Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner? oder echt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.03.2012, 18:15   #1
adik4all
 
GVU Trojaner? oder echt? - Beitrag

GVU Trojaner? oder echt?



Hallo zusammen,

ich habe sämtliche Seiten durchsucht doch leider zu meinem Fall nichts gefunden. Ich habe zwar ähnliche Trojanerbeschriebungen gelesen aber bin mir nicht sicher, ob es in meinem Fall doch eine echte Mahnung ist.

Folgendes Problem:

Sobald mein Windowssystem geladen wird erhalte ich ein Bildschirm mit der Meldung:

Please wait while the connection is beeing established.
Bitte warten Sie während die Verbindung hergestellt wird

Anschließend erfolgt eine bereits bekannte Darstellung und nahezu in gleichem Wortlaut wie bei dem GEMA-Trojaner, allerdings mit der GVU als Ursachenträger.

Ihr Computer wurde von der GVU gesperrt.

Auf Ihrem Computer wurden illegal heruntergeladene Medien ("Raubkopien") gefunden.

....bestrafung mit Freiheitsstrafe...Mahngebühr von 50 € bezahlbar durch paysafecard....

Das Logo der GVU und Bundesamt für Sicherheit in der Informationstechnik schmücken das Ganze.

Ich vermute (hoffe), dass es sich um ein Trojaner handelt. Kann mir das jemand bestätigen?

Wenn ja, wäre es echt super wenn mir jemand über mein weiteres Vorgehen berichten könnte.

Bzw. würde folgende Anleitung zielführend sein?

http://www.trojaner-board.de/111836-...-trojaner.html
Post 2.

Mein Betriebssystem: Windows 7

Vielen Dank im Vorraus, ihr seid super.

Adik

Alt 20.03.2012, 18:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Alt 20.03.2012, 20:02   #3
adik4all
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



Hallo Arne,

danke für die schnelle Antwort, leider hilft dein Tipp nicht.
Immernoch der gleiche Screen.

Kann man den schon sagen, ob es ein Virus ist, oder ob es doch "echt" ist?

Anbei ein "Screenshot"

Gruß,

Adik
__________________

Geändert von adik4all (20.03.2012 um 20:49 Uhr)

Alt 21.03.2012, 14:46   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



Liegt doch auf der Hand, dass das NICHT von der GVU ist!

Hast du einen zweiten PC zur Verfügung? Dieser sollte sauber sein. Es geht auch ein nicht-Windows-Rechner mit Brenner. Wenn nicht evtl. mal Nachbar oder Kumpel fragen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2012, 16:39   #5
adik4all
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



Hi, dann bin ich ja beruhigt.

Ja ich habe hier ein zweitrechner mit Windows XP als Betriebssystem.

Was rätst du mir als nächstes zu tun?

Gruß,

Adik


Alt 21.03.2012, 17:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
__________________
--> GVU Trojaner? oder echt?

Alt 21.03.2012, 19:55   #7
adik4all
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



OK danke für die Anleitung, ich habe diese befolgt


Der Inhalt lautet wir folgt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/21/2012 7:24:12 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 144.47 Gb Free Space | 62.04% Space Free | Partition Type: NTFS
Drive D: | 218.23 Gb Total Space | 124.13 Gb Free Space | 56.88% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/09/17 15:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto] -- C:\Windows\System32\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/04 08:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/10/13 11:25:32 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/11 08:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 08:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/31 11:08:14 | 000,080,896 | ---- | M] () [Auto] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/04/05 06:55:01 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/15 12:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/15 14:02:19 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/11/01 05:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 05:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 05:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/11/01 05:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 05:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/11/01 05:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/10/11 09:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/10/11 09:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2010/06/25 11:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009/11/01 14:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/04 21:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/04 01:39:08 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/08/21 02:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/07/20 05:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/26 16:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/20 04:11:06 | 001,799,680 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/12 21:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/23 21:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/03 10:05:18 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2007/07/03 10:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007/07/03 10:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2007/07/03 10:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 52 B2 05 81 F1 CB 01  [binary data]
IE - HKU\Adik_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Adik_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adik\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adik\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2011/05/24 13:27:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/10 15:04:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/01/30 12:21:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/20 05:09:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/18 05:10:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/30 12:21:51 | 000,000,000 | ---D | M]
 
[2011/02/20 13:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adik\AppData\Roaming\Mozilla\Extensions
[2011/08/04 14:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adik\AppData\Roaming\Mozilla\Firefox\Profiles\gynvhsc1.default\extensions
[2012/03/18 19:05:57 | 000,001,056 | ---- | M] () -- C:\Users\Adik\AppData\Roaming\Mozilla\Firefox\Profiles\gynvhsc1.default\searchplugins\icqplugin.xml
[2011/02/20 15:34:57 | 000,002,057 | ---- | M] () -- C:\Users\Adik\AppData\Roaming\Mozilla\Firefox\Profiles\gynvhsc1.default\searchplugins\youtube-videosuche.xml
[2011/11/14 17:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- 
[2012/03/20 05:09:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/14 14:16:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/24 13:19:02 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/14 14:16:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/14 14:16:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/14 14:16:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/14 14:16:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/14 14:16:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Adik_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKU\Adik_ON_C..\Run: []  File not found
O4 - HKU\Adik_ON_C..\Run: [4rJHeEXlxs54kFa] C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: EXIF lesen - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: EXIF lesen - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Adik_ON_C Winlogon: Shell - (C:\Users\Adik\AppData\Roaming\gw45u45111.exe) - C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O20 - HKU\Adik_ON_C Winlogon: UserInit - (C:\Users\Adik\AppData\Roaming\gw45u45111.exe) - C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\Shell - "" = AutoRun
O33 - MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\Shell - "" = AutoRun
O33 - MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\Shell\AutoRun\command - "" = I:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/20 05:40:25 | 000,323,584 | ---- | C] (lpsjJ) -- C:\Users\Adik\AppData\Roaming\gw45u45111.exe
[2012/03/18 19:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/03/18 19:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012/03/18 19:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012/03/18 19:02:23 | 000,000,000 | ---D | C] -- C:\ruu_log
[2012/03/18 18:59:26 | 000,000,000 | ---D | C] -- C:\Users\Adik\Desktop\htc
[2012/03/14 18:23:42 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/03/14 18:23:41 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 18:23:40 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 09:41:42 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 09:41:42 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2012/03/14 09:41:41 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 09:41:41 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2012/03/14 09:41:41 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 09:41:41 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2012/03/14 09:41:41 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 09:41:41 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2012/03/14 09:41:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/14 09:41:41 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2012/03/13 17:41:04 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/03/13 17:41:04 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/13 17:41:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/03/13 17:41:02 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/03/13 17:41:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/03/11 07:25:31 | 000,000,000 | ---D | C] -- C:\Users\Adik\AppData\Local\ElevatedDiagnostics
[2012/03/01 10:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe
[2012/03/01 10:00:19 | 000,000,000 | ---D | C] -- C:\Users\Adik\AppData\Roaming\ultrastardx
[2012/03/01 10:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraStar Deluxe
[2012/03/01 09:00:32 | 000,000,000 | ---D | C] -- C:\Users\Adik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraStar
[2012/03/01 09:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar
[2012/03/01 09:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraStar
[1 C:\Users\Adik\Desktop\*.tmp files -> C:\Users\Adik\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/21 13:03:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/21 13:03:22 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/20 15:10:52 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 15:10:52 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 12:50:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2616729836-2362613055-2871255851-1001UA.job
[2012/03/20 05:42:51 | 000,001,950 | ---- | M] () -- C:\Windows\System32\AutoRunFilter.ini
[2012/03/20 05:40:24 | 000,323,584 | ---- | M] (lpsjJ) -- C:\Users\Adik\AppData\Roaming\gw45u45111.exe
[2012/03/19 13:33:51 | 000,697,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/03/19 13:33:51 | 000,652,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/19 13:33:51 | 000,148,346 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/03/19 13:33:51 | 000,121,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/19 09:57:14 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2616729836-2362613055-2871255851-1001Core.job
[2012/03/19 08:42:23 | 000,001,349 | ---- | M] () -- C:\Windows\System32\ServiceFilter.ini
[2012/03/18 19:09:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/03/15 12:53:24 | 000,434,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/14 18:09:49 | 000,226,231 | ---- | M] () -- C:\Users\Adik\Desktop\Fehlerhafte Bauteile.png
[2012/03/14 18:07:37 | 007,193,250 | ---- | M] () -- C:\Users\Adik\Desktop\Fehlerhafte Bauteile.pdf
[2012/03/14 17:51:19 | 000,007,771 | ---- | M] () -- C:\Users\Adik\Desktop\Rechnung_358281.pdf
[2012/03/14 14:51:33 | 000,002,399 | ---- | M] () -- C:\Users\Adik\Desktop\Google Chrome.lnk
[2012/03/01 15:52:41 | 000,000,996 | ---- | M] () -- C:\Users\Adik\Desktop\WBFS Manager 3.0.lnk
[2012/03/01 10:44:13 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\UltraStar Deluxe spielen.lnk
[2012/03/01 10:00:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe
[2012/03/01 09:00:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar
[1 C:\Users\Adik\Desktop\*.tmp files -> C:\Users\Adik\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/14 18:09:49 | 000,226,231 | ---- | C] () -- C:\Users\Adik\Desktop\Fehlerhafte Bauteile.png
[2012/03/14 17:51:18 | 000,007,771 | ---- | C] () -- C:\Users\Adik\Desktop\Rechnung_358281.pdf
[2012/03/11 15:47:19 | 007,193,250 | ---- | C] () -- C:\Users\Adik\Desktop\Fehlerhafte Bauteile.pdf
[2012/03/01 16:53:28 | 000,000,919 | ---- | C] () -- C:\Users\Adik\Desktop\Steam.lnk
[2012/03/01 10:44:13 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\UltraStar Deluxe spielen.lnk
[2011/05/01 15:59:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/02 20:06:22 | 000,003,584 | ---- | C] () -- C:\Users\Adik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 17:10:26 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/19 19:02:29 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011/02/19 11:47:43 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/07/29 01:21:06 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetWallpaper.exe
[2009/07/29 01:21:06 | 000,000,223 | ---- | C] () -- C:\ProgramData\setwallpaper.cmd
[2009/07/29 01:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/08/30 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\.minecraft
[2011/04/02 16:34:24 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Audacity
[2011/04/02 17:59:43 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Banamalon
[2012/02/15 13:49:36 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\calibre
[2012/02/12 11:31:39 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Canon
[2011/12/06 10:51:33 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\CD-LabelPrint
[2011/02/27 15:44:53 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\DAEMON Tools Lite
[2011/10/12 13:01:11 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Dropbox
[2011/03/19 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\GrabPro
[2011/03/24 13:35:10 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\ImgBurn
[2012/01/30 12:23:24 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Nokia
[2011/11/29 09:16:14 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Notepad++
[2011/03/28 14:02:44 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\OpenOffice.org
[2011/03/19 17:46:27 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\Orbit
[2011/04/02 14:49:13 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\PACE Anti-Piracy
[2012/01/30 12:24:34 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\PC Suite
[2011/03/19 17:33:56 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\ProgSense
[2011/02/19 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\TS3Client
[2012/03/10 15:29:53 | 000,000,000 | ---D | M] -- C:\Users\Adik\AppData\Roaming\ultrastardx
[2011/02/19 18:25:37 | 000,000,000 | ---D | M] -- C:\ProgramData\AmUStor
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/08/04 07:27:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Banamalon
[2011/12/06 10:49:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Canon IJ Network Tool
[2011/12/06 10:42:49 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/12/06 10:51:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonEPP
[2012/02/12 11:32:11 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJ
[2011/12/06 10:51:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX2
[2011/12/06 10:48:52 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJMSetup
[2011/12/06 12:00:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJMyPrinter
[2012/03/07 07:02:09 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2012/02/12 11:31:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2011/12/06 12:00:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenuEX
[2011/12/06 10:48:11 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt
[2011/02/27 15:41:16 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/04/05 16:02:14 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2011/04/03 15:49:51 | 000,000,000 | ---D | M] -- C:\ProgramData\KONAMI
[2011/02/19 20:08:54 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/11/19 19:19:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2011/11/19 19:17:31 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011/02/19 18:26:04 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2011/04/02 14:49:13 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2011/11/19 19:21:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/02/19 13:14:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/14 08:22:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1133 bytes -> C:\Users\Adik\AppData\Local\Anwendungsdaten:RuTpLbKOMDrSwp1WkPpu
@Alternate Data Stream - 1133 bytes -> C:\Users\Adik\AppData\Local:RuTpLbKOMDrSwp1WkPpu
@Alternate Data Stream - 1112 bytes -> C:\Users\Adik\AppData\Local\V9L4g7qjRByoI:l3xN3eeoTwxtmFtrIn6xu6
@Alternate Data Stream - 1080 bytes -> C:\Users\Adik\AppData\Local\Temp:rYv3Jet8zmyRh6bYz44tJd
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 3/21/2012 9:08:39 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 144.47 Gb Free Space | 62.04% Space Free | Partition Type: NTFS
Drive D: | 218.23 Gb Total Space | 124.13 Gb Free Space | 56.88% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
< End of report >
         
--- --- ---

[/QUOTE]

Geändert von adik4all (21.03.2012 um 20:18 Uhr)

Alt 22.03.2012, 11:38   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 52 B2 05 81 F1 CB 01  [binary data]
IE - HKU\Adik_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
[2011/05/24 13:19:02 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Adik_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKU\Adik_ON_C..\Run: []  File not found
O4 - HKU\Adik_ON_C..\Run: [4rJHeEXlxs54kFa] C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\Adik_ON_C Winlogon: Shell - (C:\Users\Adik\AppData\Roaming\gw45u45111.exe) - C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O20 - HKU\Adik_ON_C Winlogon: UserInit - (C:\Users\Adik\AppData\Roaming\gw45u45111.exe) - C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\Shell - "" = AutoRun
O33 - MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\Shell - "" = AutoRun
O33 - MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\Shell\AutoRun\command - "" = I:\autorun.exe
@Alternate Data Stream - 1133 bytes -> C:\Users\Adik\AppData\Local\Anwendungsdaten:RuTpLbKOMDrSwp1WkPpu
@Alternate Data Stream - 1133 bytes -> C:\Users\Adik\AppData\Local:RuTpLbKOMDrSwp1WkPpu
@Alternate Data Stream - 1112 bytes -> C:\Users\Adik\AppData\Local\V9L4g7qjRByoI:l3xN3eeoTwxtmFtrIn6xu6
@Alternate Data Stream - 1080 bytes -> C:\Users\Adik\AppData\Local\Temp:rYv3Jet8zmyRh6bYz44tJd
:Files
C:\Users\Adik\AppData\Roaming\gw45u45111.exe
:Commands
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.03.2012, 15:16   #9
adik4all
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



Hallo Arne vielen vielen Dank für deine Hilfe,

ich habe deine Anweisung befolgt und das Zip hochgeladen.

Ist mein Rechner jetzt wieder "sauber" oder gibt es noch etwas zu tun?

Soll ich den Rechner sicherheitshalber formatieren?

Zuletzt stelle ich mir die Frage, mein Antiviren-Programm zu wechseln, da ich zuvor Antivir benutzt habe und dieses den Virus ja nicht entdeckt hat. Kennst du eine gute Preiswerte Alternative?

Riesen Dank!!!


Hier noch die FIX-Log:

Code:
ATTFilter
:OTL
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 52 B2 05 81 F1 CB 01  [binary data]
IE - HKU\Adik_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
[2011/05/24 13:19:02 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Adik_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKU\Adik_ON_C..\Run: []  File not found
O4 - HKU\Adik_ON_C..\Run: [4rJHeEXlxs54kFa] C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKU\Adik_ON_C Winlogon: Shell - (C:\Users\Adik\AppData\Roaming\gw45u45111.exe) - C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O20 - HKU\Adik_ON_C Winlogon: UserInit - (C:\Users\Adik\AppData\Roaming\gw45u45111.exe) - C:\Users\Adik\AppData\Roaming\gw45u45111.exe (lpsjJ)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\Shell - "" = AutoRun
O33 - MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\Shell - "" = AutoRun
O33 - MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\Shell\AutoRun\command - "" = I:\autorun.exe
@Alternate Data Stream - 1133 bytes -> C:\Users\Adik\AppData\Local\Anwendungsdaten:RuTpLbKOMDrSwp1WkPpu
@Alternate Data Stream - 1133 bytes -> C:\Users\Adik\AppData\Local:RuTpLbKOMDrSwp1WkPpu
@Alternate Data Stream - 1112 bytes -> C:\Users\Adik\AppData\Local\V9L4g7qjRByoI:l3xN3eeoTwxtmFtrIn6xu6
@Alternate Data Stream - 1080 bytes -> C:\Users\Adik\AppData\Local\Temp:rYv3Jet8zmyRh6bYz44tJd
:Files
C:\Users\Adik\AppData\Roaming\gw45u45111.exe
:Commands
[resethosts]
         

Alt 23.03.2012, 21:40   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



Zitat:
Soll ich den Rechner sicherheitshalber formatieren?
Entweder oder! Entscheide dich für eine Berenigung oder eine Neuinstalaltion, aber man macht keine sinnfreie aufwändige Analyse wenn du eh alles plätten willst.
Und du hast kein Fixlog gepostet, sondern mein Fixscript!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.03.2012, 12:22   #11
adik4all
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



Hi Arne,

klingt logisch. Es ist in meinem Interesse, den PC nicht zu formatieren. Ich kenne mich in diesem Bereich nicht aus, deshalb frage ich hier ja um Hilfe.

Sorry für das falsche File, hatte wohl einen Kopierfehler. Anbei das fix-log.

Wie geht's jetzt weiter?

Code:
ATTFilter
========== OTL ==========
HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\Adik_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\Adik_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "YouTube-Videosuche" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
File C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
File C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\Adik_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
File WebPrint EX\ewpexhlp.dll not found.
Registry key HKEY_USERS\Adik_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Adik_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
C:\Users\Adik\AppData\Roaming\gw45u45111.exe moved successfully.
Registry key HKEY_USERS\LocalService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Adik_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\Adik_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Adik\AppData\Roaming\gw45u45111.exe deleted successfully.
File C:\Users\Adik\AppData\Roaming\gw45u45111.exe not found.
Registry value HKEY_USERS\Adik_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Adik\AppData\Roaming\gw45u45111.exe deleted successfully.
File C:\Users\Adik\AppData\Roaming\gw45u45111.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e063918-5e24-11e0-a25e-e0cb4e10c948}\ not found.
File "F:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a04e5898-48dd-11e0-9657-e0cb4e10c948}\ not found.
File I:\autorun.exe not found.
Unable to delete ADS C:\Users\Adik\AppData\Local\Anwendungsdaten:RuTpLbKOMDrSwp1WkPpu .
ADS C:\Users\Adik\AppData\Local:RuTpLbKOMDrSwp1WkPpu deleted successfully.
ADS C:\Users\Adik\AppData\Local\V9L4g7qjRByoI:l3xN3eeoTwxtmFtrIn6xu6 deleted successfully.
ADS C:\Users\Adik\AppData\Local\Temp:rYv3Jet8zmyRh6bYz44tJd deleted successfully.
========== FILES ==========
File\Folder C:\Users\Adik\AppData\Roaming\gw45u45111.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 03232012_164717
         
Gruß Adik

Alt 24.03.2012, 18:44   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.03.2012, 13:25   #13
adik4all
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



Hallo Arne, anbei der Report von Kaspersky
Code:
ATTFilter
13:21:00.0710 2944	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
13:21:00.0813 2944	============================================================
13:21:00.0813 2944	Current date / time: 2012/03/25 13:21:00.0813
13:21:00.0813 2944	SystemInfo:
13:21:00.0813 2944	
13:21:00.0813 2944	OS Version: 6.1.7600 ServicePack: 0.0
13:21:00.0813 2944	Product type: Workstation
13:21:00.0814 2944	ComputerName: ADIK-PC
13:21:00.0814 2944	UserName: Adik
13:21:00.0814 2944	Windows directory: C:\Windows
13:21:00.0814 2944	System windows directory: C:\Windows
13:21:00.0814 2944	Running under WOW64
13:21:00.0814 2944	Processor architecture: Intel x64
13:21:00.0814 2944	Number of processors: 2
13:21:00.0814 2944	Page size: 0x1000
13:21:00.0814 2944	Boot type: Normal boot
13:21:00.0814 2944	============================================================
13:21:01.0392 2944	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:21:01.0396 2944	\Device\Harddisk0\DR0:
13:21:01.0397 2944	MBR used
13:21:01.0397 2944	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x1D1C3000
13:21:01.0412 2944	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1EF0F000, BlocksNum 0x1B476800
13:21:01.0496 2944	Initialize success
13:21:01.0496 2944	============================================================
13:21:49.0883 3924	============================================================
13:21:49.0883 3924	Scan started
13:21:49.0883 3924	Mode: Manual; 
13:21:49.0883 3924	============================================================
13:21:50.0282 3924	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:21:50.0287 3924	1394ohci - ok
13:21:50.0419 3924	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:21:50.0420 3924	ACDaemon - ok
13:21:50.0513 3924	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:21:50.0517 3924	ACPI - ok
13:21:50.0544 3924	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:21:50.0546 3924	AcpiPmi - ok
13:21:50.0581 3924	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:21:50.0588 3924	adp94xx - ok
13:21:50.0623 3924	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:21:50.0628 3924	adpahci - ok
13:21:50.0649 3924	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:21:50.0653 3924	adpu320 - ok
13:21:50.0689 3924	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:21:50.0690 3924	AeLookupSvc - ok
13:21:50.0732 3924	AFBAgent        (fb2be0bae9b3f248080cdbf91ef16c7f) C:\Windows\system32\FBAgent.exe
13:21:50.0735 3924	AFBAgent - ok
13:21:50.0790 3924	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:21:50.0795 3924	AFD - ok
13:21:50.0839 3924	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:21:50.0842 3924	agp440 - ok
13:21:50.0914 3924	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:21:50.0915 3924	ALG - ok
13:21:50.0960 3924	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:21:50.0963 3924	aliide - ok
13:21:50.0995 3924	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:21:50.0997 3924	amdide - ok
13:21:51.0030 3924	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:21:51.0032 3924	AmdK8 - ok
13:21:51.0053 3924	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:21:51.0056 3924	AmdPPM - ok
13:21:51.0100 3924	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:21:51.0103 3924	amdsata - ok
13:21:51.0139 3924	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:21:51.0143 3924	amdsbs - ok
13:21:51.0172 3924	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:21:51.0172 3924	amdxata - ok
13:21:51.0226 3924	AmUStor         (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
13:21:51.0228 3924	AmUStor - ok
13:21:51.0318 3924	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:21:51.0319 3924	AntiVirSchedulerService - ok
13:21:51.0357 3924	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:21:51.0358 3924	AntiVirService - ok
13:21:51.0460 3924	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:21:51.0462 3924	AppID - ok
13:21:51.0463 3924	Scan interrupted by user!
13:21:51.0463 3924	Scan interrupted by user!
13:21:51.0463 3924	Scan interrupted by user!
13:21:51.0463 3924	============================================================
13:21:51.0464 3924	Scan finished
13:21:51.0464 3924	============================================================
13:21:51.0472 2268	Detected object count: 0
13:21:51.0472 2268	Actual detected object count: 0
13:22:36.0267 2684	============================================================
13:22:36.0267 2684	Scan started
13:22:36.0267 2684	Mode: Manual; SigCheck; TDLFS; 
13:22:36.0267 2684	============================================================
13:22:36.0540 2684	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:22:36.0612 2684	1394ohci - ok
13:22:36.0721 2684	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:22:37.0376 2684	ACDaemon - ok
13:22:37.0465 2684	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:22:37.0480 2684	ACPI - ok
13:22:37.0496 2684	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:22:37.0531 2684	AcpiPmi - ok
13:22:37.0588 2684	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:22:37.0606 2684	adp94xx - ok
13:22:37.0636 2684	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:22:37.0651 2684	adpahci - ok
13:22:37.0733 2684	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:22:37.0746 2684	adpu320 - ok
13:22:37.0795 2684	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:22:37.0844 2684	AeLookupSvc - ok
13:22:37.0915 2684	AFBAgent        (fb2be0bae9b3f248080cdbf91ef16c7f) C:\Windows\system32\FBAgent.exe
13:22:37.0929 2684	AFBAgent - ok
13:22:37.0984 2684	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:22:38.0016 2684	AFD - ok
13:22:38.0099 2684	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:22:38.0110 2684	agp440 - ok
13:22:38.0163 2684	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:22:38.0190 2684	ALG - ok
13:22:38.0253 2684	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:22:38.0264 2684	aliide - ok
13:22:38.0275 2684	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:22:38.0285 2684	amdide - ok
13:22:38.0297 2684	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:22:38.0339 2684	AmdK8 - ok
13:22:38.0380 2684	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:22:38.0414 2684	AmdPPM - ok
13:22:38.0470 2684	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:22:38.0481 2684	amdsata - ok
13:22:38.0520 2684	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:22:38.0533 2684	amdsbs - ok
13:22:38.0564 2684	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:22:38.0574 2684	amdxata - ok
13:22:38.0640 2684	AmUStor         (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
13:22:38.0683 2684	AmUStor - ok
13:22:38.0754 2684	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:22:38.0777 2684	AntiVirSchedulerService - ok
13:22:38.0793 2684	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:22:38.0802 2684	AntiVirService - ok
13:22:38.0874 2684	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:22:38.0919 2684	AppID - ok
13:22:38.0962 2684	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:22:39.0006 2684	AppIDSvc - ok
13:22:39.0081 2684	Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
13:22:39.0122 2684	Appinfo - ok
13:22:39.0185 2684	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:22:39.0198 2684	arc - ok
13:22:39.0231 2684	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:22:39.0244 2684	arcsas - ok
13:22:39.0357 2684	ASLDRService    (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
13:22:39.0366 2684	ASLDRService - ok
13:22:39.0477 2684	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:22:39.0486 2684	aspnet_state - ok
13:22:39.0540 2684	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:22:39.0588 2684	AsyncMac - ok
13:22:39.0613 2684	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:22:39.0623 2684	atapi - ok
13:22:39.0678 2684	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
13:22:39.0752 2684	athr - ok
13:22:39.0859 2684	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:22:39.0904 2684	AudioEndpointBuilder - ok
13:22:39.0916 2684	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:22:39.0960 2684	AudioSrv - ok
13:22:40.0092 2684	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
13:22:40.0101 2684	avgntflt - ok
13:22:40.0175 2684	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
13:22:40.0184 2684	avipbb - ok
13:22:40.0265 2684	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:22:40.0273 2684	avkmgr - ok
13:22:40.0355 2684	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
13:22:40.0388 2684	AxInstSV - ok
13:22:40.0448 2684	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:22:40.0486 2684	b06bdrv - ok
13:22:40.0580 2684	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:22:40.0614 2684	b57nd60a - ok
13:22:40.0669 2684	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:22:40.0701 2684	BDESVC - ok
13:22:40.0797 2684	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:22:40.0852 2684	Beep - ok
13:22:40.0949 2684	BFE             (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
13:22:41.0015 2684	BFE - ok
13:22:41.0073 2684	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
13:22:41.0145 2684	BITS - ok
13:22:41.0237 2684	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:22:41.0289 2684	blbdrive - ok
13:22:41.0370 2684	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:22:41.0399 2684	bowser - ok
13:22:41.0452 2684	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:22:41.0480 2684	BrFiltLo - ok
13:22:41.0505 2684	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:22:41.0521 2684	BrFiltUp - ok
13:22:41.0560 2684	Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:22:41.0612 2684	Browser - ok
13:22:41.0662 2684	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:22:41.0687 2684	Brserid - ok
13:22:41.0697 2684	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:22:41.0722 2684	BrSerWdm - ok
13:22:41.0816 2684	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:22:41.0853 2684	BrUsbMdm - ok
13:22:41.0863 2684	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:22:41.0890 2684	BrUsbSer - ok
13:22:42.0150 2684	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:22:42.0199 2684	BTHMODEM - ok
13:22:42.0311 2684	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:22:42.0412 2684	bthserv - ok
13:22:42.0543 2684	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:22:42.0595 2684	cdfs - ok
13:22:42.0708 2684	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:22:42.0741 2684	cdrom - ok
13:22:42.0810 2684	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:22:42.0864 2684	CertPropSvc - ok
13:22:42.0951 2684	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:22:42.0967 2684	circlass - ok
13:22:43.0024 2684	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:22:43.0043 2684	CLFS - ok
13:22:43.0111 2684	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:22:43.0121 2684	clr_optimization_v2.0.50727_32 - ok
13:22:43.0173 2684	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:22:43.0182 2684	clr_optimization_v2.0.50727_64 - ok
13:22:43.0305 2684	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:22:43.0315 2684	clr_optimization_v4.0.30319_32 - ok
13:22:43.0362 2684	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:22:43.0372 2684	clr_optimization_v4.0.30319_64 - ok
13:22:43.0470 2684	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:22:43.0496 2684	CmBatt - ok
13:22:43.0515 2684	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:22:43.0527 2684	cmdide - ok
13:22:43.0574 2684	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
13:22:43.0612 2684	CNG - ok
13:22:43.0681 2684	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:22:43.0692 2684	Compbatt - ok
13:22:43.0740 2684	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:22:43.0771 2684	CompositeBus - ok
13:22:43.0819 2684	COMSysApp - ok
13:22:43.0861 2684	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:22:43.0873 2684	crcdisk - ok
13:22:43.0920 2684	CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
13:22:43.0970 2684	CryptSvc - ok
13:22:44.0071 2684	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:22:44.0123 2684	DcomLaunch - ok
13:22:44.0238 2684	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:22:44.0293 2684	defragsvc - ok
13:22:44.0331 2684	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:22:44.0356 2684	DfsC - ok
13:22:44.0408 2684	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:22:44.0442 2684	Dhcp - ok
13:22:44.0483 2684	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:22:44.0531 2684	discache - ok
13:22:44.0620 2684	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:22:44.0632 2684	Disk - ok
13:22:44.0682 2684	Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
13:22:44.0717 2684	Dnscache - ok
13:22:44.0749 2684	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:22:44.0807 2684	dot3svc - ok
13:22:44.0859 2684	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:22:44.0909 2684	DPS - ok
13:22:44.0992 2684	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:22:45.0015 2684	drmkaud - ok
13:22:45.0081 2684	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:22:45.0105 2684	DXGKrnl - ok
13:22:45.0132 2684	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:22:45.0183 2684	EapHost - ok
13:22:45.0298 2684	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:22:45.0416 2684	ebdrv - ok
13:22:45.0505 2684	EFS             (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
13:22:45.0527 2684	EFS - ok
13:22:45.0584 2684	ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
13:22:45.0619 2684	ehRecvr - ok
13:22:45.0644 2684	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:22:45.0675 2684	ehSched - ok
13:22:45.0792 2684	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:22:45.0814 2684	elxstor - ok
13:22:45.0825 2684	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:22:45.0858 2684	ErrDev - ok
13:22:45.0981 2684	ETD             (1299d1ea00b7a4bf69c5869dca31e0f6) C:\Windows\system32\DRIVERS\ETD.sys
13:22:45.0994 2684	ETD - ok
13:22:46.0037 2684	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:22:46.0091 2684	EventSystem - ok
13:22:46.0190 2684	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:22:46.0245 2684	exfat - ok
13:22:46.0276 2684	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:22:46.0332 2684	fastfat - ok
13:22:46.0432 2684	Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:22:46.0475 2684	Fax - ok
13:22:46.0557 2684	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:22:46.0586 2684	fdc - ok
13:22:46.0624 2684	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:22:46.0661 2684	fdPHost - ok
13:22:46.0678 2684	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:22:46.0731 2684	FDResPub - ok
13:22:46.0802 2684	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:22:46.0814 2684	FileInfo - ok
13:22:46.0831 2684	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:22:46.0878 2684	Filetrace - ok
13:22:46.0912 2684	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:22:46.0938 2684	flpydisk - ok
13:22:46.0969 2684	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:22:46.0985 2684	FltMgr - ok
13:22:47.0032 2684	FontCache       (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
13:22:47.0096 2684	FontCache - ok
13:22:47.0157 2684	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:22:47.0165 2684	FontCache3.0.0.0 - ok
13:22:47.0212 2684	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:22:47.0224 2684	FsDepends - ok
13:22:47.0236 2684	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:22:47.0247 2684	Fs_Rec - ok
13:22:47.0305 2684	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:22:47.0322 2684	fvevol - ok
13:22:47.0352 2684	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:22:47.0364 2684	gagp30kx - ok
13:22:47.0406 2684	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:22:47.0453 2684	gpsvc - ok
13:22:47.0495 2684	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:22:47.0517 2684	hcw85cir - ok
13:22:47.0619 2684	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:22:47.0650 2684	HdAudAddService - ok
13:22:47.0752 2684	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:22:47.0783 2684	HDAudBus - ok
13:22:47.0805 2684	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:22:47.0825 2684	HidBatt - ok
13:22:47.0853 2684	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:22:47.0884 2684	HidBth - ok
13:22:47.0911 2684	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:22:47.0937 2684	HidIr - ok
13:22:47.0967 2684	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:22:48.0020 2684	hidserv - ok
13:22:48.0119 2684	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:22:48.0157 2684	HidUsb - ok
13:22:48.0184 2684	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:22:48.0233 2684	hkmsvc - ok
13:22:48.0317 2684	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:22:48.0333 2684	HomeGroupListener - ok
13:22:48.0366 2684	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:22:48.0399 2684	HomeGroupProvider - ok
13:22:48.0498 2684	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:22:48.0511 2684	HpSAMD - ok
13:22:48.0544 2684	HTCAND64        (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
13:22:48.0568 2684	HTCAND64 - ok
13:22:48.0673 2684	htcnprot        (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
13:22:48.0684 2684	htcnprot - ok
13:22:48.0728 2684	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:22:48.0786 2684	HTTP - ok
13:22:48.0885 2684	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:22:48.0895 2684	hwpolicy - ok
13:22:48.0934 2684	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:22:48.0949 2684	i8042prt - ok
13:22:48.0997 2684	iaStor          (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
13:22:49.0009 2684	iaStor - ok
13:22:49.0060 2684	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:22:49.0080 2684	iaStorV - ok
13:22:49.0181 2684	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:22:49.0217 2684	idsvc - ok
13:22:49.0304 2684	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:22:49.0315 2684	iirsp - ok
13:22:49.0392 2684	IJPLMSVC        (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
13:22:49.0400 2684	IJPLMSVC - ok
13:22:49.0501 2684	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:22:49.0585 2684	IKEEXT - ok
13:22:49.0719 2684	IntcAzAudAddService (9c1d5314d42b7f1bd6ad6fb1ba8870a8) C:\Windows\system32\drivers\RTKVHD64.sys
13:22:49.0765 2684	IntcAzAudAddService - ok
13:22:49.0799 2684	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:22:49.0811 2684	intelide - ok
13:22:49.0840 2684	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:22:49.0868 2684	intelppm - ok
13:22:49.0958 2684	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:22:50.0007 2684	IPBusEnum - ok
13:22:50.0044 2684	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:22:50.0098 2684	IpFilterDriver - ok
13:22:50.0166 2684	iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
13:22:50.0219 2684	iphlpsvc - ok
13:22:50.0256 2684	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:22:50.0280 2684	IPMIDRV - ok
13:22:50.0302 2684	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:22:50.0354 2684	IPNAT - ok
13:22:50.0454 2684	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:22:50.0484 2684	IRENUM - ok
13:22:50.0502 2684	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:22:50.0513 2684	isapnp - ok
13:22:50.0543 2684	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:22:50.0559 2684	iScsiPrt - ok
13:22:50.0581 2684	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:22:50.0592 2684	kbdclass - ok
13:22:50.0625 2684	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:22:50.0646 2684	kbdhid - ok
13:22:50.0742 2684	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
13:22:50.0749 2684	kbfiltr - ok
13:22:50.0787 2684	KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:22:50.0800 2684	KeyIso - ok
13:22:50.0850 2684	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
13:22:50.0863 2684	KSecDD - ok
13:22:50.0891 2684	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
13:22:50.0905 2684	KSecPkg - ok
13:22:50.0941 2684	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:22:50.0987 2684	ksthunk - ok
13:22:51.0026 2684	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:22:51.0079 2684	KtmRm - ok
13:22:51.0170 2684	L1C             (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
13:22:51.0181 2684	L1C - ok
13:22:51.0222 2684	LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
13:22:51.0246 2684	LanmanServer - ok
13:22:51.0312 2684	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:22:51.0362 2684	LanmanWorkstation - ok
13:22:51.0429 2684	LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:22:51.0461 2684	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:22:51.0461 2684	LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:22:51.0563 2684	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:22:51.0614 2684	lltdio - ok
13:22:51.0650 2684	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:22:51.0707 2684	lltdsvc - ok
13:22:51.0768 2684	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:22:51.0815 2684	lmhosts - ok
13:22:51.0896 2684	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:22:51.0910 2684	LSI_FC - ok
13:22:51.0955 2684	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:22:51.0968 2684	LSI_SAS - ok
13:22:51.0990 2684	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:22:52.0002 2684	LSI_SAS2 - ok
13:22:52.0025 2684	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:22:52.0039 2684	LSI_SCSI - ok
13:22:52.0081 2684	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:22:52.0133 2684	luafv - ok
13:22:52.0232 2684	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:22:52.0247 2684	Mcx2Svc - ok
13:22:52.0293 2684	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:22:52.0305 2684	megasas - ok
13:22:52.0324 2684	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:22:52.0341 2684	MegaSR - ok
13:22:52.0424 2684	Microsoft SharePoint Workspace Audit Service - ok
13:22:52.0498 2684	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:22:52.0545 2684	MMCSS - ok
13:22:52.0586 2684	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:22:52.0634 2684	Modem - ok
13:22:52.0717 2684	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:22:52.0739 2684	monitor - ok
13:22:52.0821 2684	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:22:52.0832 2684	mouclass - ok
13:22:52.0917 2684	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:22:52.0947 2684	mouhid - ok
13:22:53.0001 2684	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:22:53.0013 2684	mountmgr - ok
13:22:53.0050 2684	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:22:53.0064 2684	mpio - ok
13:22:53.0083 2684	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:22:53.0121 2684	mpsdrv - ok
13:22:53.0167 2684	MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
13:22:53.0245 2684	MpsSvc - ok
13:22:53.0295 2684	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:22:53.0330 2684	MRxDAV - ok
13:22:53.0410 2684	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:22:53.0437 2684	mrxsmb - ok
13:22:53.0471 2684	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:22:53.0501 2684	mrxsmb10 - ok
13:22:53.0580 2684	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:22:53.0607 2684	mrxsmb20 - ok
13:22:53.0633 2684	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:22:53.0644 2684	msahci - ok
13:22:53.0672 2684	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:22:53.0686 2684	msdsm - ok
13:22:53.0722 2684	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:22:53.0762 2684	MSDTC - ok
13:22:53.0808 2684	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:22:53.0853 2684	Msfs - ok
13:22:53.0873 2684	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:22:53.0922 2684	mshidkmdf - ok
13:22:53.0943 2684	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:22:53.0954 2684	msisadrv - ok
13:22:54.0058 2684	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:22:54.0113 2684	MSiSCSI - ok
13:22:54.0122 2684	msiserver - ok
13:22:54.0174 2684	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:22:54.0211 2684	MSKSSRV - ok
13:22:54.0221 2684	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:22:54.0266 2684	MSPCLOCK - ok
13:22:54.0290 2684	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:22:54.0337 2684	MSPQM - ok
13:22:54.0369 2684	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:22:54.0387 2684	MsRPC - ok
13:22:54.0410 2684	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:22:54.0421 2684	mssmbios - ok
13:22:54.0462 2684	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:22:54.0509 2684	MSTEE - ok
13:22:54.0519 2684	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:22:54.0544 2684	MTConfig - ok
13:22:54.0641 2684	MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
13:22:54.0648 2684	MTsensor - ok
13:22:54.0679 2684	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:22:54.0691 2684	Mup - ok
13:22:54.0729 2684	napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:22:54.0781 2684	napagent - ok
13:22:54.0896 2684	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:22:54.0934 2684	NativeWifiP - ok
13:22:54.0979 2684	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:22:55.0016 2684	NDIS - ok
13:22:55.0115 2684	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:22:55.0159 2684	NdisCap - ok
13:22:55.0189 2684	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:22:55.0236 2684	NdisTapi - ok
13:22:55.0256 2684	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:22:55.0300 2684	Ndisuio - ok
13:22:55.0330 2684	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:22:55.0369 2684	NdisWan - ok
13:22:55.0386 2684	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:22:55.0431 2684	NDProxy - ok
13:22:55.0456 2684	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:22:55.0500 2684	NetBIOS - ok
13:22:55.0528 2684	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:22:55.0576 2684	NetBT - ok
13:22:55.0674 2684	Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:22:55.0688 2684	Netlogon - ok
13:22:55.0732 2684	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:22:55.0784 2684	Netman - ok
13:22:55.0883 2684	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:55.0892 2684	NetMsmqActivator - ok
13:22:55.0905 2684	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:55.0914 2684	NetPipeActivator - ok
13:22:55.0981 2684	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:22:56.0034 2684	netprofm - ok
13:22:56.0147 2684	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:56.0156 2684	NetTcpActivator - ok
13:22:56.0169 2684	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:56.0178 2684	NetTcpPortSharing - ok
13:22:56.0252 2684	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:22:56.0265 2684	nfrd960 - ok
13:22:56.0306 2684	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:22:56.0354 2684	NlaSvc - ok
13:22:56.0448 2684	nmwcd           (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
13:22:56.0475 2684	nmwcd - ok
13:22:56.0527 2684	nmwcdc          (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
13:22:56.0561 2684	nmwcdc - ok
13:22:56.0622 2684	nmwcdnsucx64    (697ca586209e022d15dd0c838b235d6a) C:\Windows\system32\drivers\nmwcdnsucx64.sys
13:22:56.0658 2684	nmwcdnsucx64 - ok
13:22:56.0696 2684	nmwcdnsux64     (292ddf13f91f2cb2482b57aacd6aeb9b) C:\Windows\system32\drivers\nmwcdnsux64.sys
13:22:56.0726 2684	nmwcdnsux64 - ok
13:22:56.0763 2684	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:22:56.0807 2684	Npfs - ok
13:22:56.0832 2684	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:22:56.0881 2684	nsi - ok
13:22:56.0931 2684	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:22:56.0984 2684	nsiproxy - ok
13:22:57.0088 2684	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:22:57.0145 2684	Ntfs - ok
13:22:57.0186 2684	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:22:57.0234 2684	Null - ok
13:22:57.0319 2684	NVHDA           (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
13:22:57.0328 2684	NVHDA - ok
13:22:57.0579 2684	nvlddmkm        (0d3f6e25c658530a2ad4b648849f1483) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:22:57.0755 2684	nvlddmkm - ok
13:22:57.0852 2684	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:22:57.0867 2684	nvraid - ok
13:22:57.0899 2684	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:22:57.0913 2684	nvstor - ok
13:22:57.0970 2684	nvsvc           (7dd5a1a53bb2d1b1b85c9c543d05e222) C:\Windows\system32\nvvsvc.exe
13:22:57.0983 2684	nvsvc - ok
13:22:58.0035 2684	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:22:58.0049 2684	nv_agp - ok
13:22:58.0064 2684	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:22:58.0089 2684	ohci1394 - ok
13:22:58.0152 2684	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:22:58.0162 2684	ose - ok
13:22:58.0308 2684	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:22:58.0477 2684	osppsvc - ok
13:22:58.0570 2684	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:22:58.0588 2684	p2pimsvc - ok
13:22:58.0618 2684	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:22:58.0652 2684	p2psvc - ok
13:22:58.0697 2684	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:22:58.0721 2684	Parport - ok
13:22:58.0773 2684	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:22:58.0785 2684	partmgr - ok
13:22:58.0851 2684	PassThru Service (a1e779a0cf7a21b42e8fd3e8856d8481) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
13:22:58.0871 2684	PassThru Service ( UnsignedFile.Multi.Generic ) - warning
13:22:58.0871 2684	PassThru Service - detected UnsignedFile.Multi.Generic (1)
13:22:58.0949 2684	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:22:58.0979 2684	PcaSvc - ok
13:22:59.0086 2684	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
13:22:59.0105 2684	pccsmcfd - ok
13:22:59.0138 2684	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:22:59.0152 2684	pci - ok
13:22:59.0177 2684	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:22:59.0189 2684	pciide - ok
13:22:59.0234 2684	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:22:59.0250 2684	pcmcia - ok
13:22:59.0274 2684	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:22:59.0284 2684	pcw - ok
13:22:59.0314 2684	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:22:59.0374 2684	PEAUTH - ok
13:22:59.0420 2684	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:22:59.0446 2684	PerfHost - ok
13:22:59.0530 2684	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:22:59.0606 2684	pla - ok
13:22:59.0678 2684	PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
13:22:59.0717 2684	PlugPlay - ok
13:22:59.0743 2684	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:22:59.0768 2684	PNRPAutoReg - ok
13:22:59.0792 2684	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:22:59.0808 2684	PNRPsvc - ok
13:22:59.0847 2684	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:22:59.0904 2684	PolicyAgent - ok
13:22:59.0986 2684	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:23:00.0033 2684	Power - ok
13:23:00.0123 2684	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:23:00.0176 2684	PptpMiniport - ok
13:23:00.0203 2684	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:23:00.0229 2684	Processor - ok
13:23:00.0268 2684	ProfSvc         (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
13:23:00.0323 2684	ProfSvc - ok
13:23:00.0406 2684	ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:23:00.0419 2684	ProtectedStorage - ok
13:23:00.0473 2684	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:23:00.0524 2684	Psched - ok
13:23:00.0589 2684	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:23:00.0656 2684	ql2300 - ok
13:23:00.0688 2684	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:23:00.0701 2684	ql40xx - ok
13:23:00.0744 2684	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:23:00.0767 2684	QWAVE - ok
13:23:00.0812 2684	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:23:00.0839 2684	QWAVEdrv - ok
13:23:00.0861 2684	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:23:00.0909 2684	RasAcd - ok
13:23:00.0995 2684	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:23:01.0031 2684	RasAgileVpn - ok
13:23:01.0061 2684	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:23:01.0113 2684	RasAuto - ok
13:23:01.0212 2684	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:23:01.0250 2684	Rasl2tp - ok
13:23:01.0289 2684	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
13:23:01.0343 2684	RasMan - ok
13:23:01.0444 2684	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:23:01.0496 2684	RasPppoe - ok
13:23:01.0592 2684	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:23:01.0638 2684	RasSstp - ok
13:23:01.0670 2684	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:23:01.0720 2684	rdbss - ok
13:23:01.0805 2684	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:23:01.0830 2684	rdpbus - ok
13:23:01.0853 2684	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:23:01.0901 2684	RDPCDD - ok
13:23:01.0996 2684	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:23:02.0046 2684	RDPENCDD - ok
13:23:02.0071 2684	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:23:02.0121 2684	RDPREFMP - ok
13:23:02.0221 2684	RDPWD           (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
13:23:02.0247 2684	RDPWD - ok
13:23:02.0346 2684	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:23:02.0361 2684	rdyboost - ok
13:23:02.0383 2684	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:23:02.0438 2684	RemoteAccess - ok
13:23:02.0479 2684	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:23:02.0520 2684	RemoteRegistry - ok
13:23:02.0545 2684	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:23:02.0597 2684	RpcEptMapper - ok
13:23:02.0628 2684	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:23:02.0654 2684	RpcLocator - ok
13:23:02.0735 2684	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:23:02.0777 2684	RpcSs - ok
13:23:02.0840 2684	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:23:02.0891 2684	rspndr - ok
13:23:02.0981 2684	SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:23:02.0994 2684	SamSs - ok
13:23:03.0041 2684	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:23:03.0054 2684	sbp2port - ok
13:23:03.0099 2684	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:23:03.0154 2684	SCardSvr - ok
13:23:03.0194 2684	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:23:03.0240 2684	scfilter - ok
13:23:03.0291 2684	Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
13:23:03.0351 2684	Schedule - ok
13:23:03.0389 2684	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:23:03.0425 2684	SCPolicySvc - ok
13:23:03.0452 2684	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:23:03.0478 2684	SDRSVC - ok
13:23:03.0570 2684	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:23:03.0616 2684	secdrv - ok
13:23:03.0653 2684	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:23:03.0700 2684	seclogon - ok
13:23:03.0762 2684	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:23:03.0799 2684	SENS - ok
13:23:03.0820 2684	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:23:03.0855 2684	SensrSvc - ok
13:23:03.0950 2684	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:23:03.0970 2684	Serenum - ok
13:23:03.0996 2684	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:23:04.0020 2684	Serial - ok
13:23:04.0031 2684	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:23:04.0058 2684	sermouse - ok
13:23:04.0167 2684	ServiceLayer    (f31e9531af225ca25350d5e87e999b31) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
13:23:04.0188 2684	ServiceLayer - ok
13:23:04.0271 2684	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
13:23:04.0309 2684	SessionEnv - ok
13:23:04.0342 2684	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:23:04.0369 2684	sffdisk - ok
13:23:04.0399 2684	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:23:04.0432 2684	sffp_mmc - ok
13:23:04.0486 2684	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
13:23:04.0511 2684	sffp_sd - ok
13:23:04.0549 2684	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:23:04.0576 2684	sfloppy - ok
13:23:04.0621 2684	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:23:04.0679 2684	SharedAccess - ok
13:23:04.0720 2684	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:23:04.0751 2684	ShellHWDetection - ok
13:23:04.0847 2684	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
13:23:04.0868 2684	SiSGbeLH - ok
13:23:04.0903 2684	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:23:04.0915 2684	SiSRaid2 - ok
13:23:04.0938 2684	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:23:04.0951 2684	SiSRaid4 - ok
13:23:04.0975 2684	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:23:05.0033 2684	Smb - ok
13:23:05.0123 2684	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:23:05.0156 2684	SNMPTRAP - ok
13:23:05.0233 2684	SNP2UVC         (2d280b5799f9c143fa7d49e032fbce46) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:23:05.0305 2684	SNP2UVC - ok
13:23:05.0383 2684	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:23:05.0393 2684	spldr - ok
13:23:05.0435 2684	Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
13:23:05.0464 2684	Spooler - ok
13:23:05.0614 2684	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:23:05.0722 2684	sppsvc - ok
13:23:05.0751 2684	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:23:05.0805 2684	sppuinotify - ok
13:23:05.0856 2684	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:23:05.0892 2684	srv - ok
13:23:05.0942 2684	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:23:05.0975 2684	srv2 - ok
13:23:06.0025 2684	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:23:06.0048 2684	srvnet - ok
13:23:06.0137 2684	sscdbus         (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
13:23:06.0157 2684	sscdbus - ok
13:23:06.0196 2684	sscdmdfl        (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
13:23:06.0223 2684	sscdmdfl - ok
13:23:06.0247 2684	sscdmdm         (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
13:23:06.0261 2684	sscdmdm - ok
13:23:06.0284 2684	sscdserd        (23ebb395609d9cdb8b1074a12254119b) C:\Windows\system32\DRIVERS\sscdserd.sys
13:23:06.0313 2684	sscdserd - ok
13:23:06.0349 2684	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:23:06.0402 2684	SSDPSRV - ok
13:23:06.0424 2684	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:23:06.0475 2684	SstpSvc - ok
13:23:06.0508 2684	Steam Client Service - ok
13:23:06.0585 2684	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:23:06.0596 2684	stexstor - ok
13:23:06.0635 2684	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:23:06.0672 2684	stisvc - ok
13:23:06.0715 2684	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:23:06.0725 2684	swenum - ok
13:23:06.0760 2684	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:23:06.0805 2684	swprv - ok
13:23:06.0852 2684	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
13:23:06.0932 2684	SysMain - ok
13:23:06.0983 2684	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:23:07.0004 2684	TabletInputService - ok
13:23:07.0024 2684	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:23:07.0067 2684	TapiSrv - ok
13:23:07.0082 2684	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:23:07.0121 2684	TBS - ok
13:23:07.0195 2684	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
13:23:07.0265 2684	Tcpip - ok
13:23:07.0339 2684	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
13:23:07.0376 2684	TCPIP6 - ok
13:23:07.0414 2684	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:23:07.0451 2684	tcpipreg - ok
13:23:07.0486 2684	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:23:07.0506 2684	TDPIPE - ok
13:23:07.0542 2684	TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
13:23:07.0567 2684	TDTCP - ok
13:23:07.0604 2684	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:23:07.0649 2684	tdx - ok
13:23:07.0677 2684	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:23:07.0688 2684	TermDD - ok
13:23:07.0725 2684	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:23:07.0785 2684	TermService - ok
13:23:07.0813 2684	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:23:07.0844 2684	Themes - ok
13:23:07.0883 2684	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:23:07.0921 2684	THREADORDER - ok
13:23:07.0972 2684	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:23:08.0027 2684	TrkWks - ok
13:23:08.0074 2684	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:23:08.0096 2684	TrustedInstaller - ok
13:23:08.0156 2684	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:23:08.0202 2684	tssecsrv - ok
13:23:08.0271 2684	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:23:08.0309 2684	tunnel - ok
13:23:08.0333 2684	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:23:08.0346 2684	uagp35 - ok
13:23:08.0398 2684	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:23:08.0448 2684	udfs - ok
13:23:08.0502 2684	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:23:08.0527 2684	UI0Detect - ok
13:23:08.0585 2684	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:23:08.0598 2684	uliagpkx - ok
13:23:08.0632 2684	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:23:08.0655 2684	umbus - ok
13:23:08.0675 2684	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:23:08.0688 2684	UmPass - ok
13:23:08.0720 2684	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:23:08.0770 2684	upnphost - ok
13:23:08.0879 2684	upperdev        (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
13:23:08.0905 2684	upperdev - ok
13:23:08.0963 2684	usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
13:23:08.0998 2684	usbaudio - ok
13:23:09.0088 2684	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:23:09.0112 2684	usbccgp - ok
13:23:09.0154 2684	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:23:09.0177 2684	usbcir - ok
13:23:09.0206 2684	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
13:23:09.0219 2684	usbehci - ok
13:23:09.0257 2684	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:23:09.0292 2684	usbhub - ok
13:23:09.0318 2684	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
13:23:09.0339 2684	usbohci - ok
13:23:09.0372 2684	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:23:09.0395 2684	usbprint - ok
13:23:09.0423 2684	usbser          (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
13:23:09.0438 2684	usbser - ok
13:23:09.0474 2684	UsbserFilt      (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
13:23:09.0500 2684	UsbserFilt - ok
13:23:09.0531 2684	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:23:09.0552 2684	USBSTOR - ok
13:23:09.0575 2684	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:23:09.0603 2684	usbuhci - ok
13:23:09.0686 2684	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
13:23:09.0708 2684	usbvideo - ok
13:23:09.0744 2684	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:23:09.0782 2684	UxSms - ok
13:23:09.0815 2684	VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:23:09.0828 2684	VaultSvc - ok
13:23:09.0883 2684	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:23:09.0894 2684	vdrvroot - ok
13:23:09.0943 2684	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:23:09.0965 2684	vds - ok
13:23:10.0022 2684	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:23:10.0038 2684	vga - ok
13:23:10.0056 2684	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:23:10.0108 2684	VgaSave - ok
13:23:10.0149 2684	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:23:10.0165 2684	vhdmp - ok
13:23:10.0176 2684	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:23:10.0187 2684	viaide - ok
13:23:10.0207 2684	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:23:10.0219 2684	volmgr - ok
13:23:10.0250 2684	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:23:10.0267 2684	volmgrx - ok
13:23:10.0296 2684	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:23:10.0313 2684	volsnap - ok
13:23:10.0351 2684	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:23:10.0366 2684	vsmraid - ok
13:23:10.0422 2684	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:23:10.0481 2684	VSS - ok
13:23:10.0532 2684	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:23:10.0560 2684	vwifibus - ok
13:23:10.0587 2684	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:23:10.0605 2684	vwififlt - ok
13:23:10.0643 2684	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:23:10.0661 2684	vwifimp - ok
13:23:10.0697 2684	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:23:10.0740 2684	W32Time - ok
13:23:10.0783 2684	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:23:10.0810 2684	WacomPen - ok
13:23:10.0855 2684	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:23:10.0904 2684	WANARP - ok
13:23:10.0915 2684	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:23:10.0952 2684	Wanarpv6 - ok
13:23:11.0062 2684	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:23:11.0127 2684	wbengine - ok
13:23:11.0168 2684	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:23:11.0201 2684	WbioSrvc - ok
13:23:11.0246 2684	wcncsvc         (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
13:23:11.0275 2684	wcncsvc - ok
13:23:11.0305 2684	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:23:11.0332 2684	WcsPlugInService - ok
13:23:11.0381 2684	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:23:11.0392 2684	Wd - ok
13:23:11.0423 2684	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:23:11.0446 2684	Wdf01000 - ok
13:23:11.0477 2684	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:23:11.0508 2684	WdiServiceHost - ok
13:23:11.0512 2684	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:23:11.0531 2684	WdiSystemHost - ok
13:23:11.0569 2684	WebClient       (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
13:23:11.0601 2684	WebClient - ok
13:23:11.0639 2684	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:23:11.0694 2684	Wecsvc - ok
13:23:11.0768 2684	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:23:11.0816 2684	wercplsupport - ok
13:23:11.0900 2684	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:23:11.0956 2684	WerSvc - ok
13:23:12.0035 2684	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:23:12.0072 2684	WfpLwf - ok
13:23:12.0117 2684	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
13:23:12.0131 2684	WimFltr - ok
13:23:12.0151 2684	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:23:12.0163 2684	WIMMount - ok
13:23:12.0212 2684	WinDefend - ok
13:23:12.0223 2684	WinHttpAutoProxySvc - ok
13:23:12.0290 2684	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:23:12.0329 2684	Winmgmt - ok
13:23:12.0395 2684	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:23:12.0517 2684	WinRM - ok
13:23:12.0624 2684	WinUSB          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
13:23:12.0641 2684	WinUSB - ok
13:23:12.0692 2684	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:23:12.0733 2684	Wlansvc - ok
13:23:12.0858 2684	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:23:12.0938 2684	wlidsvc - ok
13:23:13.0031 2684	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:23:13.0055 2684	WmiAcpi - ok
13:23:13.0119 2684	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:23:13.0144 2684	wmiApSrv - ok
13:23:13.0205 2684	WMPNetworkSvc - ok
13:23:13.0273 2684	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:23:13.0303 2684	WPCSvc - ok
13:23:13.0332 2684	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
13:23:13.0362 2684	WPDBusEnum - ok
13:23:13.0401 2684	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:23:13.0450 2684	ws2ifsl - ok
13:23:13.0486 2684	wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
13:23:13.0513 2684	wscsvc - ok
13:23:13.0609 2684	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:23:13.0633 2684	WSDPrintDevice - ok
13:23:13.0649 2684	WSDScan         (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
13:23:13.0666 2684	WSDScan - ok
13:23:13.0674 2684	WSearch - ok
13:23:13.0760 2684	wuauserv        (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
13:23:13.0870 2684	wuauserv - ok
13:23:13.0915 2684	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:23:13.0955 2684	WudfPf - ok
13:23:14.0032 2684	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:23:14.0078 2684	WUDFRd - ok
13:23:14.0115 2684	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
13:23:14.0169 2684	wudfsvc - ok
13:23:14.0193 2684	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:23:14.0227 2684	WwanSvc - ok
13:23:14.0266 2684	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:23:14.0503 2684	\Device\Harddisk0\DR0 - ok
13:23:14.0514 2684	Boot (0x1200)   (5e95d734f2ee255cf18cc62115ae5b1d) \Device\Harddisk0\DR0\Partition0
13:23:14.0515 2684	\Device\Harddisk0\DR0\Partition0 - ok
13:23:14.0544 2684	Boot (0x1200)   (5071c243f6804197c01ba5ee2314ea08) \Device\Harddisk0\DR0\Partition1
13:23:14.0546 2684	\Device\Harddisk0\DR0\Partition1 - ok
13:23:14.0546 2684	============================================================
13:23:14.0546 2684	Scan finished
13:23:14.0546 2684	============================================================
13:23:14.0613 2972	Detected object count: 2
13:23:14.0613 2972	Actual detected object count: 2
13:23:29.0821 2972	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:29.0821 2972	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:23:29.0823 2972	PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:29.0823 2972	PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Gruß Adik

Alt 25.03.2012, 16:32   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2012, 00:23   #15
adik4all
 
GVU Trojaner? oder echt? - Standard

GVU Trojaner? oder echt?



ok erledigt, hier das log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-22.01 - Adik 25.03.2012  23:36:37.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4095.2743 [GMT 2:00]
ausgeführt von:: c:\users\Adik\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetWallpaper.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-25 bis 2012-03-25  ))))))))))))))))))))))))))))))
.
.
2012-03-25 21:42 . 2012-03-25 21:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-23 20:47 . 2012-03-23 16:09	--------	d-----w-	C:\_OTL
2012-03-23 16:09 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9BBDAE6-554E-47F7-803A-E0E0EE856F6A}\mpengine.dll
2012-03-20 09:09 . 2012-03-20 09:09	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 09:09 . 2012-03-20 09:09	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 23:09 . 2012-03-18 23:09	--------	d-----w-	c:\program files (x86)\Spirent Communications
2012-03-18 23:08 . 2012-03-18 23:09	--------	d-----w-	c:\program files (x86)\HTC
2012-03-18 23:02 . 2012-03-18 23:20	--------	d-----w-	C:\ruu_log
2012-03-14 22:23 . 2011-11-19 18:30	5504880	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 22:23 . 2011-11-19 14:25	3957616	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 22:23 . 2011-11-19 14:25	3902320	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 13:41 . 2012-02-03 04:16	3143168	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 13:41 . 2012-02-10 06:18	1541120	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 13:41 . 2012-02-10 05:41	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 13:41 . 2012-02-10 06:17	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 13:41 . 2012-02-10 06:17	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 13:41 . 2012-02-10 06:17	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 13:41 . 2012-02-10 06:17	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 13:41 . 2012-02-10 05:41	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 13:41 . 2012-02-10 05:41	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-03-14 13:41 . 2012-02-10 05:41	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-03-14 13:41 . 2012-02-10 05:41	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-03-13 21:41 . 2012-02-15 06:27	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-13 21:41 . 2012-02-15 05:44	826368	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-13 21:41 . 2012-02-15 04:47	204800	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:41 . 2012-02-15 04:46	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-13 21:41 . 2012-01-25 06:27	76288	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-13 21:41 . 2012-01-25 06:27	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:41 . 2012-01-25 06:20	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-11 11:25 . 2012-03-11 11:25	--------	d-----w-	c:\users\Adik\AppData\Local\ElevatedDiagnostics
2012-03-07 11:07 . 2012-03-07 11:07	162664	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-01 14:00 . 2012-03-10 19:29	--------	d-----w-	c:\users\Adik\AppData\Roaming\ultrastardx
2012-03-01 14:00 . 2012-03-02 13:42	--------	d-----w-	c:\program files (x86)\UltraStar Deluxe
2012-03-01 13:00 . 2012-03-01 13:03	--------	d-----w-	c:\program files (x86)\UltraStar
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2011-02-19 15:08	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 18:02 . 2011-10-17 16:29	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-14 23:03 . 2012-02-14 23:03	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-02-14 23:03 . 2012-02-14 23:03	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-14 23:03 . 2012-02-14 23:03	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-14 23:03 . 2012-02-14 23:03	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-02-14 23:03 . 2012-02-14 23:03	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-02-14 23:03 . 2012-02-14 23:03	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-02-14 23:03 . 2012-02-14 23:03	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-02-14 23:03 . 2012-02-14 23:03	1798656	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-02-14 23:03 . 2012-02-14 23:03	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-02-14 23:03 . 2012-02-14 23:03	1127424	----a-w-	c:\windows\SysWow64\wininet.dll
2012-02-14 23:03 . 2012-02-14 23:03	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-02-14 23:03 . 2012-02-14 23:03	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-02-14 23:03 . 2012-02-14 23:03	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-02-14 23:03 . 2012-02-14 23:03	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-02-14 23:03 . 2012-02-14 23:03	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-02-14 23:03 . 2012-02-14 23:03	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-02-14 23:03 . 2012-02-14 23:03	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-02-14 23:03 . 2012-02-14 23:03	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-02-14 23:03 . 2012-02-14 23:03	448512	----a-w-	c:\windows\system32\html.iec
2012-02-14 23:03 . 2012-02-14 23:03	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-02-14 23:03 . 2012-02-14 23:03	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-02-14 23:03 . 2012-02-14 23:03	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-02-14 23:03 . 2012-02-14 23:03	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-02-14 23:03 . 2012-02-14 23:03	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-14 23:03 . 2012-02-14 23:03	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-02-14 23:03 . 2012-02-14 23:03	2308096	----a-w-	c:\windows\system32\jscript9.dll
2012-02-14 23:03 . 2012-02-14 23:03	222208	----a-w-	c:\windows\system32\msls31.dll
2012-02-14 23:03 . 2012-02-14 23:03	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-02-14 23:03 . 2012-02-14 23:03	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-02-14 23:03 . 2012-02-14 23:03	160256	----a-w-	c:\windows\system32\wextract.exe
2012-02-14 23:03 . 2012-02-14 23:03	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-02-14 23:03 . 2012-02-14 23:03	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-02-14 23:03 . 2012-02-14 23:03	1493504	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-14 23:03 . 2012-02-14 23:03	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-02-14 23:03 . 2012-02-14 23:03	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-02-14 23:03 . 2012-02-14 23:03	1390080	----a-w-	c:\windows\system32\wininet.dll
2012-02-14 23:03 . 2012-02-14 23:03	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-02-14 23:03 . 2012-02-14 23:03	12288	----a-w-	c:\windows\system32\mshta.exe
2012-02-14 23:03 . 2012-02-14 23:03	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-02-14 23:03 . 2012-02-14 23:03	114176	----a-w-	c:\windows\system32\admparse.dll
2012-02-14 23:03 . 2012-02-14 23:03	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-02-14 23:03 . 2012-02-14 23:03	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-01-04 09:58 . 2012-02-15 17:21	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 17:21	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-15 17:20	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-15 17:20	478208	----a-w-	c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 17:20	499200	----a-w-	c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-2-20 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2616729836-2362613055-2871255851-1001Core.job
- c:\users\Adik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 22:38]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2616729836-2362613055-2871255851-1001UA.job
- c:\users\Adik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 22:38]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 16330272]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=be8fa71e000000000000e0cb4e10c948&tlver=1.4.19.19&ss=1&affID=17395
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: EXIF lesen - c:\program files (x86)\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Adik\AppData\Roaming\Mozilla\Firefox\Profiles\gynvhsc1.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-4rJHeEXlxs54kFa - c:\users\Adik\AppData\Roaming\gw45u45111.exe
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2616729836-2362613055-2871255851-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:2b,7e,9e,be,04,ae,ee,dd,c6,c5,df,65,82,5a,45,20,ab,94,e1,98,55,
   1a,aa,8c,73,32,19,d4,7c,b5,84,7b,79,d3,ee,9d,db,2d,7a,4c,04,0f,fa,63,62,a4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\AsScrPro.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-25  23:50:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-25 21:50
.
Vor Suchlauf: 12 Verzeichnis(se), 162.411.061.248 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 163.363.983.360 Bytes frei
.
- - End Of File - - C0274C59BF976AB53EF94B8178795C39
         
--- --- ---

[/QUOTE]

Antwort

Themen zu GVU Trojaner? oder echt?
anleitung, betriebssystem, bildschirm, bundesamt, computer, geladen, gvu trojaner, ihr computer wurde von der gvu gesperrt, mahnung, meldung, nicht sicher, problem, raubkopien, schließe, seiten, sicherheit, super, sämtliche, trojaner, trojaner?, verbindung, würde, zusammen



Ähnliche Themen: GVU Trojaner? oder echt?


  1. Avira meldet 'TR/Crypt.ZPACK.Gen [trojan]' - Fehlalarm oder echt?
    Plagegeister aller Art und deren Bekämpfung - 23.08.2015 (5)
  2. Aufforderung zum Facebook Passwort Wechsel - Echt oder Fake?
    Diskussionsforum - 01.04.2015 (16)
  3. TR/Crypt.Xpack.110471[trojan Antivirus Meldung, Was tuhen ? Fehlermeldung oder echt ?
    Antiviren-, Firewall- und andere Schutzprogramme - 26.12.2014 (20)
  4. Schrauber hilft echt gut
    Lob, Kritik und Wünsche - 06.11.2014 (0)
  5. Trojan.GenericKD.1822763 gefunden, echt oder Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 30.08.2014 (5)
  6. oh oh, wohl echt ggrr
    Plagegeister aller Art und deren Bekämpfung - 06.05.2014 (16)
  7. Bundestrojaner echt
    Plagegeister aller Art und deren Bekämpfung - 30.03.2014 (2)
  8. appround.net - Pop up nervt echt
    Plagegeister aller Art und deren Bekämpfung - 18.04.2013 (7)
  9. Mail von WEB.de Abuse Team...Echt oder Spam??
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (13)
  10. Trojaner oder echt ?
    Log-Analyse und Auswertung - 28.06.2012 (3)
  11. 2 echt nervige probleme !
    Plagegeister aller Art und deren Bekämpfung - 25.09.2010 (12)
  12. Fehlalarm oder echt
    Plagegeister aller Art und deren Bekämpfung - 15.07.2009 (1)
  13. USB 2.0 oder USB 1.1 schon echt seltsam!
    Alles rund um Windows - 04.03.2008 (2)
  14. Trojaner Meldung von A-squared : Echt oder Falschmeldung ?
    Plagegeister aller Art und deren Bekämpfung - 06.12.2007 (5)
  15. Echt Probleme!!!!
    Plagegeister aller Art und deren Bekämpfung - 18.05.2005 (4)

Zum Thema GVU Trojaner? oder echt? - Hallo zusammen, ich habe sämtliche Seiten durchsucht doch leider zu meinem Fall nichts gefunden. Ich habe zwar ähnliche Trojanerbeschriebungen gelesen aber bin mir nicht sicher, ob es in meinem Fall - GVU Trojaner? oder echt?...
Archiv
Du betrachtest: GVU Trojaner? oder echt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.