| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: Weißer Sperrbildschirm - GVU Trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.08.2013, 17:20
| #1 |
 |  Windows 7: Weißer Sperrbildschirm - GVU Trojaner? Hallo liebe Helfer, während der PC-Benutzung erschien ein Sperrbildschirm (100 Euro zahlen, um freizuschalten...), der nach erneutem Hochfahren jedoch verschwunden ist. Jetzt ist nur noch ein weißer Bildschirm da. Wenn ich versuche im abgesicherten Modus zu starten fährt er sich von selbst wieder runter und startet normal, woraufhin erneut der weiße Bildschirm erscheint. Ich hoffe das ist jetzt das richtige Unterforum ich bin nämlich nicht sonderlich erfahren...  Vielen Dank schon jetzt! |
|
12.08.2013, 17:21
| #2 |
| /// Malware-holic   | Windows 7: Weißer Sperrbildschirm - GVU Trojaner? Hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
|
12.08.2013, 17:44
| #3 |
| | Windows 7: Weißer Sperrbildschirm - GVU Trojaner? Ich habe FRST heruntergeladen, auf den USB-Stick gespeichert und angeschlossen, doch es kommt sofort wieder der weiße Bildschirm. Wie komme ich auf die System Reperatur Option?
__________________ |
|
12.08.2013, 17:46
| #4 |
| /// Malware-holic | Windows 7: Weißer Sperrbildschirm - GVU Trojaner? So, wie es in der Anleitung steht, bitte mal allen Links folgen und lesen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.08.2013, 18:59
| #5 |
| | Windows 7: Weißer Sperrbildschirm - GVU Trojaner? Tut mir Leid dass ich schon wieder fragen muss aber ich komme bis zur Eingabeaufforderung und habe mit Hilfe des notepads den Laufwerksbuchstaben herausgefunden. Allerdings funktioniert nichts, was ich eingebe, es kommt immer die Fehlermeldung "falsch geschrieben oder es konnte nichts gefunden werden". Ich habe auch FRST erneut runtergeladen und auf den Stick gezogen - wieder nichts. |
|
12.08.2013, 19:03
| #6 |
| /// Malware-holic | Windows 7: Weißer Sperrbildschirm - GVU Trojaner? hi, liegt die exe direkt auf dem stick und hast du den Dateinamen genauso eingegeben. denn es gibt ja eine 32 bit version und eine 64 bit version. wenn dort, datei nicht gefunden steht, liegt es warscheinlich daran das du es falsch geschrieben hast, bzw nicht das richtige Laufwerk angegeben ist
__________________ --> Windows 7: Weißer Sperrbildschirm - GVU Trojaner? |
|
13.08.2013, 18:49
| #7 |
| | Windows 7: Weißer Sperrbildschirm - GVU Trojaner?FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-08-2013 01
Ran by SYSTEM on 13-08-2013 19:40:30
Running from G:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [MGSysCtrl] - C:\Program Files\System Control Manager\MGSysCtrl.exe [2482176 2010-07-19] (Micro-Star International Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9267816 2010-06-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-08] (Realtek Semiconductor)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] - "D:\A Lea\ZuneLauncher.exe" [x]
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-22] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-22] ()
HKU\Lea\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Lea\AppData\Local\Temp\oorjrhmnilyjkekbi.exe [ 2013-08-12] (Valve Corporation) <===== ATTENTION
HKU\Lea\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Lea\...\Command Processor: "C:\Users\Lea\AppData\Local\Temp\oorjrhmnilyjkekbi.exe" <===== ATTENTION!
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart
========================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.)
S3 WMZuneComm; "D:\A Lea\WMZuneComm.exe" [x]
S3 ZuneNetworkSvc; "D:\A Lea\ZuneNss.exe" [x]
S3 ZuneWlanCfgSvc; "D:\A Lea\ZuneWlanCfgSvc.exe" [x]
==================== Drivers (Whitelisted) ====================
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-08-16] (ATI Technologies, Inc.)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [168480 2009-12-02] (Realtek Semiconductor Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-12 15:52 - 2013-08-12 15:52 - 00394609 _____ C:\Users\Lea\AppData\Local\2433f433
2013-08-12 15:52 - 2013-08-12 15:52 - 00394588 _____ C:\Users\Lea\AppData\Roaming\2433f433
2013-08-12 15:52 - 2013-08-12 15:52 - 00394569 _____ C:\ProgramData\2433f433
2013-07-31 21:11 - 2013-08-01 20:17 - 39395328 _____ C:\Users\Lea\Desktop\Carly Rae Japson.sai
2013-07-31 15:02 - 2013-07-31 21:00 - 32681984 _____ C:\Users\Lea\Desktop\SDFSFD.sai
2013-07-31 06:56 - 2013-07-31 06:59 - 00000000 ____D C:\Users\Lea\AppData\Roaming\Qoop
2013-07-31 06:56 - 2013-07-31 06:57 - 00000000 ____D C:\Users\Lea\AppData\Roaming\Suroot
2013-07-31 06:56 - 2013-07-31 06:56 - 00000000 ____D C:\Users\Lea\AppData\Roaming\Yxur
==================== One Month Modified Files and Folders =======
2013-08-12 17:48 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-12 17:48 - 2009-07-14 05:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-12 17:40 - 2009-07-14 05:39 - 00169681 _____ C:\Windows\setupact.log
2013-08-12 16:16 - 2010-12-25 12:45 - 01280608 _____ C:\Windows\WindowsUpdate.log
2013-08-12 15:52 - 2013-08-12 15:52 - 00394609 _____ C:\Users\Lea\AppData\Local\2433f433
2013-08-12 15:52 - 2013-08-12 15:52 - 00394588 _____ C:\Users\Lea\AppData\Roaming\2433f433
2013-08-12 15:52 - 2013-08-12 15:52 - 00394569 _____ C:\ProgramData\2433f433
2013-08-12 15:06 - 2011-01-05 22:06 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-08-01 20:17 - 2013-07-31 21:11 - 39395328 _____ C:\Users\Lea\Desktop\Carly Rae Japson.sai
2013-07-31 21:00 - 2013-07-31 15:02 - 32681984 _____ C:\Users\Lea\Desktop\SDFSFD.sai
2013-07-31 14:11 - 2012-12-22 09:13 - 00000000 ____D C:\Users\Lea\Desktop\musik!!!!!!!! Zune
2013-07-31 13:54 - 2012-04-06 21:03 - 00000000 ____D C:\Users\Lea\Desktop\ZZZ Ordner, Bilder und Dokumente
2013-07-31 06:59 - 2013-07-31 06:56 - 00000000 ____D C:\Users\Lea\AppData\Roaming\Qoop
2013-07-31 06:59 - 2012-01-29 10:48 - 00000000 ____D C:\ProgramData\AVG2012
2013-07-31 06:57 - 2013-07-31 06:56 - 00000000 ____D C:\Users\Lea\AppData\Roaming\Suroot
2013-07-31 06:57 - 2010-12-26 18:14 - 00000000 ____D C:\Users\Lea\AppData\Roaming\SoftGrid Client
2013-07-31 06:56 - 2013-07-31 06:56 - 00000000 ____D C:\Users\Lea\AppData\Roaming\Yxur
2013-07-30 19:20 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-07-27 17:09 - 2010-12-25 12:58 - 00000000 ____D C:\Program Files\Google
2013-07-26 09:50 - 2011-10-02 17:06 - 00000000 ____D C:\Users\Lea\AppData\Local\Windows Live
2013-07-16 11:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
Files to move or delete:
====================
C:\Users\Lea\AppData\Local\Temp\oorjrhmnilyjkekbi.exe
C:\Users\Lea\FiestaOnline_Joker_DE.exe
C:\Users\Lea\SoftonicDownloader_fuer_gimp.exe
C:\Users\Lea\wrar420d.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-06-04 18:54:37
Restore point made on: 2013-06-12 20:42:00
Restore point made on: 2013-07-02 19:03:22
Restore point made on: 2013-07-04 09:14:42
Restore point made on: 2013-07-04 11:44:12
Restore point made on: 2013-07-05 12:38:21
Restore point made on: 2013-07-11 19:41:22
Restore point made on: 2013-07-30 19:20:17
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 3839.24 MB
Available physical RAM: 3333.15 MB
Total Pagefile: 3837.52 MB
Available Pagefile: 3335.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.67 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:331.25 GB) NTFS
Drive e: (Recover) (Fixed) (Total:40 GB) (Free:30.77 GB) NTFS
Drive g: () (Removable) (Total:14.94 GB) (Free:14.94 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B8FA3ECD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)
LastRegBack: 2013-08-04 10:09
==================== End Of Log ============================
|
|
13.08.2013, 19:55
| #8 |
| /// Malware-holic | Windows 7: Weißer Sperrbildschirm - GVU Trojaner? Hi, 1. Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Lea\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Lea\AppData\Local\Temp\oorjrhmnilyjkekbi.exe [ 2013-08-12] (Valve Corporation) <===== ATTENTION
HKU\Lea\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Lea\...\Command Processor: "C:\Users\Lea\AppData\Local\Temp\oorjrhmnilyjkekbi.exe" <===== ATTENTION!
C:\Users\Lea\AppData\Local\Temp\oorjrhmnilyjkekbi.exe
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Wenn du wieder normal starten kannst: 2. Navigiere bitte zu: C:\FRST\Quarantine Rechtsklick, mit Winrar oder einem anderen Archvierer packen und im Uploadchannel hochladen. Trojaner-Board Upload Channel
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.08.2013, 20:28
| #9 |
| | Windows 7: Weißer Sperrbildschirm - GVU Trojaner?Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-08-2013 01
Ran by SYSTEM at 2013-08-13 21:12:17 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
HKU\Lea\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Lea\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Lea\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\Users\Lea\AppData\Local\Temp\oorjrhmnilyjkekbi.exe => Moved successfully.
==== End of Fixlog ====
 Das war ja gar nicht so schwer  Ihr macht das echt super! |
|
13.08.2013, 20:32
| #10 |
| /// Malware-holic | Windows 7: Weißer Sperrbildschirm - GVU Trojaner? Hi, nein wars nicht :-) Danke fürs hochladen. Es sind 2 Logs zu erstellen, poste diese gleichzeitig wenn möglich. 1. Scan mit Combofix
Neustarten. 2. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.08.2013, 19:16
| #11 |
| | Windows 7: Weißer Sperrbildschirm - GVU Trojaner?Code:
ATTFilter ComboFix 13-08-13.02 - Lea 13.08.2013 21:48:52.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.1933 [GMT 2:00]
ausgeführt von:: c:\frst\Quarantine\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2433f433
c:\users\Lea\AppData\Roaming\.#
c:\users\Lea\AppData\Roaming\2433f433
c:\users\Lea\AppData\Roaming\AcroIEHelpe.txt
c:\users\Lea\AppData\Roaming\srvblck5.tmp
c:\users\Lea\FiestaOnline_Joker_DE.exe
c:\users\Lea\wrar420d.exe
c:\windows\system32\SETA218.tmp
c:\windows\system32\SETA276.tmp
c:\windows\system32\SETA2A6.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-13 bis 2013-08-13 ))))))))))))))))))))))))))))))
.
.
2013-08-13 20:01 . 2013-08-13 20:18 -------- d-----w- c:\users\Lea\AppData\Local\temp
2013-08-13 20:01 . 2013-08-13 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-13 18:40 . 2013-08-13 18:40 -------- d-----w- C:\FRST
2013-07-31 05:56 . 2013-07-31 05:59 -------- d-----w- c:\users\Lea\AppData\Roaming\Qoop
2013-07-31 05:56 . 2013-07-31 05:57 -------- d-----w- c:\users\Lea\AppData\Roaming\Suroot
2013-07-31 05:56 . 2013-07-31 05:56 -------- d-----w- c:\users\Lea\AppData\Roaming\Yxur
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-04 08:20 . 2013-07-04 08:20 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-04 08:20 . 2013-07-04 08:20 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-07-04 08:20 . 2013-07-04 08:20 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-07-04 08:20 . 2013-07-04 08:20 158720 ----a-w- c:\windows\system32\msls31.dll
2013-07-04 08:20 . 2013-07-04 08:20 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-07-04 08:20 . 2013-07-04 08:20 138752 ----a-w- c:\windows\system32\wextract.exe
2013-07-04 08:20 . 2013-07-04 08:20 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-04 08:20 . 2013-07-04 08:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-04 08:20 . 2013-07-04 08:20 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-07-04 08:20 . 2013-07-04 08:20 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-04 08:20 . 2013-07-04 08:20 12800 ----a-w- c:\windows\system32\mshta.exe
2013-07-04 08:20 . 2013-07-04 08:20 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-04 08:20 . 2013-07-04 08:20 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-04 08:20 . 2013-07-04 08:20 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-07-04 08:20 . 2013-07-04 08:20 361984 ----a-w- c:\windows\system32\html.iec
2013-07-04 08:20 . 2013-07-04 08:20 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-04 08:20 . 2013-07-04 08:20 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-04 08:19 . 2013-07-04 08:19 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-04 08:19 . 2013-07-04 08:19 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-04 08:19 . 2013-07-04 08:19 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-04 08:19 . 2013-07-04 08:19 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-07-04 08:19 . 2013-07-04 08:19 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-04 08:19 . 2013-07-04 08:19 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-04 08:19 . 2013-07-04 08:19 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-07-04 08:19 . 2013-07-04 08:19 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-04 08:19 . 2013-07-04 08:19 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-04 08:19 . 2013-07-04 08:19 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-04 08:19 . 2013-07-04 08:19 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-04 08:19 . 2013-07-04 08:19 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-07-04 08:19 . 2013-07-04 08:19 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-07-04 08:19 . 2013-07-04 08:19 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-04 08:19 . 2013-07-04 08:19 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-11 23:43 . 2013-07-11 19:33 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:43 . 2013-07-11 19:33 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:42 . 2013-07-11 19:33 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:42 . 2013-07-11 19:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 22:51 . 2013-07-11 19:33 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 02:37 . 2013-07-11 19:33 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-05 03:05 . 2013-07-11 15:20 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-11 15:20 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-07-19 2482176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-08 1481320]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Zune Launcher"="d:\a lea\ZuneLauncher.exe" [2011-08-05 159456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-14 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Facebook Update"="c:\users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\users\Lea\A Leas Ordner\IPod\iTunesHelper.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-05 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-05 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-05-26 136304]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-11-08 250080]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-04-11 302368]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-30 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2012-12-10 142176]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 30464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570605162-662666738-3914347939-1000Core.job
- c:\users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-24 09:36]
.
2013-08-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570605162-662666738-3914347939-1000UA.job
- c:\users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-24 09:36]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-05 11:33]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-05 11:33]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uInternet Settings,ProxyOverride = *.local
IE: c:\users\Lea\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloadernew.htm
IE: Free YouTube to MP3 Converter - c:\users\Lea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
AddRemove-PaintToolSAI - c:\users\Lea\AppData\Local\Temp\PaintToolSAI\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-13 22:25:26
ComboFix-quarantined-files.txt 2013-08-13 20:25
.
Vor Suchlauf: 13 Verzeichnis(se), 356.818.870.272 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 361.667.481.600 Bytes frei
.
- - End Of File - - CEF325C176DD86E37F55F8A9C262CBF0
8A1C59E4DFEF87510470928550466632
Code:
ATTFilter 20:04:31.0618 4492 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:04:31.0945 4492 ============================================================
20:04:31.0945 4492 Current date / time: 2013/08/14 20:04:31.0945
20:04:31.0945 4492 SystemInfo:
20:04:31.0945 4492
20:04:31.0945 4492 OS Version: 6.1.7601 ServicePack: 1.0
20:04:31.0945 4492 Product type: Workstation
20:04:31.0945 4492 ComputerName: LEA-PC
20:04:31.0945 4492 UserName: Lea
20:04:31.0945 4492 Windows directory: C:\Windows
20:04:31.0945 4492 System windows directory: C:\Windows
20:04:31.0945 4492 Processor architecture: Intel x86
20:04:31.0945 4492 Number of processors: 2
20:04:31.0945 4492 Page size: 0x1000
20:04:31.0945 4492 Boot type: Normal boot
20:04:31.0945 4492 ============================================================
20:04:35.0221 4492 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:04:35.0221 4492 ============================================================
20:04:35.0221 4492 \Device\Harddisk0\DR0:
20:04:35.0237 4492 MBR partitions:
20:04:35.0237 4492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:04:35.0237 4492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
20:04:35.0237 4492 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
20:04:35.0237 4492 ============================================================
20:04:35.0252 4492 C: <-> \Device\Harddisk0\DR0\Partition2
20:04:35.0284 4492 D: <-> \Device\Harddisk0\DR0\Partition3
20:04:35.0284 4492 ============================================================
20:04:35.0284 4492 Initialize success
20:04:35.0284 4492 ============================================================
20:04:56.0016 3800 ============================================================
20:04:56.0016 3800 Scan started
20:04:56.0016 3800 Mode: Manual; SigCheck; TDLFS;
20:04:56.0016 3800 ============================================================
20:04:58.0699 3800 ================ Scan system memory ========================
20:04:58.0699 3800 System memory - ok
20:04:58.0699 3800 ================ Scan services =============================
20:04:58.0902 3800 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:04:59.0058 3800 1394ohci - ok
20:04:59.0105 3800 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:04:59.0120 3800 ACPI - ok
20:04:59.0167 3800 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:04:59.0261 3800 AcpiPmi - ok
20:04:59.0292 3800 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:04:59.0339 3800 adp94xx - ok
20:04:59.0386 3800 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:04:59.0417 3800 adpahci - ok
20:04:59.0432 3800 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:04:59.0448 3800 adpu320 - ok
20:04:59.0479 3800 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:04:59.0557 3800 AeLookupSvc - ok
20:04:59.0604 3800 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:04:59.0682 3800 AFD - ok
20:04:59.0729 3800 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:04:59.0760 3800 agp440 - ok
20:04:59.0807 3800 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:04:59.0838 3800 aic78xx - ok
20:04:59.0885 3800 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:04:59.0947 3800 ALG - ok
20:05:00.0010 3800 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:05:00.0041 3800 aliide - ok
20:05:00.0072 3800 [ 57470ED01EF69E113C10F5520D3F60A4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:05:00.0166 3800 AMD External Events Utility - ok
20:05:00.0212 3800 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:05:00.0244 3800 amdagp - ok
20:05:00.0290 3800 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:05:00.0306 3800 amdide - ok
20:05:00.0353 3800 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:05:00.0415 3800 AmdK8 - ok
20:05:00.0587 3800 [ 10F568F7B5B0D3748259187168F56386 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:05:00.0805 3800 amdkmdag - ok
20:05:00.0836 3800 [ 0C3B556EE8DE7983A3C1BE6334926329 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:05:00.0899 3800 amdkmdap - ok
20:05:00.0946 3800 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:05:00.0992 3800 AmdPPM - ok
20:05:01.0024 3800 [ AF8E6573058C7B88651E76B4426F9E05 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
20:05:01.0070 3800 amdsata - ok
20:05:01.0102 3800 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:05:01.0117 3800 amdsbs - ok
20:05:01.0133 3800 [ 1FB960FB68C75AAE203C50D6B8004C16 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
20:05:01.0148 3800 amdxata - ok
20:05:01.0211 3800 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:05:01.0336 3800 AppID - ok
20:05:01.0367 3800 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:05:01.0460 3800 AppIDSvc - ok
20:05:01.0492 3800 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
20:05:01.0554 3800 Appinfo - ok
20:05:01.0648 3800 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:05:01.0663 3800 Apple Mobile Device - ok
20:05:01.0726 3800 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:05:01.0757 3800 arc - ok
20:05:01.0757 3800 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:05:01.0788 3800 arcsas - ok
20:05:01.0819 3800 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:05:01.0944 3800 AsyncMac - ok
20:05:01.0975 3800 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:05:02.0006 3800 atapi - ok
20:05:02.0069 3800 [ 35207458C90F55C61247DE139A6A243A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
20:05:02.0100 3800 AtiHDAudioService - ok
20:05:02.0131 3800 [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
20:05:02.0162 3800 AtiPcie - ok
20:05:02.0209 3800 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:05:02.0287 3800 AudioEndpointBuilder - ok
20:05:02.0318 3800 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:05:02.0396 3800 Audiosrv - ok
20:05:02.0630 3800 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
20:05:02.0818 3800 AVGIDSAgent - ok
20:05:02.0880 3800 [ EF67527CC2AD77D22AB1405C6470407E ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
20:05:02.0896 3800 AVGIDSDriver - ok
20:05:02.0942 3800 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
20:05:02.0958 3800 AVGIDSFilter - ok
20:05:03.0036 3800 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
20:05:03.0067 3800 AVGIDSHX - ok
20:05:03.0083 3800 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
20:05:03.0098 3800 AVGIDSShim - ok
20:05:03.0145 3800 [ 6671345A6E2669AF1966BAF68EC5620F ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
20:05:03.0176 3800 Avgldx86 - ok
20:05:03.0223 3800 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
20:05:03.0239 3800 Avgmfx86 - ok
20:05:03.0286 3800 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
20:05:03.0317 3800 Avgrkx86 - ok
20:05:03.0364 3800 [ 1647C720358DCC98ACF51E597C461C4D ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
20:05:03.0395 3800 Avgtdix - ok
20:05:03.0426 3800 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
20:05:03.0457 3800 avgwd - ok
20:05:03.0504 3800 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:05:03.0598 3800 AxInstSV - ok
20:05:03.0629 3800 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:05:03.0707 3800 b06bdrv - ok
20:05:03.0738 3800 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:05:03.0785 3800 b57nd60x - ok
20:05:03.0816 3800 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:05:03.0878 3800 BDESVC - ok
20:05:03.0910 3800 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:05:03.0972 3800 Beep - ok
20:05:04.0034 3800 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:05:04.0128 3800 BFE - ok
20:05:04.0190 3800 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
20:05:04.0284 3800 BITS - ok
20:05:04.0331 3800 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:05:04.0362 3800 blbdrive - ok
20:05:04.0456 3800 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:05:04.0487 3800 Bonjour Service - ok
20:05:04.0518 3800 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:05:04.0580 3800 bowser - ok
20:05:04.0596 3800 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:05:04.0674 3800 BrFiltLo - ok
20:05:04.0705 3800 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:05:04.0752 3800 BrFiltUp - ok
20:05:04.0799 3800 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:05:04.0892 3800 BridgeMP - ok
20:05:04.0924 3800 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:05:04.0986 3800 Browser - ok
20:05:05.0017 3800 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:05:05.0080 3800 Brserid - ok
20:05:05.0095 3800 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:05:05.0158 3800 BrSerWdm - ok
20:05:05.0189 3800 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:05:05.0236 3800 BrUsbMdm - ok
20:05:05.0267 3800 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:05:05.0314 3800 BrUsbSer - ok
20:05:05.0345 3800 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:05:05.0392 3800 BTHMODEM - ok
20:05:05.0438 3800 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:05:05.0516 3800 bthserv - ok
20:05:05.0641 3800 catchme - ok
20:05:05.0657 3800 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:05:05.0735 3800 cdfs - ok
20:05:05.0782 3800 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:05:05.0828 3800 cdrom - ok
20:05:05.0891 3800 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:05:05.0953 3800 CertPropSvc - ok
20:05:05.0984 3800 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:05:06.0016 3800 circlass - ok
20:05:06.0031 3800 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:05:06.0062 3800 CLFS - ok
20:05:06.0140 3800 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:05:06.0156 3800 clr_optimization_v2.0.50727_32 - ok
20:05:06.0234 3800 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:05:06.0250 3800 clr_optimization_v4.0.30319_32 - ok
20:05:06.0265 3800 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:05:06.0281 3800 CmBatt - ok
20:05:06.0312 3800 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:05:06.0328 3800 cmdide - ok
20:05:06.0374 3800 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
20:05:06.0421 3800 CNG - ok
20:05:06.0437 3800 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:05:06.0452 3800 Compbatt - ok
20:05:06.0515 3800 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:05:06.0562 3800 CompositeBus - ok
20:05:06.0593 3800 COMSysApp - ok
20:05:06.0624 3800 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:05:06.0655 3800 crcdisk - ok
20:05:06.0718 3800 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:05:06.0764 3800 CryptSvc - ok
20:05:06.0874 3800 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:05:06.0920 3800 cvhsvc - ok
20:05:06.0967 3800 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:05:07.0030 3800 DcomLaunch - ok
20:05:07.0076 3800 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:05:07.0139 3800 defragsvc - ok
20:05:07.0170 3800 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:05:07.0248 3800 DfsC - ok
20:05:07.0326 3800 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:05:07.0388 3800 Dhcp - ok
20:05:07.0404 3800 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:05:07.0482 3800 discache - ok
20:05:07.0529 3800 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:05:07.0560 3800 Disk - ok
20:05:07.0607 3800 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:05:07.0685 3800 Dnscache - ok
20:05:07.0716 3800 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:05:07.0794 3800 dot3svc - ok
20:05:07.0825 3800 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:05:07.0903 3800 DPS - ok
20:05:07.0950 3800 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:05:07.0981 3800 drmkaud - ok
20:05:08.0044 3800 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:05:08.0090 3800 DXGKrnl - ok
20:05:08.0122 3800 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:05:08.0200 3800 EapHost - ok
20:05:08.0309 3800 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:05:08.0449 3800 ebdrv - ok
20:05:08.0496 3800 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:05:08.0558 3800 EFS - ok
20:05:08.0621 3800 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:05:08.0714 3800 ehRecvr - ok
20:05:08.0746 3800 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:05:08.0792 3800 ehSched - ok
20:05:08.0824 3800 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:05:08.0870 3800 elxstor - ok
20:05:08.0917 3800 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:05:08.0964 3800 ErrDev - ok
20:05:09.0011 3800 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:05:09.0104 3800 EventSystem - ok
20:05:09.0120 3800 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:05:09.0182 3800 exfat - ok
20:05:09.0198 3800 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:05:09.0292 3800 fastfat - ok
20:05:09.0338 3800 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:05:09.0401 3800 Fax - ok
20:05:09.0448 3800 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:05:09.0479 3800 fdc - ok
20:05:09.0511 3800 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:05:09.0558 3800 fdPHost - ok
20:05:09.0573 3800 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:05:09.0620 3800 FDResPub - ok
20:05:09.0651 3800 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:05:09.0667 3800 FileInfo - ok
20:05:09.0667 3800 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:05:09.0729 3800 Filetrace - ok
20:05:09.0761 3800 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:05:09.0807 3800 flpydisk - ok
20:05:09.0854 3800 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:05:09.0885 3800 FltMgr - ok
20:05:09.0948 3800 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
20:05:10.0026 3800 FontCache - ok
20:05:10.0088 3800 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:05:10.0104 3800 FontCache3.0.0.0 - ok
20:05:10.0135 3800 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:05:10.0151 3800 FsDepends - ok
20:05:10.0182 3800 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:05:10.0197 3800 Fs_Rec - ok
20:05:10.0244 3800 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:05:10.0291 3800 fvevol - ok
20:05:10.0338 3800 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:05:10.0369 3800 gagp30kx - ok
20:05:10.0400 3800 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:05:10.0431 3800 GEARAspiWDM - ok
20:05:10.0478 3800 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:05:10.0541 3800 gpsvc - ok
20:05:10.0650 3800 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:05:10.0665 3800 gupdate - ok
20:05:10.0697 3800 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:05:10.0712 3800 gupdatem - ok
20:05:10.0775 3800 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:05:10.0806 3800 gusvc - ok
20:05:10.0821 3800 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:05:10.0884 3800 hcw85cir - ok
20:05:10.0946 3800 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:05:11.0009 3800 HdAudAddService - ok
20:05:11.0040 3800 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:05:11.0071 3800 HDAudBus - ok
20:05:11.0102 3800 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:05:11.0133 3800 HidBatt - ok
20:05:11.0165 3800 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:05:11.0196 3800 HidBth - ok
20:05:11.0211 3800 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:05:11.0243 3800 HidIr - ok
20:05:11.0274 3800 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
20:05:11.0336 3800 hidserv - ok
20:05:11.0367 3800 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:05:11.0383 3800 HidUsb - ok
20:05:11.0414 3800 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:05:11.0492 3800 hkmsvc - ok
20:05:11.0523 3800 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:05:11.0586 3800 HomeGroupListener - ok
20:05:11.0633 3800 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:05:11.0695 3800 HomeGroupProvider - ok
20:05:11.0726 3800 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:05:11.0757 3800 HpSAMD - ok
20:05:11.0804 3800 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:05:11.0867 3800 HTTP - ok
20:05:11.0898 3800 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:05:11.0913 3800 hwpolicy - ok
20:05:11.0976 3800 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:05:12.0023 3800 i8042prt - ok
20:05:12.0054 3800 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:05:12.0101 3800 iaStorV - ok
20:05:12.0163 3800 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:05:12.0225 3800 idsvc - ok
20:05:12.0257 3800 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:05:12.0272 3800 iirsp - ok
20:05:12.0335 3800 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:05:12.0428 3800 IKEEXT - ok
20:05:12.0569 3800 [ 5A4AAD2240CB8B50FFEAEDB2BF747ABD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:05:12.0631 3800 IntcAzAudAddService - ok
20:05:12.0678 3800 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:05:12.0709 3800 intelide - ok
20:05:12.0740 3800 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:05:12.0787 3800 intelppm - ok
20:05:12.0818 3800 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:05:12.0881 3800 IPBusEnum - ok
20:05:12.0912 3800 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:05:12.0990 3800 IpFilterDriver - ok
20:05:13.0052 3800 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:05:13.0130 3800 iphlpsvc - ok
20:05:13.0161 3800 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:05:13.0208 3800 IPMIDRV - ok
20:05:13.0255 3800 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:05:13.0333 3800 IPNAT - ok
20:05:13.0427 3800 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:05:13.0473 3800 iPod Service - ok
20:05:13.0505 3800 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:05:13.0567 3800 IRENUM - ok
20:05:13.0583 3800 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:05:13.0614 3800 isapnp - ok
20:05:13.0661 3800 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:05:13.0692 3800 iScsiPrt - ok
20:05:13.0723 3800 [ 858CE8CCD0FA4845AEB1A9C89EC3A0F2 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
20:05:13.0739 3800 JMCR - ok
20:05:13.0770 3800 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:05:13.0785 3800 kbdclass - ok
20:05:13.0832 3800 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:05:13.0879 3800 kbdhid - ok
20:05:13.0895 3800 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:05:13.0926 3800 KeyIso - ok
20:05:13.0973 3800 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:05:14.0004 3800 KSecDD - ok
20:05:14.0051 3800 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:05:14.0082 3800 KSecPkg - ok
20:05:14.0113 3800 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:05:14.0191 3800 KtmRm - ok
20:05:14.0222 3800 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
20:05:14.0285 3800 LanmanServer - ok
20:05:14.0285 3800 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:05:14.0347 3800 LanmanWorkstation - ok
20:05:14.0378 3800 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:05:14.0472 3800 lltdio - ok
20:05:14.0503 3800 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:05:14.0550 3800 lltdsvc - ok
20:05:14.0565 3800 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:05:14.0628 3800 lmhosts - ok
20:05:14.0659 3800 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:05:14.0675 3800 LSI_FC - ok
20:05:14.0690 3800 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:05:14.0706 3800 LSI_SAS - ok
20:05:14.0721 3800 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:05:14.0737 3800 LSI_SAS2 - ok
20:05:14.0768 3800 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:05:14.0799 3800 LSI_SCSI - ok
20:05:14.0831 3800 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:05:14.0877 3800 luafv - ok
20:05:14.0924 3800 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:05:14.0940 3800 Mcx2Svc - ok
20:05:14.0971 3800 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:05:14.0987 3800 megasas - ok
20:05:15.0033 3800 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:05:15.0049 3800 MegaSR - ok
20:05:15.0080 3800 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files\System Control Manager\MSIService.exe
20:05:15.0111 3800 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
20:05:15.0111 3800 Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
20:05:15.0158 3800 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:05:15.0221 3800 MMCSS - ok
20:05:15.0252 3800 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:05:15.0299 3800 Modem - ok
20:05:15.0314 3800 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:05:15.0345 3800 monitor - ok
20:05:15.0392 3800 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
20:05:15.0423 3800 mouclass - ok
20:05:15.0455 3800 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:05:15.0501 3800 mouhid - ok
20:05:15.0533 3800 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:05:15.0564 3800 mountmgr - ok
20:05:15.0611 3800 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:05:15.0642 3800 mpio - ok
20:05:15.0673 3800 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:05:15.0735 3800 mpsdrv - ok
20:05:15.0782 3800 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:05:15.0829 3800 MpsSvc - ok
20:05:15.0860 3800 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:05:15.0891 3800 MRxDAV - ok
20:05:15.0954 3800 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:05:16.0032 3800 mrxsmb - ok
20:05:16.0079 3800 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:05:16.0125 3800 mrxsmb10 - ok
20:05:16.0141 3800 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:05:16.0203 3800 mrxsmb20 - ok
20:05:16.0250 3800 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:05:16.0281 3800 msahci - ok
20:05:16.0328 3800 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:05:16.0359 3800 msdsm - ok
20:05:16.0375 3800 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:05:16.0406 3800 MSDTC - ok
20:05:16.0453 3800 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:05:16.0500 3800 Msfs - ok
20:05:16.0515 3800 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:05:16.0562 3800 mshidkmdf - ok
20:05:16.0593 3800 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:05:16.0625 3800 msisadrv - ok
20:05:16.0656 3800 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:05:16.0703 3800 MSiSCSI - ok
20:05:16.0718 3800 msiserver - ok
20:05:16.0765 3800 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:05:16.0796 3800 MSKSSRV - ok
20:05:16.0812 3800 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:05:16.0859 3800 MSPCLOCK - ok
20:05:16.0874 3800 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:05:16.0905 3800 MSPQM - ok
20:05:16.0937 3800 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:05:16.0952 3800 MsRPC - ok
20:05:16.0999 3800 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:05:17.0030 3800 mssmbios - ok
20:05:17.0046 3800 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:05:17.0093 3800 MSTEE - ok
20:05:17.0124 3800 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:05:17.0139 3800 MTConfig - ok
20:05:17.0155 3800 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:05:17.0171 3800 Mup - ok
20:05:17.0217 3800 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:05:17.0249 3800 napagent - ok
20:05:17.0295 3800 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:05:17.0327 3800 NativeWifiP - ok
20:05:17.0405 3800 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:05:17.0451 3800 NDIS - ok
20:05:17.0483 3800 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:05:17.0529 3800 NdisCap - ok
20:05:17.0545 3800 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:05:17.0576 3800 NdisTapi - ok
20:05:17.0623 3800 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:05:17.0685 3800 Ndisuio - ok
20:05:17.0732 3800 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:05:17.0795 3800 NdisWan - ok
20:05:17.0826 3800 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:05:17.0873 3800 NDProxy - ok
20:05:17.0904 3800 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:05:17.0982 3800 NetBIOS - ok
20:05:18.0029 3800 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:05:18.0107 3800 NetBT - ok
20:05:18.0122 3800 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:05:18.0138 3800 Netlogon - ok
20:05:18.0185 3800 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:05:18.0231 3800 Netman - ok
20:05:18.0263 3800 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:05:18.0309 3800 netprofm - ok
20:05:18.0341 3800 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:05:18.0356 3800 NetTcpPortSharing - ok
20:05:18.0387 3800 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:05:18.0419 3800 nfrd960 - ok
20:05:18.0450 3800 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:05:18.0497 3800 NlaSvc - ok
20:05:18.0528 3800 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:05:18.0590 3800 Npfs - ok
20:05:18.0637 3800 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:05:18.0668 3800 nsi - ok
20:05:18.0684 3800 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:05:18.0762 3800 nsiproxy - ok
20:05:18.0809 3800 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:05:18.0855 3800 Ntfs - ok
20:05:18.0887 3800 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:05:18.0902 3800 Null - ok
20:05:18.0933 3800 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:05:18.0965 3800 nvraid - ok
20:05:18.0996 3800 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:05:19.0011 3800 nvstor - ok
20:05:19.0043 3800 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:05:19.0058 3800 nv_agp - ok
20:05:19.0105 3800 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:05:19.0167 3800 ohci1394 - ok
20:05:19.0199 3800 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:05:19.0230 3800 ose - ok
20:05:19.0370 3800 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:05:19.0557 3800 osppsvc - ok
20:05:19.0589 3800 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:05:19.0651 3800 p2pimsvc - ok
20:05:19.0698 3800 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:05:19.0745 3800 p2psvc - ok
20:05:19.0760 3800 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:05:19.0807 3800 Parport - ok
20:05:19.0838 3800 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:05:19.0869 3800 partmgr - ok
20:05:19.0885 3800 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:05:19.0916 3800 Parvdm - ok
20:05:19.0947 3800 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:05:19.0963 3800 PcaSvc - ok
20:05:20.0010 3800 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:05:20.0041 3800 pci - ok
20:05:20.0057 3800 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:05:20.0088 3800 pciide - ok
20:05:20.0119 3800 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:05:20.0150 3800 pcmcia - ok
20:05:20.0369 3800 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:05:20.0384 3800 pcw - ok
20:05:20.0431 3800 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:05:20.0525 3800 PEAUTH - ok
20:05:20.0603 3800 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:05:20.0696 3800 pla - ok
20:05:20.0727 3800 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:05:20.0774 3800 PlugPlay - ok
20:05:20.0805 3800 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:05:20.0852 3800 PNRPAutoReg - ok
20:05:20.0883 3800 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:05:20.0915 3800 PNRPsvc - ok
20:05:20.0961 3800 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:05:20.0993 3800 PolicyAgent - ok
20:05:21.0024 3800 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:05:21.0071 3800 Power - ok
20:05:21.0117 3800 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:05:21.0149 3800 PptpMiniport - ok
20:05:21.0180 3800 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:05:21.0227 3800 Processor - ok
20:05:21.0273 3800 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:05:21.0336 3800 ProfSvc - ok
20:05:21.0351 3800 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:05:21.0383 3800 ProtectedStorage - ok
20:05:21.0414 3800 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:05:21.0461 3800 Psched - ok
20:05:21.0492 3800 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:05:21.0507 3800 PSI_SVC_2 - ok
20:05:21.0570 3800 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:05:21.0648 3800 ql2300 - ok
20:05:21.0695 3800 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:05:21.0710 3800 ql40xx - ok
20:05:21.0726 3800 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:05:21.0757 3800 QWAVE - ok
20:05:21.0819 3800 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:05:21.0851 3800 QWAVEdrv - ok
20:05:21.0944 3800 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
20:05:21.0975 3800 RapiMgr - ok
20:05:22.0007 3800 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:05:22.0100 3800 RasAcd - ok
20:05:22.0116 3800 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:05:22.0163 3800 RasAgileVpn - ok
20:05:22.0194 3800 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:05:22.0256 3800 RasAuto - ok
20:05:22.0272 3800 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:05:22.0350 3800 Rasl2tp - ok
20:05:22.0381 3800 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:05:22.0443 3800 RasMan - ok
20:05:22.0459 3800 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:05:22.0506 3800 RasPppoe - ok
20:05:22.0521 3800 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:05:22.0599 3800 RasSstp - ok
20:05:22.0631 3800 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:05:22.0677 3800 rdbss - ok
20:05:22.0693 3800 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:05:22.0740 3800 rdpbus - ok
20:05:22.0787 3800 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:05:22.0849 3800 RDPCDD - ok
20:05:22.0880 3800 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:05:22.0943 3800 RDPENCDD - ok
20:05:22.0974 3800 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:05:23.0005 3800 RDPREFMP - ok
20:05:23.0036 3800 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:05:23.0099 3800 RDPWD - ok
20:05:23.0161 3800 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:05:23.0192 3800 rdyboost - ok
20:05:23.0223 3800 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:05:23.0301 3800 RemoteAccess - ok
20:05:23.0333 3800 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:05:23.0379 3800 RemoteRegistry - ok
20:05:23.0426 3800 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:05:23.0489 3800 RpcEptMapper - ok
20:05:23.0520 3800 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:05:23.0551 3800 RpcLocator - ok
20:05:23.0582 3800 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:05:23.0629 3800 RpcSs - ok
20:05:23.0660 3800 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:05:23.0723 3800 rspndr - ok
20:05:23.0738 3800 [ E38B785802C666782D2880738D01AC10 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
20:05:23.0769 3800 RTHDMIAzAudService - ok
20:05:23.0801 3800 [ D5EDE44CA85899E0478208C8413C1C31 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:05:23.0816 3800 RTL8167 - ok
20:05:23.0847 3800 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
20:05:23.0894 3800 rtl8192se - ok
20:05:23.0894 3800 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:05:23.0910 3800 SamSs - ok
20:05:23.0941 3800 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:05:23.0972 3800 sbp2port - ok
20:05:24.0003 3800 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:05:24.0066 3800 SCardSvr - ok
20:05:24.0097 3800 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:05:24.0144 3800 scfilter - ok
20:05:24.0191 3800 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:05:24.0284 3800 Schedule - ok
20:05:24.0300 3800 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:05:24.0347 3800 SCPolicySvc - ok
20:05:24.0393 3800 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:05:24.0440 3800 sdbus - ok
20:05:24.0471 3800 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:05:24.0549 3800 SDRSVC - ok
20:05:24.0581 3800 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:05:24.0659 3800 secdrv - ok
20:05:24.0690 3800 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:05:24.0768 3800 seclogon - ok
20:05:24.0783 3800 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
20:05:24.0846 3800 SENS - ok
20:05:24.0861 3800 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:05:24.0924 3800 SensrSvc - ok
20:05:24.0939 3800 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:05:24.0986 3800 Serenum - ok
20:05:25.0017 3800 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:05:25.0064 3800 Serial - ok
20:05:25.0111 3800 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:05:25.0142 3800 sermouse - ok
20:05:25.0205 3800 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:05:25.0283 3800 SessionEnv - ok
20:05:25.0314 3800 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:05:25.0361 3800 sffdisk - ok
20:05:25.0392 3800 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:05:25.0423 3800 sffp_mmc - ok
20:05:25.0454 3800 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:05:25.0485 3800 sffp_sd - ok
20:05:25.0501 3800 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:05:25.0548 3800 sfloppy - ok
20:05:25.0626 3800 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:05:25.0673 3800 Sftfs - ok
20:05:25.0719 3800 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
20:05:25.0751 3800 sftlist - ok
20:05:25.0766 3800 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:05:25.0782 3800 Sftplay - ok
20:05:25.0813 3800 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:05:25.0829 3800 Sftredir - ok
20:05:25.0860 3800 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:05:25.0875 3800 Sftvol - ok
20:05:25.0907 3800 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
20:05:25.0922 3800 sftvsa - ok
20:05:25.0953 3800 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:05:26.0016 3800 SharedAccess - ok
20:05:26.0063 3800 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:05:26.0141 3800 ShellHWDetection - ok
20:05:26.0172 3800 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:05:26.0187 3800 sisagp - ok
20:05:26.0234 3800 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:05:26.0265 3800 SiSRaid2 - ok
20:05:26.0281 3800 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:05:26.0312 3800 SiSRaid4 - ok
20:05:26.0359 3800 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:05:26.0421 3800 Smb - ok
20:05:26.0468 3800 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:05:26.0515 3800 SNMPTRAP - ok
20:05:26.0531 3800 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:05:26.0562 3800 spldr - ok
20:05:26.0624 3800 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
20:05:26.0671 3800 Spooler - ok
20:05:26.0780 3800 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:05:26.0889 3800 sppsvc - ok
20:05:26.0936 3800 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:05:26.0952 3800 sppuinotify - ok
20:05:26.0999 3800 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:05:27.0077 3800 srv - ok
20:05:27.0123 3800 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:05:27.0170 3800 srv2 - ok
20:05:27.0201 3800 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:05:27.0248 3800 srvnet - ok
20:05:27.0295 3800 [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
20:05:27.0342 3800 sscdbus - ok
20:05:27.0389 3800 [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:05:27.0435 3800 sscdmdfl - ok
20:05:27.0451 3800 [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
20:05:27.0482 3800 sscdmdm - ok
20:05:27.0513 3800 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:05:27.0591 3800 SSDPSRV - ok
20:05:27.0623 3800 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:05:27.0701 3800 SstpSvc - ok
20:05:27.0732 3800 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:05:27.0747 3800 stexstor - ok
20:05:27.0779 3800 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:05:27.0825 3800 StiSvc - ok
20:05:27.0857 3800 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:05:27.0872 3800 swenum - ok
20:05:27.0903 3800 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:05:27.0966 3800 swprv - ok
20:05:27.0997 3800 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:05:28.0028 3800 SynTP - ok
20:05:28.0091 3800 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:05:28.0137 3800 SysMain - ok
20:05:28.0169 3800 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:05:28.0231 3800 TabletInputService - ok
20:05:28.0262 3800 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:05:28.0293 3800 TapiSrv - ok
20:05:28.0325 3800 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:05:28.0371 3800 TBS - ok
20:05:28.0449 3800 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:05:28.0496 3800 Tcpip - ok
20:05:28.0543 3800 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:05:28.0605 3800 TCPIP6 - ok
20:05:28.0637 3800 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:05:28.0683 3800 tcpipreg - ok
20:05:28.0715 3800 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:05:28.0777 3800 TDPIPE - ok
20:05:28.0793 3800 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:05:28.0839 3800 TDTCP - ok
20:05:28.0855 3800 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:05:28.0917 3800 tdx - ok
20:05:28.0949 3800 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:05:28.0964 3800 TermDD - ok
20:05:29.0011 3800 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:05:29.0089 3800 TermService - ok
20:05:29.0120 3800 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:05:29.0151 3800 Themes - ok
20:05:29.0183 3800 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:05:29.0214 3800 THREADORDER - ok
20:05:29.0245 3800 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:05:29.0323 3800 TrkWks - ok
20:05:29.0401 3800 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:05:29.0479 3800 TrustedInstaller - ok
20:05:29.0495 3800 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:05:29.0541 3800 tssecsrv - ok
20:05:29.0588 3800 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:05:29.0635 3800 TsUsbFlt - ok
20:05:29.0682 3800 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:05:29.0760 3800 tunnel - ok
20:05:29.0807 3800 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:05:29.0838 3800 uagp35 - ok
20:05:29.0869 3800 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:05:29.0947 3800 udfs - ok
20:05:29.0994 3800 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:05:30.0025 3800 UI0Detect - ok
20:05:30.0072 3800 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:05:30.0103 3800 uliagpkx - ok
20:05:30.0150 3800 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:05:30.0197 3800 umbus - ok
20:05:30.0243 3800 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:05:30.0259 3800 UmPass - ok
20:05:30.0306 3800 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:05:30.0368 3800 upnphost - ok
20:05:30.0399 3800 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:05:30.0446 3800 USBAAPL - ok
20:05:30.0477 3800 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:05:30.0540 3800 usbccgp - ok
20:05:30.0602 3800 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:05:30.0649 3800 usbcir - ok
20:05:30.0649 3800 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:05:30.0680 3800 usbehci - ok
20:05:30.0727 3800 [ FB0E8B624D1F7E214EDB3D6E56B4EC88 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:05:30.0758 3800 usbfilter - ok
20:05:30.0789 3800 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:05:30.0821 3800 usbhub - ok
20:05:30.0852 3800 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:05:30.0899 3800 usbohci - ok
20:05:30.0945 3800 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:05:30.0992 3800 usbprint - ok
20:05:31.0023 3800 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
20:05:31.0070 3800 USBSTOR - ok
20:05:31.0101 3800 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:05:31.0117 3800 usbuhci - ok
20:05:31.0179 3800 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:05:31.0226 3800 usbvideo - ok
20:05:31.0257 3800 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:05:31.0320 3800 UxSms - ok
20:05:31.0335 3800 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:05:31.0351 3800 VaultSvc - ok
20:05:31.0382 3800 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:05:31.0413 3800 vdrvroot - ok
20:05:31.0460 3800 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:05:31.0554 3800 vds - ok
20:05:31.0601 3800 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:05:31.0632 3800 vga - ok
20:05:31.0647 3800 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:05:31.0694 3800 VgaSave - ok
20:05:31.0741 3800 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:05:31.0772 3800 vhdmp - ok
20:05:31.0803 3800 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:05:31.0835 3800 viaagp - ok
20:05:31.0866 3800 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:05:31.0913 3800 ViaC7 - ok
20:05:31.0944 3800 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:05:31.0975 3800 viaide - ok
20:05:32.0022 3800 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:05:32.0053 3800 volmgr - ok
20:05:32.0084 3800 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:05:32.0131 3800 volmgrx - ok
20:05:32.0162 3800 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:05:32.0209 3800 volsnap - ok
20:05:32.0225 3800 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:05:32.0240 3800 vsmraid - ok
20:05:32.0287 3800 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:05:32.0365 3800 VSS - ok
20:05:32.0396 3800 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:05:32.0427 3800 vwifibus - ok
20:05:32.0459 3800 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:05:32.0490 3800 vwififlt - ok
20:05:32.0537 3800 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:05:32.0630 3800 W32Time - ok
20:05:32.0646 3800 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:05:32.0677 3800 WacomPen - ok
20:05:32.0724 3800 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:05:32.0802 3800 WANARP - ok
20:05:32.0802 3800 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:05:32.0833 3800 Wanarpv6 - ok
20:05:32.0880 3800 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:05:32.0942 3800 wbengine - ok
20:05:32.0958 3800 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:05:32.0989 3800 WbioSrvc - ok
20:05:33.0067 3800 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
20:05:33.0114 3800 WcesComm - ok
20:05:33.0145 3800 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:05:33.0207 3800 wcncsvc - ok
20:05:33.0254 3800 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:05:33.0317 3800 WcsPlugInService - ok
20:05:33.0332 3800 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:05:33.0363 3800 Wd - ok
20:05:33.0410 3800 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:05:33.0473 3800 Wdf01000 - ok
20:05:33.0488 3800 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:05:33.0566 3800 WdiServiceHost - ok
20:05:33.0582 3800 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:05:33.0629 3800 WdiSystemHost - ok
20:05:33.0660 3800 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:05:33.0675 3800 WebClient - ok
20:05:33.0707 3800 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:05:33.0753 3800 Wecsvc - ok
20:05:33.0769 3800 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:05:33.0800 3800 wercplsupport - ok
20:05:33.0816 3800 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:05:33.0863 3800 WerSvc - ok
20:05:33.0894 3800 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:05:33.0956 3800 WfpLwf - ok
20:05:33.0987 3800 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:05:34.0003 3800 WIMMount - ok
20:05:34.0081 3800 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:05:34.0159 3800 WinDefend - ok
20:05:34.0175 3800 WinHttpAutoProxySvc - ok
20:05:34.0237 3800 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:05:34.0315 3800 Winmgmt - ok
20:05:34.0362 3800 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:05:34.0487 3800 WinRM - ok
20:05:34.0565 3800 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\drivers\WinUSB.SYS
20:05:34.0627 3800 WinUsb - ok
20:05:34.0674 3800 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:05:34.0721 3800 Wlansvc - ok
20:05:34.0783 3800 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:05:34.0814 3800 wlcrasvc - ok
20:05:34.0892 3800 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:05:34.0955 3800 wlidsvc - ok
20:05:34.0986 3800 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:05:35.0017 3800 WmiAcpi - ok
20:05:35.0064 3800 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:05:35.0111 3800 wmiApSrv - ok
20:05:35.0220 3800 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:05:35.0313 3800 WMPNetworkSvc - ok
20:05:35.0391 3800 [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm D:\A Lea\WMZuneComm.exe
20:05:35.0438 3800 WMZuneComm - ok
20:05:35.0469 3800 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:05:35.0516 3800 WPCSvc - ok
20:05:35.0563 3800 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:05:35.0610 3800 WPDBusEnum - ok
20:05:35.0641 3800 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:05:35.0719 3800 ws2ifsl - ok
20:05:35.0797 3800 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
20:05:35.0859 3800 wscsvc - ok
20:05:35.0859 3800 WSearch - ok
20:05:35.0953 3800 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:05:36.0031 3800 wuauserv - ok
20:05:36.0062 3800 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:05:36.0109 3800 WudfPf - ok
20:05:36.0140 3800 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:05:36.0171 3800 WUDFRd - ok
20:05:36.0203 3800 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:05:36.0234 3800 wudfsvc - ok
20:05:36.0265 3800 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:05:36.0343 3800 WwanSvc - ok
20:05:36.0639 3800 [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc D:\A Lea\ZuneNss.exe
20:05:36.0951 3800 ZuneNetworkSvc - ok
20:05:37.0045 3800 [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc D:\A Lea\ZuneWlanCfgSvc.exe
20:05:37.0092 3800 ZuneWlanCfgSvc - ok
20:05:37.0123 3800 ================ Scan global ===============================
20:05:37.0170 3800 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:05:37.0217 3800 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:05:37.0232 3800 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
20:05:37.0263 3800 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:05:37.0295 3800 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:05:37.0310 3800 [Global] - ok
20:05:37.0310 3800 ================ Scan MBR ==================================
20:05:37.0326 3800 [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
20:05:40.0461 3800 \Device\Harddisk0\DR0 - ok
20:05:40.0461 3800 ================ Scan VBR ==================================
20:05:40.0461 3800 [ 1732D7A3140A25274C725C9A24E4274D ] \Device\Harddisk0\DR0\Partition1
20:05:40.0461 3800 \Device\Harddisk0\DR0\Partition1 - ok
20:05:40.0493 3800 [ E5C1FF61EC9401CD73CD28840071555E ] \Device\Harddisk0\DR0\Partition2
20:05:40.0493 3800 \Device\Harddisk0\DR0\Partition2 - ok
20:05:40.0524 3800 [ 7656470482D2836BB1FEC5DECAF408DC ] \Device\Harddisk0\DR0\Partition3
20:05:40.0524 3800 \Device\Harddisk0\DR0\Partition3 - ok
20:05:40.0524 3800 ============================================================
20:05:40.0524 3800 Scan finished
20:05:40.0524 3800 ============================================================
20:05:40.0555 2532 Detected object count: 1
20:05:40.0555 2532 Actual detected object count: 1
20:06:03.0050 2532 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
20:06:03.0050 2532 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
15.08.2013, 15:46
| #12 |
| /// Malware-holic | Windows 7: Weißer Sperrbildschirm - GVU Trojaner? Hi, es sind 2 Logs zu erstellen, möglichst gleichzeitig posten. 1. start programme zubehör editor, reinkopieren bitte. Folder:: c:\users\Lea\AppData\Roaming\Qoop c:\users\Lea\AppData\Roaming\Suroot c:\users\Lea\AppData\Roaming\Yxur Datei Speichern unter, Dateityp, alle Speicherort, dort wo du Combofix.exe gespeichert hast. Name: cfscript.txt ziehe cfscript.txt auf combofix, Programm startet, Log posten. Gleich folgt eine Anweisung, zum erstellen zweier Logs mit FRST. mir würde die Zusatzinfo erst mal reichen, nämlich die bearbeitete Liste der Programme. 2. Empfehlungen fürs Deinstallieren Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.08.2013, 07:59
| #13 |
| | Windows 7: Weißer Sperrbildschirm - GVU Trojaner?Code:
ATTFilter ComboFix 13-08-13.02 - Lea 15.08.2013 19:41:56.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.1950 [GMT 2:00]
ausgeführt von:: c:\frst\Quarantine\ComboFix.exe
Benutzte Befehlsschalter :: c:\frst\Quarantine\cfscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lea\AppData\Roaming\Qoop
c:\users\Lea\AppData\Roaming\Suroot
c:\users\Lea\AppData\Roaming\Suroot\afgi.adh
c:\users\Lea\AppData\Roaming\Yxur
c:\users\Lea\AppData\Roaming\Yxur\ihah.qep
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-15 bis 2013-08-15 ))))))))))))))))))))))))))))))
.
.
2013-08-15 17:48 . 2013-08-15 17:48 -------- d-----w- c:\users\Lea\AppData\Local\temp
2013-08-15 17:48 . 2013-08-15 17:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-15 17:31 . 2013-08-15 17:31 -------- d-----w- c:\users\Lea\AppData\Roaming\TuneUp Software
2013-08-13 18:40 . 2013-08-13 18:40 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-04 08:20 . 2013-07-04 08:20 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-04 08:20 . 2013-07-04 08:20 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-07-04 08:20 . 2013-07-04 08:20 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-07-04 08:20 . 2013-07-04 08:20 158720 ----a-w- c:\windows\system32\msls31.dll
2013-07-04 08:20 . 2013-07-04 08:20 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-07-04 08:20 . 2013-07-04 08:20 138752 ----a-w- c:\windows\system32\wextract.exe
2013-07-04 08:20 . 2013-07-04 08:20 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-04 08:20 . 2013-07-04 08:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-04 08:20 . 2013-07-04 08:20 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-07-04 08:20 . 2013-07-04 08:20 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-04 08:20 . 2013-07-04 08:20 12800 ----a-w- c:\windows\system32\mshta.exe
2013-07-04 08:20 . 2013-07-04 08:20 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-04 08:20 . 2013-07-04 08:20 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-04 08:20 . 2013-07-04 08:20 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-07-04 08:20 . 2013-07-04 08:20 361984 ----a-w- c:\windows\system32\html.iec
2013-07-04 08:20 . 2013-07-04 08:20 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-04 08:20 . 2013-07-04 08:20 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-04 08:19 . 2013-07-04 08:19 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-04 08:19 . 2013-07-04 08:19 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-04 08:19 . 2013-07-04 08:19 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-04 08:19 . 2013-07-04 08:19 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-04 08:19 . 2013-07-04 08:19 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-07-04 08:19 . 2013-07-04 08:19 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-04 08:19 . 2013-07-04 08:19 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-04 08:19 . 2013-07-04 08:19 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-07-04 08:19 . 2013-07-04 08:19 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-04 08:19 . 2013-07-04 08:19 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-04 08:19 . 2013-07-04 08:19 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-04 08:19 . 2013-07-04 08:19 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-04 08:19 . 2013-07-04 08:19 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-07-04 08:19 . 2013-07-04 08:19 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-07-04 08:19 . 2013-07-04 08:19 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-04 08:19 . 2013-07-04 08:19 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-11 23:43 . 2013-07-11 19:33 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:43 . 2013-07-11 19:33 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:42 . 2013-07-11 19:33 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:42 . 2013-07-11 19:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 22:51 . 2013-07-11 19:33 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 02:37 . 2013-07-11 19:33 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-05 03:05 . 2013-07-11 15:20 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-11 15:20 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-07-19 2482176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-08 1481320]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Zune Launcher"="d:\a lea\ZuneLauncher.exe" [2011-08-05 159456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-14 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Facebook Update"="c:\users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\users\Lea\A Leas Ordner\IPod\iTunesHelper.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-05 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-05 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-05-26 136304]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-11-08 250080]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-04-11 302368]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-30 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2012-12-10 142176]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 30464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570605162-662666738-3914347939-1000Core.job
- c:\users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-24 09:36]
.
2013-08-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570605162-662666738-3914347939-1000UA.job
- c:\users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-24 09:36]
.
2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-05 11:33]
.
2013-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-05 11:33]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uInternet Settings,ProxyOverride = *.local
IE: c:\users\Lea\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloadernew.htm
IE: Free YouTube to MP3 Converter - c:\users\Lea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.178.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-15 19:49:38
ComboFix-quarantined-files.txt 2013-08-15 17:49
ComboFix2.txt 2013-08-13 20:25
.
Vor Suchlauf: 16 Verzeichnis(se), 361.198.407.680 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 361.153.511.424 Bytes frei
.
- - End Of File - - 9A8B60586FED5BE37E21055C01C7DF4E
8A1C59E4DFEF87510470928550466632
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2013 01
Ran by Lea (administrator) on 15-08-2013 20:00:38
Running from C:\Users\Lea\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\system32\atibtmon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MSIService.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MGSysCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) D:\A Lea\ZuneLauncher.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [MGSysCtrl] - C:\Program Files\System Control Manager\MGSysCtrl.exe [2482176 2010-07-19] (Micro-Star International Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9267816 2010-06-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1481320 2010-06-08] (Realtek Semiconductor)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] - D:\A Lea\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {6549A93D-680E-45BB-AA61-45D609CF1AFD} URL = hxxp://www.youtube.com/results?search_query={searchTerms}&page={startPage?}&utm_source=opensearch
SearchScopes: HKCU - {6E45FE74-C720-4649-A52B-E2E3DFFCC642} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=6f6006ee-cc89-4cf3-a7be-0eb2ce0b2eb8&apn_sauid=4E58E7DD-F70D-49B2-815D-53B288F2CFE6
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
========================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.)
S3 WMZuneComm; D:\A Lea\WMZuneComm.exe [268512 2011-08-05] (Microsoft Corporation)
S3 ZuneNetworkSvc; D:\A Lea\ZuneNss.exe [6363872 2011-08-05] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; D:\A Lea\ZuneWlanCfgSvc.exe [444640 2011-08-05] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-08-16] (ATI Technologies, Inc.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [168480 2009-12-02] (Realtek Semiconductor Corp.)
R3 catchme; \??\C:\Users\Lea\AppData\Local\Temp\catchme.sys [x]
U3 mbr; \??\C:\ComboFix\mbr.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-15 19:49 - 2013-08-15 19:49 - 00015090 _____ C:\ComboFix.txt
2013-08-15 19:31 - 2013-08-15 19:31 - 00000000 ____D C:\Users\Lea\AppData\Roaming\TuneUp Software
2013-08-14 20:01 - 2013-08-14 20:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Lea\Desktop\tdsskiller.exe
2013-08-13 22:27 - 2013-08-15 19:54 - 00015090 _____ C:\Users\Lea\Desktop\ComboFix.txt
2013-08-13 22:27 - 2013-08-13 22:27 - 00015489 _____ C:\Users\Lea\Desktop\combofix alt!.txt
2013-08-13 21:46 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-13 21:46 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-13 21:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-13 21:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-13 21:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-13 21:46 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-13 21:46 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-13 21:46 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-13 21:38 - 2013-08-15 19:49 - 00000000 ____D C:\Qoobox
2013-08-13 21:38 - 2013-08-13 22:22 - 00000000 ____D C:\Windows\erdnt
2013-08-13 20:40 - 2013-08-13 20:40 - 00000000 ____D C:\FRST
2013-08-12 16:52 - 2013-08-12 16:52 - 00394609 _____ C:\Users\Lea\AppData\Local\2433f433
2013-07-31 22:11 - 2013-08-01 21:17 - 39395328 _____ C:\Users\Lea\Desktop\Carly Rae Japson.sai
2013-07-31 16:02 - 2013-07-31 22:00 - 32681984 _____ C:\Users\Lea\Desktop\SDFSFD.sai
==================== One Month Modified Files and Folders =======
2013-08-15 19:59 - 2013-08-15 19:59 - 01068807 _____ (Farbar) C:\Users\Lea\Desktop\FRST.exe
2013-08-15 19:54 - 2013-08-13 22:27 - 00015090 _____ C:\Users\Lea\Desktop\ComboFix.txt
2013-08-15 19:49 - 2013-08-15 19:49 - 00015090 _____ C:\ComboFix.txt
2013-08-15 19:49 - 2013-08-13 21:38 - 00000000 ____D C:\Qoobox
2013-08-15 19:48 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-08-15 19:41 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-15 19:41 - 2009-07-14 06:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 19:38 - 2010-12-25 13:45 - 01658308 _____ C:\Windows\WindowsUpdate.log
2013-08-15 19:33 - 2011-01-05 23:06 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-08-15 19:31 - 2013-08-15 19:31 - 00000000 ____D C:\Users\Lea\AppData\Roaming\TuneUp Software
2013-08-15 19:29 - 2011-09-05 13:33 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-15 19:28 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-15 19:28 - 2009-07-14 06:39 - 00169905 _____ C:\Windows\setupact.log
2013-08-14 20:08 - 2011-09-05 13:33 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-14 20:01 - 2013-08-14 20:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Lea\Desktop\tdsskiller.exe
2013-08-14 19:56 - 2010-10-27 14:39 - 00026050 _____ C:\Windows\PFRO.log
2013-08-13 22:27 - 2013-08-13 22:27 - 00015489 _____ C:\Users\Lea\Desktop\combofix alt!.txt
2013-08-13 22:25 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-13 22:22 - 2013-08-13 21:38 - 00000000 ____D C:\Windows\erdnt
2013-08-13 21:59 - 2010-12-25 14:01 - 00000000 ____D C:\Users\Lea
2013-08-13 21:36 - 2011-01-05 23:35 - 00000000 ____D C:\Users\Lea\Komische Sachen\Documents\Youcam
2013-08-13 20:40 - 2013-08-13 20:40 - 00000000 ____D C:\FRST
2013-08-12 16:52 - 2013-08-12 16:52 - 00394609 _____ C:\Users\Lea\AppData\Local\2433f433
2013-08-11 14:42 - 2012-04-24 17:19 - 00001130 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570605162-662666738-3914347939-1000UA.job
2013-08-10 11:42 - 2012-04-24 17:19 - 00001108 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570605162-662666738-3914347939-1000Core.job
2013-08-01 21:17 - 2013-07-31 22:11 - 39395328 _____ C:\Users\Lea\Desktop\Carly Rae Japson.sai
2013-07-31 22:00 - 2013-07-31 16:02 - 32681984 _____ C:\Users\Lea\Desktop\SDFSFD.sai
2013-07-31 15:11 - 2012-12-22 10:13 - 00000000 ____D C:\Users\Lea\Desktop\musik!!!!!!!! Zune
2013-07-31 14:54 - 2012-04-06 22:03 - 00000000 ____D C:\Users\Lea\Desktop\ZZZ Ordner, Bilder und Dokumente
2013-07-31 14:48 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-31 07:59 - 2012-01-29 11:48 - 00000000 ____D C:\ProgramData\AVG2012
2013-07-31 07:57 - 2010-12-26 19:14 - 00000000 ____D C:\Users\Lea\AppData\Roaming\SoftGrid Client
2013-07-30 20:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-07-27 18:09 - 2010-12-25 13:58 - 00000000 ____D C:\Program Files\Google
2013-07-26 10:50 - 2011-10-02 18:06 - 00000000 ____D C:\Users\Lea\AppData\Local\Windows Live
2013-07-16 12:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
Files to move or delete:
====================
C:\Users\Lea\SoftonicDownloader_fuer_gimp.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-04 11:09
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-08-2013 01
Ran by Lea at 2013-08-15 20:01:00
Running from C:\Users\Lea\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe AIR (Version: 2.5.0.16600)unbekannt
Adobe Download Assistant (Version: 1.2.3)nötig
Adobe Flash Player 10 Plugin (Version: 10.1.85.3)nötig
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)nötig
Adobe Reader 9.4.0 - Deutsch (Version: 9.4.0)nötig
ALDI SÜD Mah Jong unnötig
Apple Application Support (Version: 2.1.7)nötig
Apple Mobile Device Support (Version: 5.1.1.4)nötig
Apple Software Update (Version: 2.1.3.127)nötig
Ashampoo Burning Studio (Version: 9.23.0)unbekannt
Ashampoo Photo Commander (Version: 8.3.2)unbekannt
Ashampoo Photo Optimizer (Version: 3.12.0)unbeknnt
Ashampoo Snap (Version: 3.4.1)unbekannt
Ask Toolbar (Version: 1.12.2.0)unnötig
ATI Catalyst Install Manager (Version: 3.0.774.0)unbekannt
AVG 2012 (Version: 12.0.3209)nötig
AVG 2012 (Version: 12.0.3211)nötig
AVG 2012 (Version: 12.1.2242)nötig
AVG 2012 (Version: 2012.1.2242)nötig
AVG PC TuneUp Language Pack (de-DE) (Version: 12.0.4000.108)unnötig
Aztec Bricks (Version: 1.0)unnötig
Bonjour (Version: 3.0.0.10)unbekannt
Catalyst Control Center Core Implementation (Version: 2010.0730.2158.37625)unbekannt
Catalyst Control Center Graphics Full Existing (Version: 2010.0730.2158.37625)unbekannt
Catalyst Control Center Graphics Full New (Version: 2010.0730.2158.37625)unbekannt
Catalyst Control Center Graphics Light (Version: 2010.0730.2158.37625)unbekannt
Catalyst Control Center Graphics Previews Common (Version: 2010.0730.2158.37625)unbekannt
Catalyst Control Center Graphics Previews Vista (Version: 2010.0730.2158.37625)unbekannt
Catalyst Control Center InstallProxy (Version: 2010.0730.2158.37625)unbekannt
Catalyst Control Center Localization All (Version: 2010.0730.2158.37625)unbekannt
CCC Help Chinese Standard (Version: 2010.0730.2157.37625)unbekannt
CCC Help Chinese Traditional (Version: 2010.0730.2157.37625)unbekannt
CCC Help Czech (Version: 2010.0730.2157.37625)unbekannt
CCC Help Danish (Version: 2010.0730.2157.37625)unbekannt
CCC Help Dutch (Version: 2010.0730.2157.37625)unbekannt
CCC Help English (Version: 2010.0730.2157.37625)unbekannt
CCC Help Finnish (Version: 2010.0730.2157.37625)unbekannt
CCC Help French (Version: 2010.0730.2157.37625)unbekannt
CCC Help German (Version: 2010.0730.2157.37625)unbekannt
CCC Help Greek (Version: 2010.0730.2157.37625)unbekannt
CCC Help Hungarian (Version: 2010.0730.2157.37625)unbekannt
CCC Help Italian (Version: 2010.0730.2157.37625)unbekannt
CCC Help Japanese (Version: 2010.0730.2157.37625)unbekannt
CCC Help Korean (Version: 2010.0730.2157.37625)unbekannt
CCC Help Norwegian (Version: 2010.0730.2157.37625)unbekannt
CCC Help Polish (Version: 2010.0730.2157.37625)unbekannt
CCC Help Portuguese (Version: 2010.0730.2157.37625)unbekannt
CCC Help Russian (Version: 2010.0730.2157.37625)unbekannt
CCC Help Spanish (Version: 2010.0730.2157.37625)unbekannt
CCC Help Swedish (Version: 2010.0730.2157.37625)unbekannt
CCC Help Thai (Version: 2010.0730.2157.37625)unbekannt
CCC Help Turkish (Version: 2010.0730.2157.37625)unbekannt
ccc-core-static (Version: 2010.0730.2158.37625)unbekannt
ccc-utility (Version: 2010.0730.2158.37625)unbekannt
Cisco EAP-FAST Module (Version: 2.2.14)unbekannt
Cisco LEAP Module (Version: 1.0.19)unbekannt
Cisco PEAP Module (Version: 1.1.6)unbekannt
CorelDRAW Essentials 4unnötig
CorelDRAW Essentials 4 - Content (Version: 4.0)unnötig
CorelDRAW Essentials 4 - Draw (Version: 4.0)unnötig
CorelDRAW Essentials 4 - Filters (Version: 4.0)unnötig
CorelDRAW Essentials 4 - ICA (Version: 4.0)unnötig
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0)unnötig
CorelDRAW Essentials 4 - Lang BR (Version: 4.0)unnötig
CorelDRAW Essentials 4 - Lang DE (Version: 4.0)unnötig
CorelDRAW Essentials 4 - Lang EN (Version: 4.0)unnötig
CorelDRAW Essentials 4 - Lang ES (Version: 4.0)unnötig
CorelDRAW Essentials 4 - Lang FR (Version: 4.0)unnötig
CorelDRAW Essentials 4 - Lang IT (Version: 4.0)unnötig
CorelDRAW Essentials 4 - Lang NL (Version: 4.0)unnötig
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0)unnötig
CorelDRAW Essentials 4 - Windows Shell Extensionunnötig
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1)unnötig
CorelDRAW Essentials 4 (Version: 4.0)unnötig
CyberLink LabelPrint (Version: 2.5.2602)nötig
CyberLink Power2Go (Version: 6.1.3602c)nötig
CyberLink PowerDVD Copy (Version: 1.5.1306)nötig
CyberLink YouCam (Version: 3.0.2626)nötig
D3DX10 (Version: 15.4.2368.0902)unbekannt
Die Sims 2 unnötig
DVDVideoSoftTB Toolbar (Version: 6.8.5.1)unnötig
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)unbekannt
Fiesta Online(EU_German) 1.04.000 (Version: 1.04.000)unnötig
Fish Fillets (Version: 1.00.0000)unnötig
Free YouTube Download 3 version 3.0.10.722 unnötig
Free YouTube Download New version 3.2.0.1201 (Version: 3.2.0.1201)unnötig
Free YouTube to MP3 Converter version 3.12.0.128 (Version: 3.12.0.128)unnötig
GIMP 2.6.12 (Version: 2.6.12)unnötig
Google Earth Plug-in (Version: 7.1.1.1888)unnötig
Google Toolbar for Internet Explorer (Version: 1.0.0)unbekannt
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)unbekannt
Google Update Helper (Version: 1.3.21.153)unbekannt
iTunes (Version: 10.6.1.7)nötig
Java Auto Updater (Version: 2.0.2.4)unbekannt
Java(TM) 6 Update 21 (Version: 6.0.210)unbekannt
JMicron Flash Media Controller Driver (Version: 1.0.45.0)unbekannt
Junk Mail filter update (Version: 15.4.3502.0922)unnbekannt
Machinarium Demo unnötig
Medion Home Cinema (Version: 8.0.1505)unbekannt
Mesh Runtime (Version: 15.4.5722.2)unbekannt
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)unbekannt
Microsoft Application Error Reporting (Version: 12.0.6012.5000)unbekannt
Microsoft Office 2010 (Version: 14.0.4763.1000)unnötig
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)unbekannt
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000)nötig
Microsoft Silverlight (Version: 5.1.20513.0)unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)unbekannt
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)unbekannt
MSVCRT (Version: 15.4.2862.0708)unbekannt
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)unbekannt
PlayReady PC Runtime x86 (Version: 1.3.0)unbekannt
QuickTime (Version: 7.71.80.42)nötig
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.18.322.2010)unbekannt
Realtek High Definition Audio Driver (Version: 6.0.1.6132)unbekannt
REALTEK Wireless LAN Driver (Version: 1.00.0148)unbekannt
Synaptics Pointing Device Driver (Version: 15.0.18.0)unbekannt
System Control Manager (Version: 2.210.0719.M007.01)unbekannt
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)unbekannt
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)unbekannt
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)unbekannt
Versandhelfer (Version: 0.9.511)unnötig
Windows Live Communications Platform (Version: 15.4.3502.0922)unbekannt
Windows Live Essentials (Version: 15.4.3502.0922)unbekannt
Windows Live Fotogalerie (Version: 15.4.3502.0922)nötig
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)unbekannt
Windows Live Installer (Version: 15.4.3502.0922)unbekannt
Windows Live Mail (Version: 15.4.3502.0922)unnötig
Windows Live Mesh (Version: 15.4.3502.0922)unbekannt
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)unbekannt
Windows Live Messenger (Version: 15.4.3502.0922)unnötig
Windows Live MIME IFilter (Version: 15.4.3502.0922)unbekannt
Windows Live Movie Maker (Version: 15.4.3502.0922)nötig
Windows Live Photo Common (Version: 15.4.3502.0922)unbekannt
Windows Live Photo Gallery (Version: 15.4.3502.0922)unbekannt
Windows Live PIMT Platform (Version: 15.4.3502.0922)unbekannt
Windows Live Remote Client (Version: 15.4.5722.2)unbekannt
Windows Live Remote Client Resources (Version: 15.4.5722.2)unbekannt
Windows Live Remote Service (Version: 15.4.5722.2)unbekannt
Windows Live Remote Service Resources (Version: 15.4.5722.2)unbekannt
Windows Live SOXE (Version: 15.4.3502.0922)unbekannt
Windows Live SOXE Definitions (Version: 15.4.3502.0922)unbekannt
Windows Live UX Platform (Version: 15.4.3502.0922)unbekannt
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)unbekannt
Windows Live Writer (Version: 15.4.3502.0922)unbekannt
Windows Live Writer Resources (Version: 15.4.3502.0922)unbekannt
Windows Media Encoder 9 Seriesunbekannt
Windows Media Encoder 9 Series (Version: 9.00.2980)unbekannt
Windows Mobile Device Updater Component (Version: 04.08.2345.00)unbekannt
Windows Mobile-Gerätecenter (Version: 6.1.6965.0)unbekannt
WinRAR 4.20 (32-Bit) (Version: 4.20.0)nötig
Zune (Version: 04.08.2345.00)nötig
Zune Language Pack (CHS) (Version: 04.08.2345.00)unnötig
Zune Language Pack (CHT) (Version: 04.08.2345.00)unnötig
Zune Language Pack (CSY) (Version: 04.08.2345.00)unnötig
Zune Language Pack (DAN) (Version: 04.08.2345.00)unnötig
Zune Language Pack (DEU) (Version: 04.08.2345.00)nötig
Zune Language Pack (ELL) (Version: 04.08.2345.00)unnötig
Zune Language Pack (ESP) (Version: 04.08.2345.00)unnötig
Zune Language Pack (FIN) (Version: 04.08.2345.00)unnötig
Zune Language Pack (FRA) (Version: 04.08.2345.00)unnötig
Zune Language Pack (HUN) (Version: 04.08.2345.00)unnötig
Zune Language Pack (IND) (Version: 04.08.2345.00)unnötig
Zune Language Pack (ITA) (Version: 04.08.2345.00)unnötig
Zune Language Pack (JPN) (Version: 04.08.2345.00)unnötig
Zune Language Pack (KOR) (Version: 04.08.2345.00)unnötig
Zune Language Pack (MSL) (Version: 04.08.2345.00)unnötig
Zune Language Pack (NLD) (Version: 04.08.2345.00)unnötig
Zune Language Pack (NOR) (Version: 04.08.2345.00)unnötig
Zune Language Pack (PLK) (Version: 04.08.2345.00)unnötig
Zune Language Pack (PTB) (Version: 04.08.2345.00)unnötig
Zune Language Pack (PTG) (Version: 04.08.2345.00)unnötig
Zune Language Pack (RUS) (Version: 04.08.2345.00)unnötig
Zune Language Pack (SVE) (Version: 04.08.2345.00)unnötig
Zylom Games Player Plugin unnötig
==================== Restore Points =========================
12-06-2013 19:41:52 Windows Update
02-07-2013 18:03:13 Windows Update
04-07-2013 08:14:09 Windows Update
04-07-2013 10:44:03 Windows Update
05-07-2013 11:37:11 Windows Update
11-07-2013 18:41:12 Windows Update
30-07-2013 18:19:55 Geplanter Prüfpunkt
13-08-2013 19:46:11 ComboFix created restore point
15-08-2013 17:39:08 ComboFix created restore point
==================== Hosts content: ==========================
2009-07-14 04:04 - 2013-08-15 19:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0D54CDBF-7DF3-484D-B670-12E83C378B21} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {0F3A0E4D-9681-4E7A-BE61-26A8E6AFE5CC} - System32\Tasks\User_Feed_Synchronization-{1BA62E9A-3DC8-4108-9CE8-3593643BF756} => C:\Windows\system32\msfeedssync.exe [2013-07-04] (Microsoft Corporation)
Task: {58201DC9-3E32-48A4-8069-4CE29D03C60B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {618FE2EB-840D-4CB3-AF6F-FCFA1586040B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-570605162-662666738-3914347939-1000Core => C:\Users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-22] (Facebook Inc.)
Task: {95F1A7E6-2030-49AD-8CF7-A89AA8AD0D47} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {98ABB7E2-84D7-4B45-8441-DE8ED4DCDC42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.)
Task: {DC5EC3B2-32AC-4A50-BB13-522A91D2B055} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2011-05-17] ()
Task: {DF68F073-FDCD-4AD5-B6E6-CA6D5C36BA53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.)
Task: {E7859540-DB69-4447-9692-94E03C2B7D1F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-570605162-662666738-3914347939-1000UA => C:\Users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-22] (Facebook Inc.)
Task: {EA61AB10-3679-4688-81C3-D1B691FE81B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570605162-662666738-3914347939-1000Core.job => C:\Users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-570605162-662666738-3914347939-1000UA.job => C:\Users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/15/2013 07:39:26 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error: Failed to get state for bits job HResult: 0x80080008.
Error: (08/14/2013 07:59:21 PM) (Source: Application Hang) (User: )
Description: Programm iexplore.exe, Version 10.0.9200.16635 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 814
Startzeit: 01ce9917c81f8519
Endzeit: 31
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID: 32691a53-050b-11e3-a59b-406186afcfdd
Error: (08/11/2013 07:24:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0x16a0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (08/10/2013 10:10:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0x548
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (08/10/2013 08:20:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0xac4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (08/10/2013 05:47:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0x17b0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (08/10/2013 05:44:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0x1150
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (08/10/2013 05:44:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0x1388
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (08/10/2013 05:40:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0x850
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (08/09/2013 04:17:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0x15cc
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
System errors:
=============
Error: (08/15/2013 07:58:12 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (08/15/2013 07:48:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/15/2013 07:45:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/15/2013 07:40:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/15/2013 07:39:56 PM) (Source: DCOM) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
Error: (08/13/2013 10:18:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/13/2013 09:56:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/13/2013 09:48:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (08/13/2013 09:17:03 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 13.08.2013 um 21:09:58 unerwartet heruntergefahren.
Error: (08/12/2013 06:40:15 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 12.08.2013 um 18:08:43 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
Error: (08/15/2013 07:39:26 PM) (Source: CVHSVC)(User: )
Description: Error: Failed to get state for bits job HResult: 0x80080008.
Error: (08/14/2013 07:59:21 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1663581401ce9917c81f851931C:\Program Files\Internet Explorer\iexplore.exe32691a53-050b-11e3-a59b-406186afcfdd
Error: (08/11/2013 07:24:39 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b60c00000050003224d16a001ce96b75bec8d41C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlle6aedb84-02aa-11e3-9f4e-406186afcfdd
Error: (08/10/2013 10:10:48 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b60c00000050003224d54801ce96050d69f13fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllf2076a95-01f8-11e3-9e0c-406186afcfdd
Error: (08/10/2013 08:20:42 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b60c00000050003224dac401ce95ece6fc14abC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll909d7bf9-01e9-11e3-9e0c-406186afcfdd
Error: (08/10/2013 05:47:58 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b60c00000050003224d17b001ce95e0896c9121C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll3a6983b2-01d4-11e3-9555-406186afcfdd
Error: (08/10/2013 05:44:43 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b60c00000050003224d115001ce95e080b650feC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllc5d4e72b-01d3-11e3-9555-406186afcfdd
Error: (08/10/2013 05:44:28 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b60c00000050003224d138801ce95e000dfafc3C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllbd3a6cdc-01d3-11e3-9555-406186afcfdd
Error: (08/10/2013 05:40:54 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b60c00000050003224d85001ce95dc5ae297b3C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll3db7c12b-01d3-11e3-9555-406186afcfdd
Error: (08/09/2013 04:17:57 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b60c00000050003224d15cc01ce95021e8fcd12C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll7cb54951-00fe-11e3-9548-406186afcfdd
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 3071.24 MB
Available physical RAM: 1840.76 MB
Total Pagefile: 6140.77 MB
Available Pagefile: 4884.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.73 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:336.41 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:30.77 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B8FA3ECD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
21.08.2013, 13:54
| #14 |
| /// Malware-holic | Windows 7: Weißer Sperrbildschirm - GVU Trojaner? Hi, erst mal sorry, war unerwarteter Weise nicht zuhause. Es sind 4 Logs zu erstellen, poste diese möglichst gleichzeitig. Falls bei der Deinstalation was nicht klappt, nutze Rewo: Revo Uninstaller - Download - Filepony 1. deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: ALDI Ashampoo : alle falls nich von dir verwendet. Ask AVG PC TuneUp Aztec CorelDRAW : alle Die Sims DVDVideoSoftTB Facebook Video Fiesta Fish Free YouTube : alle GIMP Google : alle Java(TM) downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Machinarium Medion Versandhelfer Zylom Neustarten. 2. Downloade Dir bitte  Malwarebytes Anti-Malware
Neustarten. 3. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Neustarten. 4. Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Neustarten. 5. Hitman Pro - Download - Filepony Hitmanpro laden, doppelklicken, Scan klicken. Log speichern und posten, bzw als XML exportieren, packen und anhängen. Hitmanpro schließen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.08.2013, 20:14
| #15 |
| | Windows 7: Weißer Sperrbildschirm - GVU Trojaner? Kein Problem, ich bin froh dass du mir überhaupt hilfst Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.25.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16660 Lea :: LEA-PC [Administrator] 25.08.2013 20:21:28 mbam-log-2013-08-25 (20-21-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214775 Laufzeit: 8 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 5 C:\Users\Lea\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lea\AppData\Roaming\OpenCandy\90071C067AC34BC0AE8BEC1996901685 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lea\AppData\Roaming\OpenCandy\D238C6DAFBEF43CC9028D9705780909C (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lea\AppData\Roaming\OpenCandy\OpenCandy_90071C067AC34BC0AE8BEC1996901685 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lea\AppData\Roaming\OpenCandy\OpenCandy_D238C6DAFBEF43CC9028D9705780909C (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 5 C:\Users\Lea\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lea\AppData\Roaming\OpenCandy\90071C067AC34BC0AE8BEC1996901685\$tmp (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lea\AppData\Roaming\OpenCandy\90071C067AC34BC0AE8BEC1996901685\IE9-Windows7-x86-deu.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lea\AppData\Roaming\OpenCandy\D238C6DAFBEF43CC9028D9705780909C\TuneUp_OpenCandy_PC_2.4.4.3_CMPID_319.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lea\AppData\Roaming\OpenCandy\D238C6DAFBEF43CC9028D9705780909C\TuneUp_OpenCandy_PC_2.4.4.3_CMPID_319_p10v0.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.001 - Report created 25/08/2013 at 20:43:55
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Lea - LEA-PC
# Running from : C:\Users\Lea\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Lea\AppData\Local\Conduit
Folder Deleted : C:\Users\Lea\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lea\AppData\LocalLow\PriceGong
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Conduit
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Google Chrome v22.0.1229.95
[ File : C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4025 octets] - [25/08/2013 20:42:37]
AdwCleaner[S0].txt - [3754 octets] - [25/08/2013 20:43:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3814 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x86
Ran by Lea on 25.08.2013 at 20:57:46,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6E45FE74-C720-4649-A52B-E2E3DFFCC642}
~~~ Files
Successfully deleted: [File] C:\Windows\system32\sho6843.tmp
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{02A61EA0-9D27-49EE-9B67-5511D09CEA68}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{0D61B33F-8A5C-48D5-9C62-11DE0DEFC6BE}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{188A1FEE-E25A-44AD-90C9-C48FC5CA9D08}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{19590F9D-B8D7-465B-9C7E-4ECF86AA0ED2}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{1CC30A80-300E-4C0A-B305-4E63E4E26B85}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{1EA982E9-5C01-4B19-8F68-BF90DD3D617C}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{264D9B18-F3BB-4651-B666-596C71F166CE}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{2A90A167-7D12-427A-B6FF-00090BF126CE}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{2E87460E-113D-4B03-91C4-03748B5D6C57}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{48080153-8505-4E8F-9509-F6CDF57B3E50}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{52329F4C-46AD-4550-8631-FE13D2623094}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{52D4C677-4890-4957-8920-2898B30E0670}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{5DC92E10-42D0-4CDE-A9A9-44276954FFD9}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{7D049CA1-9E35-47D1-A4EF-E7102EC978EB}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{7D63E94C-241B-4105-A178-DD8DA49D2BD4}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{8839173C-BE58-42C7-991D-6524B0CB679D}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{88A325D7-1FD1-47F2-B981-143741260289}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{9390914A-4EB5-480B-A5FF-E24FCE83E1B7}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{AFE50F84-61B4-4345-B10F-7EBAEA01B04E}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{B2361B6C-3C8C-41EA-9F5D-FD9BB255E70D}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{B35669D5-ACB9-4F0F-8760-852BAA89A68B}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{C1CA53FC-C417-474D-B660-BD1F35AE1117}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{C830D56A-5E7F-4A77-A3B5-5B97610D8559}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{CBE7E9C3-B5B0-446F-9D1D-B08319DC3BF0}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{D3CB845F-3492-4BAE-821B-A9B20100A32D}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{D8D226A8-2038-40C4-9A20-ECA8B8E0D9B2}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{DF06E481-3AAC-43AE-8A16-8A33A7C0C449}
Successfully deleted: [Empty Folder] C:\Users\Lea\appdata\local\{FB47977E-77C7-4C77-AC58-BD97D23A08DC}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.08.2013 at 20:59:32,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter HitmanPro 3.7.7.203
www.hitmanpro.com
Computer name . . . . : LEA-PC
Windows . . . . . . . : 6.1.1.7601.X86/2
User name . . . . . . : Lea-PC\Lea
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-08-25 21:04:44
Scan mode . . . . . . : Normal
Scan duration . . . . : 4m 48s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 6
Traces . . . . . . . : 758
Objects scanned . . . : 1.357.120
Files scanned . . . . : 46.895
Remnants scanned . . : 628.897 files / 681.328 keys
Malware _____________________________________________________________________
C:\Users\Lea\AppData\Local\temp\Quarantine.exe
Size . . . . . . . : 328.019 bytes
Age . . . . . . . : 4.4 days (2013-08-21 12:20:01)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 03AAF43021ED01168E76F9CAA6B7E0342A91B4767A0061B2CF5C9353411CDC8D
Version . . . . . : 3.0.0.1
> Ikarus . . . . . . : Gen.Trojan.Heur!IK
Fuzzy . . . . . . : 113.0
Potential Unwanted Programs _________________________________________________
HKU\.DEFAULT\Software\AskToolbar\ (AskBar)
HKU\S-1-5-18\Software\AskToolbar\ (AskBar)
Cookies _____________________________________________________________________
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\073F7F2B.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\147IN3QU.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\1AKPZXJ2.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\1H4XZLGM.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\1QQXXDQ4.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\1X5Y43FF.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\2WD2S59X.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\3JQBAQNC.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\3TMXUGA2.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\40CQ8SXK.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\4CUKT2X6.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\4Y46TZWP.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\4Y4RFBSK.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\4ZNU6O2X.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\5BU4EPS6.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\5KRARRYN.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\5RAJCDIA.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\6311S2V9.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\6312FPYY.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\68Y6PMO5.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\76L2YCM7.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\77NQLHTZ.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\7A73U1E7.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\80CNQ9Q2.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\8FEQQCWL.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\9REOVDKW.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\9RPEX80W.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\A2IY52SX.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\AHJY4P72.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\AJSURPHQ.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\ASFGJ34B.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\B10GM634.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\B1IUO6RS.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\BDP5YRJA.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\BV30FTE9.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\C2GH6K72.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\CALR302A.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\COUQ9671.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\CWDOQ2YQ.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\D0XJFII8.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\DO6X0933.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\EMEPCUTJ.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\FFVW0TFD.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\FQFJ3UJE.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\GGLXD5M2.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\GIM1BHCS.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\GKW409WU.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\GLZ4EA1A.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\GP944CT4.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\GQE0A2SJ.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\H6P2SBWE.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\HS1KUZXU.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\HZPAIAD7.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\ITXLBO6N.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\IUAMP4H5.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\JI1WT84E.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\JJPXFDR4.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\KIM2QXBV.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\KLLONOBJ.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\KPEQ1K6A.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\L2VL1SS9.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\L7VSYWAU.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\L8LYCWQ3.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\LILSYMC4.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\LSRGJNWX.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\M1HBBOY0.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\MBOEZ8M3.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\MISALZUY.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\MT5V74KF.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\MY1QHZEX.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\N5OM15H8.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\N9MASPSN.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\NK7H8S3E.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\OBQ8I6DS.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\OLCH96V3.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\P08P220F.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\P7S8UXF3.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\P7UBK5AP.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\PRFU8UAI.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\PY76ZGYW.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\Q3DEXSXQ.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\Q5ULVAV4.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\Q8K97HA0.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\QKH6B37C.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\R6CTDTUS.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\RV3V0XND.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\SMKXJ6T0.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\SOD0R79H.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\SRZ4U6V0.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\SY7V88ZL.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\U4HEK8SK.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\U9OWIADZ.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\UFTXZB75.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\UH9PB99S.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\UKAOY23N.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\UKEGGK4J.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\VB47N56P.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\VHGRLDOM.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\VHO2D68U.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\VNQ4A9TP.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\W0Z5XKRS.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\XAY0Z9CK.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\XC1FZ4EC.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\XTE9K3QU.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\Z55FAFHF.txt
C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Cookies\Z8OIMX5N.txt
Geändert von Sarea (25.08.2013 um 20:22 Uhr) |
|
| Themen zu Windows 7: Weißer Sperrbildschirm - GVU Trojaner? |
| abgesicherte, abgesicherten, abgesicherten modus, erschein, hochfahren, pup.optional.opencandy, runter, starte, starten, trojan.agent, trojan.agent.tpl, trojan.banker, trojaner, trojaner?, unterforum, verschwunden, windows, windows 7, zahlen |
WARNUNG an die MITLESER: 
