| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.04.2012, 11:32
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.04.2012, 17:08
| #17 |
 | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Hi,
__________________hier ist der TDSS-Killer Log: Code:
ATTFilter 18:03:03.0421 3580 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
18:03:03.0593 3580 ============================================================
18:03:03.0593 3580 Current date / time: 2012/04/20 18:03:03.0593
18:03:03.0593 3580 SystemInfo:
18:03:03.0593 3580
18:03:03.0593 3580 OS Version: 6.1.7601 ServicePack: 1.0
18:03:03.0593 3580 Product type: Workstation
18:03:03.0593 3580 ComputerName: BLACK-ADDER
18:03:03.0593 3580 UserName: ApoC
18:03:03.0593 3580 Windows directory: C:\Windows
18:03:03.0593 3580 System windows directory: C:\Windows
18:03:03.0593 3580 Running under WOW64
18:03:03.0593 3580 Processor architecture: Intel x64
18:03:03.0593 3580 Number of processors: 4
18:03:03.0593 3580 Page size: 0x1000
18:03:03.0593 3580 Boot type: Normal boot
18:03:03.0593 3580 ============================================================
18:03:03.0718 3580 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:03:03.0733 3580 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:03:03.0733 3580 \Device\Harddisk0\DR0:
18:03:03.0733 3580 MBR partitions:
18:03:03.0733 3580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:03:03.0733 3580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
18:03:03.0733 3580 \Device\Harddisk1\DR1:
18:03:03.0733 3580 MBR partitions:
18:03:03.0733 3580 C: <-> \Device\Harddisk0\DR0\Partition1
18:03:03.0733 3580 Initialize success
18:03:03.0733 3580 ============================================================
18:03:08.0928 4660 ============================================================
18:03:08.0928 4660 Scan started
18:03:08.0928 4660 Mode: Manual; SigCheck; TDLFS;
18:03:08.0928 4660 ============================================================
18:03:08.0975 4660 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:03:09.0006 4660 1394ohci - ok
18:03:09.0006 4660 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:03:09.0022 4660 ACPI - ok
18:03:09.0022 4660 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:03:09.0037 4660 AcpiPmi - ok
18:03:09.0037 4660 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:03:09.0037 4660 AdobeARMservice - ok
18:03:09.0053 4660 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:03:09.0053 4660 AdobeFlashPlayerUpdateSvc - ok
18:03:09.0068 4660 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:03:09.0084 4660 adp94xx - ok
18:03:09.0084 4660 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:03:09.0100 4660 adpahci - ok
18:03:09.0100 4660 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:03:09.0115 4660 adpu320 - ok
18:03:09.0115 4660 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:03:09.0131 4660 AeLookupSvc - ok
18:03:09.0146 4660 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:03:09.0162 4660 AFD - ok
18:03:09.0162 4660 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:03:09.0162 4660 agp440 - ok
18:03:09.0178 4660 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:03:09.0178 4660 ALG - ok
18:03:09.0193 4660 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:03:09.0193 4660 aliide - ok
18:03:09.0193 4660 ALSysIO - ok
18:03:09.0209 4660 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:03:09.0209 4660 amdide - ok
18:03:09.0209 4660 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:03:09.0224 4660 AmdK8 - ok
18:03:09.0224 4660 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:03:09.0240 4660 AmdPPM - ok
18:03:09.0240 4660 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:03:09.0256 4660 amdsata - ok
18:03:09.0256 4660 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:03:09.0271 4660 amdsbs - ok
18:03:09.0271 4660 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:03:09.0271 4660 amdxata - ok
18:03:09.0287 4660 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:03:09.0302 4660 AppID - ok
18:03:09.0302 4660 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:03:09.0318 4660 AppIDSvc - ok
18:03:09.0334 4660 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:03:09.0349 4660 Appinfo - ok
18:03:09.0349 4660 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:03:09.0365 4660 AppMgmt - ok
18:03:09.0365 4660 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:03:09.0380 4660 arc - ok
18:03:09.0380 4660 archlp (6b74bc510abf9bb008271f2f7c436923) C:\Windows\system32\drivers\archlp.sys
18:03:09.0396 4660 archlp - ok
18:03:09.0396 4660 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:03:09.0412 4660 arcsas - ok
18:03:09.0412 4660 ArvoFltr (6053c47f327c78f7176d2797bbfa8348) C:\Windows\system32\drivers\ArvoFltr.sys
18:03:09.0427 4660 ArvoFltr - ok
18:03:09.0427 4660 asComSvc (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
18:03:09.0443 4660 asComSvc - ok
18:03:09.0458 4660 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
18:03:09.0458 4660 asHmComSvc - ok
18:03:09.0474 4660 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
18:03:09.0474 4660 AsIO - ok
18:03:09.0474 4660 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
18:03:09.0490 4660 AsSysCtrlService - ok
18:03:09.0490 4660 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
18:03:09.0505 4660 AsUpIO - ok
18:03:09.0505 4660 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
18:03:09.0505 4660 aswFsBlk - ok
18:03:09.0521 4660 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
18:03:09.0521 4660 aswMonFlt - ok
18:03:09.0536 4660 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
18:03:09.0536 4660 aswRdr - ok
18:03:09.0552 4660 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
18:03:09.0568 4660 aswSnx - ok
18:03:09.0583 4660 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
18:03:09.0583 4660 aswSP - ok
18:03:09.0599 4660 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
18:03:09.0599 4660 aswTdi - ok
18:03:09.0599 4660 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:03:09.0614 4660 AsyncMac - ok
18:03:09.0630 4660 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:03:09.0630 4660 atapi - ok
18:03:09.0646 4660 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:03:09.0661 4660 AudioEndpointBuilder - ok
18:03:09.0677 4660 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:03:09.0692 4660 AudioSrv - ok
18:03:09.0708 4660 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:03:09.0708 4660 avast! Antivirus - ok
18:03:09.0708 4660 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:03:09.0724 4660 AxInstSV - ok
18:03:09.0739 4660 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:03:09.0739 4660 b06bdrv - ok
18:03:09.0755 4660 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:03:09.0755 4660 b57nd60a - ok
18:03:09.0770 4660 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:03:09.0770 4660 BDESVC - ok
18:03:09.0786 4660 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:03:09.0802 4660 Beep - ok
18:03:09.0817 4660 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:03:09.0833 4660 BFE - ok
18:03:09.0848 4660 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:03:09.0864 4660 BITS - ok
18:03:09.0880 4660 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:03:09.0880 4660 blbdrive - ok
18:03:09.0895 4660 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:03:09.0895 4660 Bonjour Service - ok
18:03:09.0895 4660 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:03:09.0911 4660 bowser - ok
18:03:09.0911 4660 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:03:09.0926 4660 BrFiltLo - ok
18:03:09.0926 4660 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:03:09.0942 4660 BrFiltUp - ok
18:03:09.0942 4660 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:03:09.0958 4660 Browser - ok
18:03:09.0973 4660 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:03:09.0973 4660 Brserid - ok
18:03:09.0989 4660 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:03:09.0989 4660 BrSerWdm - ok
18:03:10.0004 4660 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:03:10.0004 4660 BrUsbMdm - ok
18:03:10.0020 4660 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:03:10.0020 4660 BrUsbSer - ok
18:03:10.0036 4660 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:03:10.0036 4660 BTHMODEM - ok
18:03:10.0051 4660 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:03:10.0067 4660 bthserv - ok
18:03:10.0067 4660 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:03:10.0082 4660 cdfs - ok
18:03:10.0098 4660 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:03:10.0098 4660 cdrom - ok
18:03:10.0114 4660 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:03:10.0129 4660 CertPropSvc - ok
18:03:10.0129 4660 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:03:10.0145 4660 circlass - ok
18:03:10.0145 4660 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:03:10.0160 4660 CLFS - ok
18:03:10.0160 4660 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:03:10.0160 4660 clr_optimization_v2.0.50727_32 - ok
18:03:10.0176 4660 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:03:10.0176 4660 clr_optimization_v2.0.50727_64 - ok
18:03:10.0176 4660 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:03:10.0192 4660 clr_optimization_v4.0.30319_32 - ok
18:03:10.0192 4660 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:03:10.0192 4660 clr_optimization_v4.0.30319_64 - ok
18:03:10.0207 4660 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:03:10.0207 4660 CmBatt - ok
18:03:10.0223 4660 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:03:10.0223 4660 cmdide - ok
18:03:10.0238 4660 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:03:10.0254 4660 CNG - ok
18:03:10.0254 4660 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:03:10.0254 4660 Compbatt - ok
18:03:10.0270 4660 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:03:10.0270 4660 CompositeBus - ok
18:03:10.0285 4660 COMSysApp - ok
18:03:10.0285 4660 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:03:10.0285 4660 crcdisk - ok
18:03:10.0301 4660 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:03:10.0316 4660 CryptSvc - ok
18:03:10.0332 4660 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:03:10.0332 4660 CSC - ok
18:03:10.0348 4660 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
18:03:10.0363 4660 CscService - ok
18:03:10.0379 4660 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:03:10.0394 4660 DcomLaunch - ok
18:03:10.0410 4660 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:03:10.0426 4660 defragsvc - ok
18:03:10.0426 4660 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:03:10.0441 4660 DfsC - ok
18:03:10.0457 4660 dgderdrv - ok
18:03:10.0457 4660 dg_ssudbus (bf4e72d6fa78fedc4b8577116eface7e) C:\Windows\system32\DRIVERS\ssudbus.sys
18:03:10.0472 4660 dg_ssudbus - ok
18:03:10.0472 4660 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:03:10.0504 4660 Dhcp - ok
18:03:10.0504 4660 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:03:10.0519 4660 discache - ok
18:03:10.0535 4660 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:03:10.0535 4660 Disk - ok
18:03:10.0535 4660 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:03:10.0550 4660 Dnscache - ok
18:03:10.0550 4660 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:03:10.0582 4660 dot3svc - ok
18:03:10.0582 4660 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:03:10.0597 4660 DPS - ok
18:03:10.0613 4660 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:03:10.0613 4660 drmkaud - ok
18:03:10.0628 4660 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:03:10.0644 4660 DXGKrnl - ok
18:03:10.0660 4660 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
18:03:10.0660 4660 e1cexpress - ok
18:03:10.0675 4660 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:03:10.0691 4660 EapHost - ok
18:03:10.0722 4660 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:03:10.0738 4660 ebdrv - ok
18:03:10.0753 4660 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:03:10.0753 4660 EFS - ok
18:03:10.0769 4660 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:03:10.0769 4660 ehRecvr - ok
18:03:10.0784 4660 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:03:10.0784 4660 ehSched - ok
18:03:10.0800 4660 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:03:10.0800 4660 elxstor - ok
18:03:10.0816 4660 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:03:10.0816 4660 ErrDev - ok
18:03:10.0831 4660 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:03:10.0847 4660 EventSystem - ok
18:03:10.0862 4660 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:03:10.0878 4660 exfat - ok
18:03:10.0878 4660 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:03:10.0894 4660 fastfat - ok
18:03:10.0909 4660 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:03:10.0925 4660 Fax - ok
18:03:10.0925 4660 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:03:10.0940 4660 fdc - ok
18:03:10.0940 4660 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:03:10.0956 4660 fdPHost - ok
18:03:10.0972 4660 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:03:10.0987 4660 FDResPub - ok
18:03:10.0987 4660 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:03:11.0003 4660 FileInfo - ok
18:03:11.0003 4660 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:03:11.0018 4660 Filetrace - ok
18:03:11.0034 4660 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:03:11.0034 4660 flpydisk - ok
18:03:11.0050 4660 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:03:11.0050 4660 FltMgr - ok
18:03:11.0065 4660 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:03:11.0081 4660 FontCache - ok
18:03:11.0081 4660 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:03:11.0096 4660 FontCache3.0.0.0 - ok
18:03:11.0096 4660 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:03:11.0096 4660 FsDepends - ok
18:03:11.0112 4660 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:03:11.0112 4660 Fs_Rec - ok
18:03:11.0112 4660 Futuremark SystemInfo Service (a33bcf3fab19db7d0b501036722f311b) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
18:03:11.0128 4660 Futuremark SystemInfo Service - ok
18:03:11.0128 4660 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:03:11.0143 4660 fvevol - ok
18:03:11.0143 4660 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:03:11.0159 4660 gagp30kx - ok
18:03:11.0159 4660 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:03:11.0190 4660 gpsvc - ok
18:03:11.0190 4660 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:03:11.0206 4660 hcw85cir - ok
18:03:11.0206 4660 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:03:11.0221 4660 HdAudAddService - ok
18:03:11.0221 4660 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:03:11.0237 4660 HDAudBus - ok
18:03:11.0237 4660 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:03:11.0252 4660 HidBatt - ok
18:03:11.0252 4660 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:03:11.0268 4660 HidBth - ok
18:03:11.0268 4660 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:03:11.0268 4660 HidIr - ok
18:03:11.0284 4660 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:03:11.0299 4660 hidserv - ok
18:03:11.0299 4660 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:03:11.0315 4660 HidUsb - ok
18:03:11.0315 4660 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:03:11.0330 4660 hkmsvc - ok
18:03:11.0346 4660 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:03:11.0346 4660 HomeGroupListener - ok
18:03:11.0362 4660 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:03:11.0362 4660 HomeGroupProvider - ok
18:03:11.0377 4660 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:03:11.0377 4660 HpSAMD - ok
18:03:11.0393 4660 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:03:11.0424 4660 HTTP - ok
18:03:11.0424 4660 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:03:11.0424 4660 hwpolicy - ok
18:03:11.0440 4660 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:03:11.0440 4660 i8042prt - ok
18:03:11.0455 4660 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
18:03:11.0455 4660 iaStor - ok
18:03:11.0471 4660 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:03:11.0471 4660 IAStorDataMgrSvc - ok
18:03:11.0486 4660 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:03:11.0486 4660 iaStorV - ok
18:03:11.0502 4660 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
18:03:11.0502 4660 ICCWDT - ok
18:03:11.0502 4660 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:03:11.0502 4660 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:03:11.0502 4660 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:03:11.0518 4660 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:03:11.0533 4660 idsvc - ok
18:03:11.0533 4660 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:03:11.0549 4660 iirsp - ok
18:03:11.0564 4660 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:03:11.0580 4660 IKEEXT - ok
18:03:11.0611 4660 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
18:03:11.0627 4660 IntcAzAudAddService - ok
18:03:11.0642 4660 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:03:11.0642 4660 intelide - ok
18:03:11.0658 4660 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:03:11.0658 4660 intelppm - ok
18:03:11.0658 4660 Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
18:03:11.0674 4660 Intel® PROSet Monitoring Service - ok
18:03:11.0674 4660 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:03:11.0689 4660 IPBusEnum - ok
18:03:11.0705 4660 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:03:11.0720 4660 IpFilterDriver - ok
18:03:11.0736 4660 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:03:11.0752 4660 iphlpsvc - ok
18:03:11.0767 4660 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:03:11.0767 4660 IPMIDRV - ok
18:03:11.0767 4660 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:03:11.0783 4660 IPNAT - ok
18:03:11.0798 4660 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:03:11.0798 4660 IRENUM - ok
18:03:11.0814 4660 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:03:11.0814 4660 isapnp - ok
18:03:11.0830 4660 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:03:11.0830 4660 iScsiPrt - ok
18:03:11.0845 4660 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
18:03:11.0845 4660 JRAID - ok
18:03:11.0861 4660 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:03:11.0861 4660 kbdclass - ok
18:03:11.0861 4660 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:03:11.0876 4660 kbdhid - ok
18:03:11.0876 4660 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:03:11.0876 4660 KeyIso - ok
18:03:11.0892 4660 KoneFltr (b6d6f12c214de823fa22709f7bd0eb0b) C:\Windows\system32\drivers\Kone.sys
18:03:11.0892 4660 KoneFltr - ok
18:03:11.0908 4660 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:03:11.0908 4660 KSecDD - ok
18:03:11.0908 4660 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:03:11.0923 4660 KSecPkg - ok
18:03:11.0939 4660 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:03:11.0954 4660 ksthunk - ok
18:03:11.0954 4660 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:03:11.0970 4660 KtmRm - ok
18:03:11.0986 4660 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:03:12.0001 4660 LanmanServer - ok
18:03:12.0017 4660 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:03:12.0032 4660 LanmanWorkstation - ok
18:03:12.0032 4660 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:03:12.0048 4660 lltdio - ok
18:03:12.0064 4660 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:03:12.0079 4660 lltdsvc - ok
18:03:12.0095 4660 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:03:12.0110 4660 lmhosts - ok
18:03:12.0110 4660 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:03:12.0126 4660 LSI_FC - ok
18:03:12.0126 4660 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:03:12.0126 4660 LSI_SAS - ok
18:03:12.0142 4660 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:03:12.0142 4660 LSI_SAS2 - ok
18:03:12.0157 4660 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:03:12.0157 4660 LSI_SCSI - ok
18:03:12.0157 4660 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:03:12.0173 4660 luafv - ok
18:03:12.0188 4660 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:03:12.0188 4660 Mcx2Svc - ok
18:03:12.0204 4660 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
18:03:12.0204 4660 MDM ( UnsignedFile.Multi.Generic ) - warning
18:03:12.0204 4660 MDM - detected UnsignedFile.Multi.Generic (1)
18:03:12.0220 4660 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:03:12.0220 4660 megasas - ok
18:03:12.0235 4660 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:03:12.0235 4660 MegaSR - ok
18:03:12.0235 4660 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
18:03:12.0251 4660 MEIx64 - ok
18:03:12.0251 4660 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:03:12.0251 4660 Microsoft Office Groove Audit Service - ok
18:03:12.0266 4660 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:03:12.0282 4660 MMCSS - ok
18:03:12.0298 4660 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:03:12.0313 4660 Modem - ok
18:03:12.0313 4660 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:03:12.0329 4660 monitor - ok
18:03:12.0329 4660 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:03:12.0329 4660 mouclass - ok
18:03:12.0344 4660 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:03:12.0344 4660 mouhid - ok
18:03:12.0360 4660 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:03:12.0360 4660 mountmgr - ok
18:03:12.0376 4660 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:03:12.0376 4660 mpio - ok
18:03:12.0391 4660 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:03:12.0407 4660 mpsdrv - ok
18:03:12.0422 4660 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:03:12.0438 4660 MpsSvc - ok
18:03:12.0454 4660 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:03:12.0454 4660 MRxDAV - ok
18:03:12.0469 4660 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:03:12.0469 4660 mrxsmb - ok
18:03:12.0485 4660 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:03:12.0485 4660 mrxsmb10 - ok
18:03:12.0500 4660 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:03:12.0500 4660 mrxsmb20 - ok
18:03:12.0516 4660 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:03:12.0516 4660 msahci - ok
18:03:12.0516 4660 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:03:12.0532 4660 msdsm - ok
18:03:12.0532 4660 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:03:12.0547 4660 MSDTC - ok
18:03:12.0547 4660 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:03:12.0563 4660 Msfs - ok
18:03:12.0578 4660 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:03:12.0594 4660 mshidkmdf - ok
18:03:12.0594 4660 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:03:12.0610 4660 msisadrv - ok
18:03:12.0610 4660 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:03:12.0625 4660 MSiSCSI - ok
18:03:12.0641 4660 msiserver - ok
18:03:12.0641 4660 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:03:12.0656 4660 MSKSSRV - ok
18:03:12.0672 4660 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:03:12.0688 4660 MSPCLOCK - ok
18:03:12.0688 4660 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:03:12.0719 4660 MSPQM - ok
18:03:12.0719 4660 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:03:12.0734 4660 MsRPC - ok
18:03:12.0734 4660 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:03:12.0750 4660 mssmbios - ok
18:03:12.0750 4660 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:03:12.0766 4660 MSTEE - ok
18:03:12.0781 4660 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:03:12.0781 4660 MTConfig - ok
18:03:12.0797 4660 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:03:12.0797 4660 Mup - ok
18:03:12.0812 4660 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
18:03:12.0812 4660 mv91xx - ok
18:03:12.0828 4660 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:03:12.0844 4660 napagent - ok
18:03:12.0859 4660 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:03:12.0859 4660 NativeWifiP - ok
18:03:12.0875 4660 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:03:12.0890 4660 NDIS - ok
18:03:12.0906 4660 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:03:12.0922 4660 NdisCap - ok
18:03:12.0922 4660 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:03:12.0937 4660 NdisTapi - ok
18:03:12.0953 4660 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:03:12.0968 4660 Ndisuio - ok
18:03:12.0968 4660 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:03:12.0984 4660 NdisWan - ok
18:03:13.0000 4660 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:03:13.0015 4660 NDProxy - ok
18:03:13.0031 4660 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:03:13.0046 4660 NetBIOS - ok
18:03:13.0046 4660 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:03:13.0062 4660 NetBT - ok
18:03:13.0078 4660 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:03:13.0078 4660 Netlogon - ok
18:03:13.0093 4660 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:03:13.0109 4660 Netman - ok
18:03:13.0124 4660 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:03:13.0140 4660 netprofm - ok
18:03:13.0140 4660 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:03:13.0156 4660 NetTcpPortSharing - ok
18:03:13.0156 4660 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:03:13.0156 4660 nfrd960 - ok
18:03:13.0171 4660 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:03:13.0187 4660 NlaSvc - ok
18:03:13.0202 4660 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:03:13.0218 4660 Npfs - ok
18:03:13.0218 4660 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:03:13.0234 4660 nsi - ok
18:03:13.0249 4660 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:03:13.0265 4660 nsiproxy - ok
18:03:13.0280 4660 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:03:13.0296 4660 Ntfs - ok
18:03:13.0312 4660 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:03:13.0327 4660 Null - ok
18:03:13.0327 4660 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:03:13.0343 4660 nusb3hub - ok
18:03:13.0343 4660 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:03:13.0358 4660 nusb3xhc - ok
18:03:13.0358 4660 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
18:03:13.0358 4660 NVHDA - ok
18:03:13.0483 4660 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:03:13.0577 4660 nvlddmkm - ok
18:03:13.0592 4660 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:03:13.0592 4660 nvraid - ok
18:03:13.0608 4660 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:03:13.0608 4660 nvstor - ok
18:03:13.0624 4660 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
18:03:13.0639 4660 nvsvc - ok
18:03:13.0655 4660 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:03:13.0655 4660 nv_agp - ok
18:03:13.0655 4660 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:03:13.0670 4660 odserv - ok
18:03:13.0670 4660 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:03:13.0686 4660 ohci1394 - ok
18:03:13.0686 4660 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:03:13.0686 4660 ose - ok
18:03:13.0702 4660 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:03:13.0717 4660 p2pimsvc - ok
18:03:13.0717 4660 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:03:13.0733 4660 p2psvc - ok
18:03:13.0733 4660 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:03:13.0748 4660 Parport - ok
18:03:13.0748 4660 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:03:13.0764 4660 partmgr - ok
18:03:13.0764 4660 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:03:13.0780 4660 PcaSvc - ok
18:03:13.0780 4660 pccsmcfd - ok
18:03:13.0795 4660 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:03:13.0795 4660 pci - ok
18:03:13.0811 4660 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:03:13.0811 4660 pciide - ok
18:03:13.0826 4660 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:03:13.0826 4660 pcmcia - ok
18:03:13.0826 4660 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:03:13.0842 4660 pcw - ok
18:03:13.0858 4660 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:03:13.0873 4660 PEAUTH - ok
18:03:13.0889 4660 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:03:13.0904 4660 PeerDistSvc - ok
18:03:13.0904 4660 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:03:13.0920 4660 PerfHost - ok
18:03:13.0936 4660 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:03:13.0967 4660 pla - ok
18:03:13.0967 4660 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:03:13.0982 4660 PlugPlay - ok
18:03:13.0982 4660 PnkBstrA - ok
18:03:13.0998 4660 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:03:14.0014 4660 PNRPAutoReg - ok
18:03:14.0014 4660 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:03:14.0029 4660 PNRPsvc - ok
18:03:14.0029 4660 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:03:14.0060 4660 PolicyAgent - ok
18:03:14.0107 4660 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:03:14.0123 4660 Power - ok
18:03:14.0123 4660 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:03:14.0138 4660 PptpMiniport - ok
18:03:14.0170 4660 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:03:14.0170 4660 Processor - ok
18:03:14.0170 4660 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:03:14.0185 4660 ProfSvc - ok
18:03:14.0201 4660 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:03:14.0201 4660 ProtectedStorage - ok
18:03:14.0216 4660 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:03:14.0232 4660 Psched - ok
18:03:14.0248 4660 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:03:14.0263 4660 ql2300 - ok
18:03:14.0279 4660 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:03:14.0279 4660 ql40xx - ok
18:03:14.0294 4660 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:03:14.0294 4660 QWAVE - ok
18:03:14.0310 4660 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:03:14.0310 4660 QWAVEdrv - ok
18:03:14.0326 4660 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:03:14.0341 4660 RasAcd - ok
18:03:14.0341 4660 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:03:14.0357 4660 RasAgileVpn - ok
18:03:14.0372 4660 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:03:14.0388 4660 RasAuto - ok
18:03:14.0388 4660 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:03:14.0404 4660 Rasl2tp - ok
18:03:14.0419 4660 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:03:14.0435 4660 RasMan - ok
18:03:14.0450 4660 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:03:14.0466 4660 RasPppoe - ok
18:03:14.0466 4660 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:03:14.0482 4660 RasSstp - ok
18:03:14.0497 4660 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:03:14.0513 4660 rdbss - ok
18:03:14.0513 4660 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:03:14.0528 4660 rdpbus - ok
18:03:14.0528 4660 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:03:14.0544 4660 RDPCDD - ok
18:03:14.0560 4660 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:03:14.0560 4660 RDPDR - ok
18:03:14.0575 4660 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:03:14.0591 4660 RDPENCDD - ok
18:03:14.0591 4660 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:03:14.0606 4660 RDPREFMP - ok
18:03:14.0622 4660 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:03:14.0622 4660 RdpVideoMiniport - ok
18:03:14.0622 4660 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:03:14.0638 4660 RDPWD - ok
18:03:14.0638 4660 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:03:14.0653 4660 rdyboost - ok
18:03:14.0653 4660 Realtek11nSU (ea569d48b2e755af6d96f03f3335d98a) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
18:03:14.0653 4660 Realtek11nSU ( UnsignedFile.Multi.Generic ) - warning
18:03:14.0653 4660 Realtek11nSU - detected UnsignedFile.Multi.Generic (1)
18:03:14.0653 4660 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:03:14.0684 4660 RemoteAccess - ok
18:03:14.0684 4660 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:03:14.0700 4660 RemoteRegistry - ok
18:03:14.0716 4660 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:03:14.0731 4660 RpcEptMapper - ok
18:03:14.0731 4660 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:03:14.0747 4660 RpcLocator - ok
18:03:14.0747 4660 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:03:14.0778 4660 RpcSs - ok
18:03:14.0778 4660 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:03:14.0794 4660 rspndr - ok
18:03:14.0809 4660 RTL8192su (5edfcee5682237607082880338415aa6) C:\Windows\system32\DRIVERS\RTL8192su.sys
18:03:14.0825 4660 RTL8192su - ok
18:03:14.0825 4660 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:03:14.0825 4660 s3cap - ok
18:03:14.0840 4660 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:03:14.0840 4660 SamSs - ok
18:03:14.0856 4660 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\WNt500x64\Sandra.sys
18:03:14.0856 4660 SANDRA - ok
18:03:14.0856 4660 SandraAgentSrv (df7d83053f32dd52b7cc079eb3342c24) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe
18:03:14.0856 4660 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
18:03:14.0856 4660 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
18:03:14.0872 4660 SbieDrv (c7e399dbc7b70fda979013389b1a8dab) C:\Program Files\Sandboxie\SbieDrv.sys
18:03:14.0872 4660 SbieDrv - ok
18:03:14.0872 4660 SbieSvc (9f64e814007b5b586c123f3820c104a5) C:\Program Files\Sandboxie\SbieSvc.exe
18:03:14.0887 4660 SbieSvc - ok
18:03:14.0887 4660 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:03:14.0903 4660 sbp2port - ok
18:03:14.0903 4660 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:03:14.0918 4660 SCardSvr - ok
18:03:14.0934 4660 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:03:14.0950 4660 scfilter - ok
18:03:14.0965 4660 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:03:14.0981 4660 Schedule - ok
18:03:14.0996 4660 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:03:15.0012 4660 SCPolicySvc - ok
18:03:15.0012 4660 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:03:15.0028 4660 SDRSVC - ok
18:03:15.0028 4660 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:03:15.0043 4660 secdrv - ok
18:03:15.0059 4660 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:03:15.0074 4660 seclogon - ok
18:03:15.0074 4660 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:03:15.0106 4660 SENS - ok
18:03:15.0106 4660 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:03:15.0106 4660 SensrSvc - ok
18:03:15.0121 4660 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:03:15.0121 4660 Serenum - ok
18:03:15.0137 4660 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:03:15.0137 4660 Serial - ok
18:03:15.0152 4660 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:03:15.0152 4660 sermouse - ok
18:03:15.0168 4660 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:03:15.0184 4660 SessionEnv - ok
18:03:15.0184 4660 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:03:15.0199 4660 sffdisk - ok
18:03:15.0199 4660 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:03:15.0215 4660 sffp_mmc - ok
18:03:15.0215 4660 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:03:15.0230 4660 sffp_sd - ok
18:03:15.0230 4660 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:03:15.0230 4660 sfloppy - ok
18:03:15.0246 4660 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:03:15.0262 4660 SharedAccess - ok
18:03:15.0277 4660 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:03:15.0293 4660 ShellHWDetection - ok
18:03:15.0308 4660 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:03:15.0308 4660 SiSRaid2 - ok
18:03:15.0324 4660 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:03:15.0324 4660 SiSRaid4 - ok
18:03:15.0340 4660 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:03:15.0355 4660 Smb - ok
18:03:15.0355 4660 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:03:15.0371 4660 SNMPTRAP - ok
18:03:15.0371 4660 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:03:15.0371 4660 spldr - ok
18:03:15.0386 4660 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:03:15.0418 4660 Spooler - ok
18:03:15.0449 4660 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:03:15.0496 4660 sppsvc - ok
18:03:15.0496 4660 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:03:15.0511 4660 sppuinotify - ok
18:03:15.0527 4660 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:03:15.0527 4660 srv - ok
18:03:15.0542 4660 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:03:15.0558 4660 srv2 - ok
18:03:15.0558 4660 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:03:15.0574 4660 srvnet - ok
18:03:15.0574 4660 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:03:15.0589 4660 SSDPSRV - ok
18:03:15.0605 4660 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:03:15.0620 4660 SstpSvc - ok
18:03:15.0636 4660 ssudmdm (daa02a6e84a4f99b5b9cd3ef8d59d652) C:\Windows\system32\DRIVERS\ssudmdm.sys
18:03:15.0636 4660 ssudmdm - ok
18:03:15.0636 4660 Steam Client Service - ok
18:03:15.0652 4660 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:03:15.0652 4660 stexstor - ok
18:03:15.0667 4660 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:03:15.0683 4660 stisvc - ok
18:03:15.0683 4660 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:03:15.0698 4660 storflt - ok
18:03:15.0698 4660 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:03:15.0698 4660 storvsc - ok
18:03:15.0714 4660 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:03:15.0714 4660 swenum - ok
18:03:15.0730 4660 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:03:15.0745 4660 swprv - ok
18:03:15.0761 4660 Synth3dVsc - ok
18:03:15.0776 4660 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:03:15.0792 4660 SysMain - ok
18:03:15.0808 4660 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:03:15.0808 4660 TabletInputService - ok
18:03:15.0823 4660 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
18:03:15.0823 4660 taphss - ok
18:03:15.0839 4660 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:03:15.0854 4660 TapiSrv - ok
18:03:15.0854 4660 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:03:15.0886 4660 TBS - ok
18:03:15.0901 4660 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:03:15.0917 4660 Tcpip - ok
18:03:15.0948 4660 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:03:15.0964 4660 TCPIP6 - ok
18:03:15.0964 4660 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:03:15.0979 4660 tcpipreg - ok
18:03:15.0995 4660 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:03:15.0995 4660 TDPIPE - ok
18:03:16.0010 4660 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:03:16.0010 4660 TDTCP - ok
18:03:16.0026 4660 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:03:16.0042 4660 tdx - ok
18:03:16.0073 4660 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:03:16.0088 4660 TeamViewer7 - ok
18:03:16.0104 4660 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:03:16.0104 4660 TermDD - ok
18:03:16.0120 4660 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:03:16.0135 4660 TermService - ok
18:03:16.0151 4660 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:03:16.0151 4660 Themes - ok
18:03:16.0166 4660 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:03:16.0182 4660 THREADORDER - ok
18:03:16.0182 4660 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:03:16.0198 4660 TrkWks - ok
18:03:16.0213 4660 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:03:16.0229 4660 TrustedInstaller - ok
18:03:16.0229 4660 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:03:16.0244 4660 tssecsrv - ok
18:03:16.0260 4660 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:03:16.0260 4660 TsUsbFlt - ok
18:03:16.0276 4660 tsusbhub - ok
18:03:16.0276 4660 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:03:16.0291 4660 tunnel - ok
18:03:16.0307 4660 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:03:16.0307 4660 uagp35 - ok
18:03:16.0322 4660 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:03:16.0338 4660 udfs - ok
18:03:16.0338 4660 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:03:16.0354 4660 UI0Detect - ok
18:03:16.0354 4660 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:03:16.0369 4660 uliagpkx - ok
18:03:16.0369 4660 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:03:16.0385 4660 umbus - ok
18:03:16.0385 4660 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:03:16.0400 4660 UmPass - ok
18:03:16.0400 4660 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
18:03:16.0416 4660 UmRdpService - ok
18:03:16.0416 4660 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:03:16.0447 4660 upnphost - ok
18:03:16.0447 4660 USB28xxBGA (ad789196e3359d4782380cd5c6f8464e) C:\Windows\system32\DRIVERS\emBDA64.sys
18:03:16.0463 4660 USB28xxBGA - ok
18:03:16.0478 4660 USB28xxOEM (86301319e43eacdeb3b3503337a0a814) C:\Windows\system32\DRIVERS\emOEM64.sys
18:03:16.0478 4660 USB28xxOEM - ok
18:03:16.0494 4660 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:03:16.0494 4660 usbccgp - ok
18:03:16.0510 4660 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:03:16.0510 4660 usbcir - ok
18:03:16.0525 4660 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:03:16.0525 4660 usbehci - ok
18:03:16.0541 4660 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:03:16.0541 4660 usbhub - ok
18:03:16.0556 4660 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:03:16.0556 4660 usbohci - ok
18:03:16.0572 4660 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:03:16.0572 4660 usbprint - ok
18:03:16.0588 4660 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:03:16.0588 4660 usbscan - ok
18:03:16.0603 4660 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:03:16.0603 4660 USBSTOR - ok
18:03:16.0603 4660 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:03:16.0619 4660 usbuhci - ok
18:03:16.0619 4660 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
18:03:16.0634 4660 usb_rndisx - ok
18:03:16.0634 4660 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:03:16.0666 4660 UxSms - ok
18:03:16.0666 4660 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:03:16.0666 4660 VaultSvc - ok
18:03:16.0681 4660 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:03:16.0681 4660 vdrvroot - ok
18:03:16.0697 4660 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:03:16.0712 4660 vds - ok
18:03:16.0728 4660 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:03:16.0728 4660 vga - ok
18:03:16.0744 4660 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:03:16.0759 4660 VgaSave - ok
18:03:16.0759 4660 VGPU - ok
18:03:16.0775 4660 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:03:16.0775 4660 vhdmp - ok
18:03:16.0790 4660 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:03:16.0790 4660 viaide - ok
18:03:16.0806 4660 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:03:16.0806 4660 vmbus - ok
18:03:16.0822 4660 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:03:16.0822 4660 VMBusHID - ok
18:03:16.0837 4660 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:03:16.0837 4660 volmgr - ok
18:03:16.0853 4660 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:03:16.0853 4660 volmgrx - ok
18:03:16.0868 4660 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:03:16.0868 4660 volsnap - ok
18:03:16.0884 4660 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:03:16.0884 4660 vsmraid - ok
18:03:16.0900 4660 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:03:16.0931 4660 VSS - ok
18:03:16.0931 4660 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:03:16.0946 4660 vwifibus - ok
18:03:16.0946 4660 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:03:16.0962 4660 vwififlt - ok
18:03:16.0962 4660 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:03:16.0978 4660 vwifimp - ok
18:03:16.0978 4660 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:03:17.0009 4660 W32Time - ok
18:03:17.0009 4660 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:03:17.0024 4660 WacomPen - ok
18:03:17.0024 4660 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:03:17.0040 4660 WANARP - ok
18:03:17.0040 4660 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:03:17.0056 4660 Wanarpv6 - ok
18:03:17.0087 4660 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:03:17.0102 4660 wbengine - ok
18:03:17.0102 4660 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:03:17.0118 4660 WbioSrvc - ok
18:03:17.0118 4660 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:03:17.0134 4660 wcncsvc - ok
18:03:17.0149 4660 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:03:17.0149 4660 WcsPlugInService - ok
18:03:17.0165 4660 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:03:17.0165 4660 Wd - ok
18:03:17.0180 4660 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:03:17.0180 4660 Wdf01000 - ok
18:03:17.0196 4660 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:03:17.0196 4660 WdiServiceHost - ok
18:03:17.0212 4660 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:03:17.0212 4660 WdiSystemHost - ok
18:03:17.0227 4660 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:03:17.0227 4660 WebClient - ok
18:03:17.0243 4660 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:03:17.0258 4660 Wecsvc - ok
18:03:17.0274 4660 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:03:17.0290 4660 wercplsupport - ok
18:03:17.0290 4660 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:03:17.0321 4660 WerSvc - ok
18:03:17.0321 4660 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:03:17.0336 4660 WfpLwf - ok
18:03:17.0352 4660 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:03:17.0352 4660 WIMMount - ok
18:03:17.0352 4660 WinDefend - ok
18:03:17.0352 4660 WinHttpAutoProxySvc - ok
18:03:17.0368 4660 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:03:17.0383 4660 Winmgmt - ok
18:03:17.0414 4660 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:03:17.0430 4660 WinRM - ok
18:03:17.0446 4660 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:03:17.0446 4660 WinUsb - ok
18:03:17.0461 4660 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:03:17.0477 4660 Wlansvc - ok
18:03:17.0508 4660 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:03:17.0524 4660 wlidsvc - ok
18:03:17.0524 4660 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:03:17.0539 4660 WmiAcpi - ok
18:03:17.0539 4660 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:03:17.0555 4660 wmiApSrv - ok
18:03:17.0555 4660 WMPNetworkSvc - ok
18:03:17.0570 4660 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:03:17.0570 4660 WPCSvc - ok
18:03:17.0586 4660 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:03:17.0586 4660 WPDBusEnum - ok
18:03:17.0602 4660 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:03:17.0617 4660 ws2ifsl - ok
18:03:17.0617 4660 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:03:17.0633 4660 wscsvc - ok
18:03:17.0633 4660 WSearch - ok
18:03:17.0664 4660 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:03:17.0695 4660 wuauserv - ok
18:03:17.0711 4660 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:03:17.0726 4660 WudfPf - ok
18:03:17.0726 4660 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:03:17.0742 4660 WUDFRd - ok
18:03:17.0758 4660 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:03:17.0773 4660 wudfsvc - ok
18:03:17.0789 4660 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:03:17.0789 4660 WwanSvc - ok
18:03:17.0804 4660 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:03:17.0820 4660 \Device\Harddisk0\DR0 - ok
18:03:17.0820 4660 MBR (0x1B8) (a933594727bbdc89b5f63ce2968403cb) \Device\Harddisk1\DR1
18:03:17.0992 4660 \Device\Harddisk1\DR1 - ok
18:03:17.0992 4660 Boot (0x1200) (8bb5804004acb59e90fb1cdcd1e7e799) \Device\Harddisk0\DR0\Partition0
18:03:17.0992 4660 \Device\Harddisk0\DR0\Partition0 - ok
18:03:17.0992 4660 Boot (0x1200) (eb04b91c091cf4a6c6327b1c960ea5c5) \Device\Harddisk0\DR0\Partition1
18:03:17.0992 4660 \Device\Harddisk0\DR0\Partition1 - ok
18:03:17.0992 4660 ============================================================
18:03:17.0992 4660 Scan finished
18:03:17.0992 4660 ============================================================
18:03:18.0007 2944 Detected object count: 4
18:03:18.0007 2944 Actual detected object count: 4
18:03:23.0280 2944 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:23.0280 2944 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:23.0280 2944 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:23.0280 2944 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:23.0280 2944 Realtek11nSU ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:23.0280 2944 Realtek11nSU ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:23.0280 2944 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:23.0280 2944 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
20.04.2012, 19:19
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
20.04.2012, 21:11
| #19 |
| | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Hi, hier des ComboFix - Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-04-20.03 - ApoC 20.04.2012 21:56:13.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.16361.14426 [GMT 2:00]
ausgeführt von:: z:\benutzer\ApoC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
z:\benutzer\ApoC\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-20 bis 2012-04-20 ))))))))))))))))))))))))))))))
.
.
2012-04-20 17:33 . 2012-04-20 17:33 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-20 16:13 . 2012-04-20 16:14 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-04-20 16:12 . 2012-04-20 16:12 -------- d-----w- c:\programdata\Battle.net
2012-04-19 22:47 . 2012-01-17 12:46 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-04-19 22:47 . 2012-01-17 12:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-04-19 22:47 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-04-16 14:08 . 2012-04-16 14:13 -------- d-----w- c:\programdata\SecTaskMan
2012-04-13 19:26 . 2012-04-13 19:26 -------- d-----w- z:\benutzer\ApoC\AppData\Roaming\Unity
2012-04-13 19:19 . 2012-04-13 19:19 -------- d-----w- z:\benutzer\ApoC\AppData\Local\Unity
2012-04-13 18:18 . 2012-04-13 18:18 -------- d-----w- c:\windows\SysWow64\Adobe
2012-04-13 11:51 . 2012-04-14 14:51 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 11:03 . 2012-04-14 14:51 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-11 23:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 23:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 23:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 23:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 23:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 23:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 23:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 16:03 . 2012-04-10 16:03 -------- d-----w- z:\benutzer\ApoC\AppData\Roaming\Malwarebytes
2012-04-10 16:03 . 2012-04-10 16:03 -------- d-----w- c:\programdata\Malwarebytes
2012-04-10 16:03 . 2012-04-10 16:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-10 16:03 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 15:51 . 2012-04-10 15:51 -------- d-----w- c:\program files (x86)\ESET
2012-03-31 14:02 . 2012-03-31 14:02 -------- d-----w- z:\benutzer\ApoC\AppData\Roaming\AnvSoft
2012-03-31 14:01 . 2012-03-31 14:01 -------- d-----w- c:\program files (x86)\AnvSoft
2012-03-30 19:05 . 2012-03-30 19:05 -------- d-----w- z:\benutzer\ApoC\AppData\Local\Deshaker
2012-03-30 15:14 . 2012-04-08 23:29 -------- d-----w- c:\program files (x86)\RADVideo
2012-03-29 20:34 . 2012-03-29 20:34 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-29 20:33 . 2012-04-08 23:29 -------- d-----w- c:\program files (x86)\Windows Live
2012-03-29 20:31 . 2012-03-30 13:14 -------- d-----w- z:\benutzer\ApoC\AppData\Local\Windows Live
2012-03-29 20:31 . 2012-03-29 20:31 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-03-29 19:55 . 2012-03-29 22:37 -------- d-----w- c:\programdata\NCH Software
2012-03-29 19:54 . 2012-04-13 11:53 -------- d-----w- c:\program files (x86)\NCH Software
2012-03-29 19:54 . 2012-03-30 19:15 -------- d-----w- z:\benutzer\ApoC\AppData\Roaming\NCH Software
2012-03-23 00:26 . 2012-03-23 00:26 -------- d-----w- c:\program files (x86)\GhosteryIEplugin
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 14:51 . 2011-06-17 03:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-18 20:17 . 2011-09-30 07:00 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-18 20:17 . 2011-09-16 20:17 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-18 20:16 . 2011-09-16 20:17 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-16 17:48 . 2011-09-16 20:17 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-06 23:15 . 2012-01-25 18:14 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-01-25 18:14 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-06-17 03:42 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-01-25 18:14 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2012-01-25 18:14 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-01 09:56 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2012-01-25 18:14 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-01-25 18:14 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-01-25 18:14 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 00:02 . 2011-10-28 17:57 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2011-10-28 17:57 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2011-10-28 17:57 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 00:02 . 2011-10-28 17:57 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-01 00:02 . 2011-10-28 17:57 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-01 00:02 . 2011-10-28 17:57 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-01 00:02 . 2011-10-28 17:57 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-10-28 17:57 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-10-28 17:57 13626688 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-01 00:02 . 2011-10-28 17:57 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-01 00:02 . 2011-10-28 17:57 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-01 00:02 . 2011-10-28 17:57 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 00:02 . 2011-10-28 17:57 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 00:02 . 2011-10-28 17:57 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2011-10-28 17:57 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 00:02 . 2011-10-28 17:57 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-01 00:02 . 2011-10-28 17:57 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02 . 2011-10-28 17:57 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-10-28 17:57 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-01 00:02 . 2011-10-28 17:57 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-03-01 00:02 . 2011-10-28 17:57 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-17 06:38 . 2012-03-14 14:47 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 14:47 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 14:47 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 14:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 14:47 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-15 23:00 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 23:00 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-15 23:00 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 14:47 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 14:47 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 14:47 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]
2011-04-20 14:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-10-12 643856]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-11-09 1844296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Kone"="c:\program files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE" [2011-02-18 1666560]
"Arvo"="c:\program files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE" [2009-11-24 172032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 ALSysIO;ALSysIO;z:\benutzer\ApoC\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ArvoFltr;ROCCAT Arvo;c:\windows\system32\drivers\ArvoFltr.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
TCP: Interfaces\{B7162C6C-46FF-42CB-8E2D-3DC3F604D10C}: NameServer = 192.168.1.1
FF - ProfilePath - z:\benutzer\ApoC\AppData\Roaming\Mozilla\Firefox\Profiles\iuv9xn8l.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B7549dfb1-c070-4e89-b2ac-a67bc8c78843%7D&mid=7b36272ed69247d1b829252442074947-cac7cb5fa256c83ba403d640fea53c9bf961907c&ds=tg027&v=8.0.0.34.1&lang=en&pr=sa&d=2011-09-16%2020%3A17%3A46
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7549dfb1-c070-4e89-b2ac-a67bc8c78843%7D&mid=7b36272ed69247d1b829252442074947-cac7cb5fa256c83ba403d640fea53c9bf961907c&ds=tg027&v=8.0.0.34.1&lang=en&pr=sa&d=2011-09-16%2020%3A17%3A46&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.id - 4016fb5c000000000000f46d04e3a0b4
FF - user.js: extensions.BabylonToolbar_i.hardId - 4016fb5c000000000000f46d04e3a0b4
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:53
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111863
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-GameWiz32 - c:\windows\system32\GKSUI18.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3118882670-3202721733-1316367239-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:88,22,59,83,c3,fd,e1,14,57,c9,6d,ea,c9,e4,96,08,ae,a4,73,45,4d,a0,d7,
51,83,38,5c,6b,bf,b1,f9,95,8c,13,a0,d0,59,18,d5,f6,a2,c2,06,0d,c8,5c,76,88,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-3118882670-3202721733-1316367239-1000\Software\SecuROM\License information*]
"datasecu"=hex:9b,ad,02,ed,a1,4d,4b,8c,87,e7,9c,b8,dc,c6,19,90,78,8a,58,3a,8d,
6c,bd,d8,08,93,12,cc,1c,33,76,c1,9e,6c,9f,a0,31,55,1d,31,77,c9,70,2e,37,23,\
"rkeysecu"=hex:99,2d,4a,d2,50,88,f4,e6,23,23,2c,67,64,53,fe,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-20 22:01:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-20 20:01
.
Vor Suchlauf: 14 Verzeichnis(se), 48.075.112.448 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 47.734.435.840 Bytes frei
.
- - End Of File - - 278EA3B2769437AE3144795DFDDA9BCD
|
|
20.04.2012, 21:48
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.04.2012, 10:08
| #21 |
| | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Moin, "mission accomplished", gezipter Quarantäne-Ordner ist hoch geladen. Gruß Dispo |
|
21.04.2012, 16:48
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Filelook::
c:\windows\system32\nvhdap64.dll
c:\windows\system32\drivers\nvhda64v.sys
c:\windows\system32\nvhdagenco6420103.dll
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.04.2012, 23:39
| #23 |
| | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Hallo, und hier das CFScript-Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-04-20.03 - ApoC 22.04.2012 0:28.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.16361.10820 [GMT 2:00]
ausgeführt von:: z:\benutzer\ApoC\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: z:\benutzer\ApoC\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
z:\benutzer\ApoC\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-21 bis 2012-04-21 ))))))))))))))))))))))))))))))
.
.
2012-04-21 22:30 . 2012-04-21 22:30 -------- d-----w- z:\benutzer\Default\AppData\Local\temp
2012-04-20 17:33 . 2012-04-20 17:33 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-20 16:13 . 2012-04-20 16:14 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-04-20 16:12 . 2012-04-20 16:12 -------- d-----w- c:\programdata\Battle.net
2012-04-19 22:47 . 2012-01-17 12:46 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-04-19 22:47 . 2012-01-17 12:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-04-19 22:47 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-04-16 14:08 . 2012-04-16 14:13 -------- d-----w- c:\programdata\SecTaskMan
2012-04-13 19:26 . 2012-04-13 19:26 -------- d-----w- z:\benutzer\ApoC\AppData\Roaming\Unity
2012-04-13 19:19 . 2012-04-13 19:19 -------- d-----w- z:\benutzer\ApoC\AppData\Local\Unity
2012-04-13 18:18 . 2012-04-13 18:18 -------- d-----w- c:\windows\SysWow64\Adobe
2012-04-13 11:51 . 2012-04-14 14:51 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 11:03 . 2012-04-14 14:51 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-11 23:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 23:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 23:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 23:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 23:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 23:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 23:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 16:03 . 2012-04-10 16:03 -------- d-----w- z:\benutzer\ApoC\AppData\Roaming\Malwarebytes
2012-04-10 16:03 . 2012-04-10 16:03 -------- d-----w- c:\programdata\Malwarebytes
2012-04-10 16:03 . 2012-04-10 16:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-10 16:03 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 15:51 . 2012-04-10 15:51 -------- d-----w- c:\program files (x86)\ESET
2012-03-31 14:02 . 2012-03-31 14:02 -------- d-----w- z:\benutzer\ApoC\AppData\Roaming\AnvSoft
2012-03-31 14:01 . 2012-03-31 14:01 -------- d-----w- c:\program files (x86)\AnvSoft
2012-03-30 19:05 . 2012-03-30 19:05 -------- d-----w- z:\benutzer\ApoC\AppData\Local\Deshaker
2012-03-30 15:14 . 2012-04-08 23:29 -------- d-----w- c:\program files (x86)\RADVideo
2012-03-29 20:34 . 2012-03-29 20:34 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-29 20:33 . 2012-04-08 23:29 -------- d-----w- c:\program files (x86)\Windows Live
2012-03-29 20:31 . 2012-03-30 13:14 -------- d-----w- z:\benutzer\ApoC\AppData\Local\Windows Live
2012-03-29 20:31 . 2012-03-29 20:31 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-03-29 19:55 . 2012-03-29 22:37 -------- d-----w- c:\programdata\NCH Software
2012-03-29 19:54 . 2012-04-13 11:53 -------- d-----w- c:\program files (x86)\NCH Software
2012-03-29 19:54 . 2012-03-30 19:15 -------- d-----w- z:\benutzer\ApoC\AppData\Roaming\NCH Software
2012-03-23 00:26 . 2012-03-23 00:26 -------- d-----w- c:\program files (x86)\GhosteryIEplugin
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 14:51 . 2011-06-17 03:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-18 20:17 . 2011-09-30 07:00 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-18 20:17 . 2011-09-16 20:17 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-18 20:16 . 2011-09-16 20:17 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-16 17:48 . 2011-09-16 20:17 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-06 23:15 . 2012-01-25 18:14 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-01-25 18:14 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-06-17 03:42 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-01-25 18:14 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2012-01-25 18:14 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-01 09:56 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2012-01-25 18:14 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-01-25 18:14 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-01-25 18:14 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 00:02 . 2011-10-28 17:57 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2011-10-28 17:57 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2011-10-28 17:57 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 00:02 . 2011-10-28 17:57 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-01 00:02 . 2011-10-28 17:57 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-01 00:02 . 2011-10-28 17:57 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-01 00:02 . 2011-10-28 17:57 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-10-28 17:57 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-10-28 17:57 13626688 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-01 00:02 . 2011-10-28 17:57 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-01 00:02 . 2011-10-28 17:57 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-01 00:02 . 2011-10-28 17:57 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 00:02 . 2011-10-28 17:57 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 00:02 . 2011-10-28 17:57 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2011-10-28 17:57 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 00:02 . 2011-10-28 17:57 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-01 00:02 . 2011-10-28 17:57 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02 . 2011-10-28 17:57 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-10-28 17:57 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-01 00:02 . 2011-10-28 17:57 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-03-01 00:02 . 2011-10-28 17:57 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-17 06:38 . 2012-03-14 14:47 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 14:47 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 14:47 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 14:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 14:47 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-15 23:00 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 23:00 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-15 23:00 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 14:47 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 14:47 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 14:47 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\nvhda64v.sys ---
Company: NVIDIA Corporation
File Description: NVIDIA HDMI Audio Driver
File Version: 1.3.12.0 built by: WinDDK
Product Name: NVIDIA HDMI Audio Driver
Copyright: (C) NVIDIA Corporation. All rights reserved.
Original Filename: nvhda.sys
File size: 188224
Created time: 2012-04-19 22:47
Modified time: 2012-01-17 12:45
MD5: 8D4AAC74B571FC356560E5B308955E93
SHA1: B61C190119535221F265099F43DF4F8837339399
.
.
--- c:\windows\system32\nvhdagenco6420103.dll ---
Company: NVIDIA Corporation
File Description: Generic Coinstaller
File Version: 2,0,10,3
Product Name: NVIDIA Install Application
Copyright: (C) NVIDIA Corporation. All rights reserved.
Original Filename: nvgenco.dll
File size: 1451840
Created time: 2012-04-19 22:47
Modified time: 2012-01-17 12:45
MD5: 4862945F6C5D2B03ECC187575E5583E5
SHA1: 5CF9CD57DCE57ADD603AE4AE452460FD5B60A84C
.
.
--- c:\windows\system32\nvhdap64.dll ---
Company: NVIDIA Corporation
File Description: NVIDIA HDMI Audio Driver
File Version: 1.3.12.0 built by: WinDDK
Product Name: NVIDIA HDMI Audio Driver
Copyright: (C) NVIDIA Corporation. All rights reserved.
Original Filename: nvhdaprop.dll
File size: 31040
Created time: 2012-04-19 22:47
Modified time: 2012-01-17 12:46
MD5: 4E18A9B0A5F8A602347166258700CBD2
SHA1: 3A355A246027FFDD0E10A1D792A2FCFAF0A16E66
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-20_19.59.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-20 19:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-21 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-20 19:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-21 22:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-20 19:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-21 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-16 17:09 . 2012-04-21 08:55 47386 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-21 08:55 38384 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-16 17:09 . 2012-04-21 08:55 12780 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3118882670-3202721733-1316367239-1000_UserData.bin
- 2012-04-20 19:59 . 2012-04-20 19:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-21 22:31 . 2012-04-21 22:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-21 22:30 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-20 19:59 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-04-21 08:36 1937484 c:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2012-04-21 08:36 5175792 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-04-21 08:36 1368152 c:\windows\system32\perfc009.dat
+ 2009-07-14 17:58 . 2012-04-21 08:36 1534200 c:\windows\system32\perfc007.dat
+ 2011-06-16 18:58 . 2012-04-21 22:30 13201756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3118882670-3202721733-1316367239-1000-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]
2011-04-20 14:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-10-12 643856]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-11-09 1844296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Kone"="c:\program files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE" [2011-02-18 1666560]
"Arvo"="c:\program files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE" [2009-11-24 172032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 ALSysIO;ALSysIO;z:\benutzer\ApoC\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ArvoFltr;ROCCAT Arvo;c:\windows\system32\drivers\ArvoFltr.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]
S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
TCP: Interfaces\{B7162C6C-46FF-42CB-8E2D-3DC3F604D10C}: NameServer = 192.168.1.1
FF - ProfilePath - z:\benutzer\ApoC\AppData\Roaming\Mozilla\Firefox\Profiles\iuv9xn8l.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B7549dfb1-c070-4e89-b2ac-a67bc8c78843%7D&mid=7b36272ed69247d1b829252442074947-cac7cb5fa256c83ba403d640fea53c9bf961907c&ds=tg027&v=8.0.0.34.1&lang=en&pr=sa&d=2011-09-16%2020%3A17%3A46
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7549dfb1-c070-4e89-b2ac-a67bc8c78843%7D&mid=7b36272ed69247d1b829252442074947-cac7cb5fa256c83ba403d640fea53c9bf961907c&ds=tg027&v=8.0.0.34.1&lang=en&pr=sa&d=2011-09-16%2020%3A17%3A46&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.id - 4016fb5c000000000000f46d04e3a0b4
FF - user.js: extensions.BabylonToolbar_i.hardId - 4016fb5c000000000000f46d04e3a0b4
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:53
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111863
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3118882670-3202721733-1316367239-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:88,22,59,83,c3,fd,e1,14,57,c9,6d,ea,c9,e4,96,08,ae,a4,73,45,4d,a0,d7,
51,83,38,5c,6b,bf,b1,f9,95,8c,13,a0,d0,59,18,d5,f6,a2,c2,06,0d,c8,5c,76,88,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-3118882670-3202721733-1316367239-1000\Software\SecuROM\License information*]
"datasecu"=hex:9b,ad,02,ed,a1,4d,4b,8c,87,e7,9c,b8,dc,c6,19,90,78,8a,58,3a,8d,
6c,bd,d8,08,93,12,cc,1c,33,76,c1,9e,6c,9f,a0,31,55,1d,31,77,c9,70,2e,37,23,\
"rkeysecu"=hex:99,2d,4a,d2,50,88,f4,e6,23,23,2c,67,64,53,fe,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-22 00:32:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-21 22:32
ComboFix2.txt 2012-04-20 20:01
.
Vor Suchlauf: 15 Verzeichnis(se), 48.578.498.560 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 48.217.600.000 Bytes frei
.
- - End Of File - - 280F0D437F560F7EC7962A7CD15276C8
--- --- --- |
|
22.04.2012, 00:38
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2012, 10:00
| #25 |
| | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Moin! Ihr seit Hammer, Samstag Nacht um 1:38 Uhr im Forum aktiv, um fremden Leuten beim Lösen ihrer Rechnerprobleme zu helfen.  Hier die aswMBR.txt: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-22 10:51:23
-----------------------------
10:51:23.893 OS Version: Windows x64 6.1.7601 Service Pack 1
10:51:23.893 Number of processors: 4 586 0x2A07
10:51:23.893 ComputerName: BLACK-ADDER UserName: ApoC
10:51:24.034 Initialize success
10:51:24.065 AVAST engine defs: 12042200
10:52:08.509 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:52:08.509 Disk 0 Vendor: OCZ-VERT 1.33 Size: 114473MB BusType: 3
10:52:08.509 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
10:52:08.509 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 953868MB BusType: 3
10:52:08.509 Disk 0 MBR read successfully
10:52:08.509 Disk 0 MBR scan
10:52:08.509 Disk 0 Windows 7 default MBR code
10:52:08.509 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:52:08.525 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
10:52:08.525 Disk 0 scanning C:\Windows\system32\drivers
10:52:09.679 Service scanning
10:52:12.284 Modules scanning
10:52:12.284 Disk 0 trace - called modules:
10:52:12.284 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:52:12.284 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f03c060]
10:52:12.284 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800de48050]
10:52:12.409 AVAST engine scan C:\Windows
10:52:12.721 AVAST engine scan C:\Windows\system32
10:52:32.190 AVAST engine scan C:\Windows\system32\drivers
10:52:33.360 AVAST engine scan Z:\Benutzer\ApoC
10:53:50.331 AVAST engine scan C:\ProgramData
10:53:53.466 Scan finished successfully
10:54:48.690 Disk 0 MBR has been saved successfully to "Z:\Benutzer\ApoC\Desktop\MBR.dat"
10:54:48.690 The log file has been saved successfully to "Z:\Benutzer\ApoC\Desktop\aswMBR.txt"
Gruß Dispo |
|
22.04.2012, 18:48
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Hatte heute morgen um die Zeit nichts besseres zu tun  Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2012, 17:08
| #27 |
| | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Hallo wieder, hier die beiden Scan-Logs: MalwareBytes AntiMaleware FullScan: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.23.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ApoC :: BLACK-ADDER [Administrator] 23.04.2012 16:04:50 mbam-log-2012-04-23 (16-04-50).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 544370 Laufzeit: 29 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/23/2012 at 05:59 PM
Application Version : 5.0.1146
Core Rules Database Version : 8493
Trace Rules Database Version: 6305
Scan type : Complete Scan
Total Scan Time : 01:18:45
Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 616
Memory threats detected : 0
Registry items scanned : 67674
Registry threats detected : 0
File items scanned : 339813
File threats detected : 1
Adware.Tracking Cookie
Z:\Benutzer\ApoC\AppData\Roaming\Microsoft\Windows\Cookies\RWK55UKU.txt [ /doubleclick.net ]
|
|
23.04.2012, 21:15
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2012, 22:59
| #29 |
| | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Hi, mein System ist wieder völlig in Ordnung!  Nochmals vielen Dank für deine Mühen. Ich bin aus gewohnheit ja IE-Nutzer (Ich weiss:  )Und normalerweise lasse ich den IE in einer Sandbox laufen, so das er, egal was da passiert, keine Systemdateien verändern kann. Nach jedem surfen lösche ich dann die komplette Sandbox für den IE. Ausgerechnet einmal nicht gemacht, den IE "einfach So" gestartet und Zack .... den Trojaner eingefangen  Murphy at its best sozusagen.... |
|
24.04.2012, 12:12
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU Trojaner entfernt, Desktop, TaskManager und RegEdit noch deaktiviert. |
| acrobat update, adobe, avast, babylon toolbar, babylontoolbar, bonjour, booten, cid, defender, desktop, device driver, disabletaskmgr, entfernen, firefox, helper, java/exploit.cve-2012-0507, kaspersky, locker, mozilla, nicht installiert, nicht starten, plug-in, remote control, schädling, software, svchost.exe, system, taskmanager, trojaner, trojaner-board, usb, usb 2.0, usb 3.0, windows, windows 7 x64, windows unlocker |
Linear-Darstellung
