla, nvpciflt.sys, plug-in, realtek, registry, richtlinie, scan, security, software, svchost.exe, trojaner, unlock, usb, windows, word starter |
Linear-Darstellung
