Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner unter win 7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.07.2012, 12:49   #1
littleTED
 
GVU Trojaner unter win 7 - Beitrag

GVU Trojaner unter win 7



Hallo, (schönen Dank schonmal im Vorraus

hab mir leider den GVU trojaner eingefangen . Typischen symptome , keine Systemwiederher. möglich , Avas hat nach starten mit einer alten xp Platte den Troji geblockt so kann ich wieder auf meinem Rechner zugreifen.

HTML-Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ted :: TEDS_PC [Administrator]

26.07.2012 11:46:12
mbam-log-2012-07-26 (11-46-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203551
Laufzeit: 2 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ted\AppData\Roaming\msconfig.dat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

HTML-Code:
OTL logfile created on: 26.07.2012 12:28:05 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Ted\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 41,70% Memory free
8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,69 Gb Total Space | 72,75 Gb Free Space | 42,12% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 277,54 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 138,82 Gb Free Space | 59,61% Space Free | Partition Type: NTFS
Drive G: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TEDS_PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.07.26 12:26:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ted\Downloads\OTL.exe
PRC - [2012.07.18 17:36:56 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.07.18 17:35:33 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.03 10:29:04 | 004,657,048 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.07.26 11:58:30 | 000,192,512 | ---- | M] () -- C:\Users\Ted\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.07.26 11:58:30 | 000,172,032 | ---- | M] () -- C:\Users\Ted\AppData\Local\Temp\sfareca00001.dll
MOD - [2012.07.18 17:36:56 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.07.18 17:35:32 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
MOD - [2011.02.07 06:14:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll
MOD - [2011.02.07 06:14:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2011.02.07 06:14:16 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll
MOD - [2011.02.07 06:14:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 17:35:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.08.10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010.07.28 05:01:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:[b]64bit:[/b] - [2009.10.21 05:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:[b]64bit:[/b] - [2009.07.30 11:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.05.14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 EC C8 DC 51 F1 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.06.29 23:45:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.26 12:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.22 13:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\mozilla\Extensions
[2012.07.04 23:50:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\mozilla\Firefox\Profiles\hptqz0np.default\extensions
[2012.06.07 22:59:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ted\AppData\Roaming\mozilla\Firefox\Profiles\hptqz0np.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.29 19:41:38 | 000,000,168 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\searchplugins\icqplugin.gif
[2012.07.22 22:45:48 | 000,001,056 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\searchplugins\icqplugin.xml
[2012.02.22 13:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.29 23:45:07 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.07.18 17:35:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 04:58:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.19 04:58:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.19 04:58:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 04:58:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 04:58:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 04:58:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75C0382A-25AA-41C7-8311-D7BAA7B453BA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0241155-722B-40A4-87B0-F0CAA4F68DF3}: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 15:16:34 | 002,070,624 | R--- | M] () - G:\Autorun.bba -- [ CDFS ]
O32 - AutoRun File - [2007.08.12 11:48:35 | 000,648,440 | R--- | M] (Blue Byte GmbH) - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.08.15 21:47:33 | 000,000,102 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{58e0532e-5d40-11e1-a402-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{58e0532e-5d40-11e1-a402-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2007.08.12 11:48:35 | 000,648,440 | R--- | M] (Blue Byte GmbH)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.07.18 17:36:56 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.18 17:36:56 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.30 00:12:08 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\Macromedia
[2012.06.29 23:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.06.29 23:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2012.06.29 23:48:26 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.29 23:48:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.29 23:48:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.29 23:48:12 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.29 23:48:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.29 23:10:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.06.29 19:54:06 | 000,000,000 | ---D | C] -- C:\Users\Ted\Documents\ICQ
[2012.06.29 19:42:01 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\ICQ Search
[2012.06.29 19:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2012.06.29 19:41:22 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\ICQ
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.07.26 11:45:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.26 11:42:57 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 11:42:57 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 11:38:13 | 000,762,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.26 11:38:13 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.26 11:38:13 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.26 11:38:13 | 000,004,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.26 11:38:13 | 000,003,894 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.26 11:32:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 11:32:00 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 11:30:22 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.26 11:30:08 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.07.26 11:30:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.07.18 17:36:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.18 17:36:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.04 09:37:42 | 000,000,024 | ---- | M] () -- C:\Users\Ted\Documents\aionmemo_d17e7c 7.dat
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.30 00:20:35 | 000,094,944 | ---- | M] () -- C:\Users\Ted\Desktop\[000731]_1.jpg
[2012.06.29 23:52:33 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.07.16 10:44:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.06 14:14:16 | 001,065,432 | ---- | C] () -- C:\Users\Ted\Desktop\Dokument test.rtf
[2012.06.29 23:52:33 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012.06.29 23:45:18 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.06.29 20:15:35 | 000,094,944 | ---- | C] () -- C:\Users\Ted\Desktop\[000731]_1.jpg
[2012.03.06 23:24:00 | 000,000,017 | ---- | C] () -- C:\Users\Ted\AppData\Local\resmon.resmoncfg
[2012.02.22 14:30:54 | 000,029,347 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.02.22 12:58:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.02.22 12:58:45 | 000,022,996 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

< End of report >

HTML-Code:
OTL Extras logfile created on: 26.07.2012 12:28:05 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Ted\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 41,70% Memory free
8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,69 Gb Total Space | 72,75 Gb Free Space | 42,12% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 277,54 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 138,82 Gb Free Space | 59,61% Space Free | Partition Type: NTFS
Drive G: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TEDS_PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FF9467-0EBB-4D2E-8983-6A5DECB494A5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{10301845-8A96-42A2-980F-19E07A84AC99}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{127672F7-32A1-4C53-9679-507E298FFD70}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{206250BB-5498-48FC-ADA5-E1D1113B69D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2165F64C-6115-40A4-BB03-AD7D8F44C7B7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3D09F290-31C8-46A2-B47D-3883FF1607BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3E62C7ED-AC3E-40F6-B894-C2858E83649A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{41071AD6-A990-4D12-8D07-F02F646CD4B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{496C2D08-0DE5-4F68-A12E-C46ABEAD513D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4D8B7C57-7FFE-477B-8D11-90E322BE3FC4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5206A194-2415-4D51-BABB-10FDBA6CEF69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{54006AAE-9CE0-4DEA-918C-90E9D0EE3B80}" = lport=138 | protocol=17 | dir=in | app=system | 
"{62BA3F5B-235A-44B0-B491-7D2B295B8F37}" = lport=445 | protocol=6 | dir=in | app=system | 
"{65D0D109-B638-44E8-910A-F0B9CD76E77F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{691DAB3E-CC40-49D9-AB85-439DE094FECD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{738E0A30-1A83-41E4-9D83-8F77F7AB8C4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83A82BD7-5C12-49D9-BCD6-2867031A1FA5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8F2537D9-4BD5-417C-AEB4-496273EB5CAC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{93BEC8E1-48DC-425F-83DC-6F9CD427D7B2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{944F9D6E-E635-4D00-B6C7-CF18FAD160B6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A1AB3126-C3D6-4F8D-8167-6309636F8F6C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A459DBFF-4560-4750-A025-AE73B839ABB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A9B00961-BF6B-4444-A2B7-107DFC5DCD54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{AEC88ADA-0C05-40FD-8865-2754A6175C9E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B20C924F-E908-4486-AB8B-4ADFB9A3FA42}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B6E590A6-2AC2-406C-9EF0-485549003044}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9A96205-A3D9-44FB-B7CD-48C7CC6F8B02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DF6F1C14-5EB4-4369-87B4-9B8998F903D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E00B1205-A2BA-4D57-A99B-ADF254DF712E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E0C692FD-F295-4046-8FB6-C1602052F56C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F2DBC930-0ECD-4782-A0C9-AD5E213641C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06242426-24E7-4354-B009-066C1CDE4A56}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{0778A342-DC8B-45C9-AA4F-7ED89C5B50B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0886FF0E-26E4-4D04-B4CC-213F4265DA7F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{0CA1B0EA-7151-40F2-893A-CFBE2FBEC941}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{138EBF52-FA80-4018-8FF9-00FE82C8B7BA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{261E403A-437A-47EE-92D3-69A673E953F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{344C237E-C54A-4A10-8435-E96563B8DB5F}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{34DFA264-1FEE-4A7C-BB62-9318EF6CD03E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{36A07CB5-3F99-46D3-8B65-017926D4B960}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{3EA91836-C990-4B49-86F9-DB48843F5A0B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{461C9832-A5E0-4552-B20D-614E6764B7F0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{53A34F95-F75E-45CA-B4CE-B700BE6ED8A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{58075F32-2172-4241-B208-319DEDF961C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68FACBA3-95E6-4D37-8366-3039B31344AB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{78CDC20E-346E-4672-A802-63DEA9D4958D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{795B43FC-AA7A-467D-9D32-C3D5BFF57F30}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7DEC4397-FF44-4301-8E30-4EA9B8BC40F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{83DDF589-CBA9-4D7E-B4E5-3BF1C6D53287}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9A9112E1-3266-4D98-9ED5-8154738523F5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{A34D7389-5631-412F-998E-24AFCB212D55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A4DEDDB9-4B2B-4442-A982-BEE81B74BF14}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{A7FA2C5D-C305-4904-B7BF-B1F83669A736}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{B3643AED-750D-41ED-AF3D-26C9F46B0166}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{B87D1060-62C8-4303-9D69-938AEF1738A4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{BCAF13A0-DDDE-4DF1-83AC-D132065CA338}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{CEB90C81-A451-4F5F-BE54-818A15475282}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{D51BF674-320B-4C29-A144-62E27B61EAF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCD0C259-C8A8-4578-9109-8564E1028C96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DEA7A762-0865-43C0-914D-167916492059}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E2F8B5B0-0BE1-436D-BCCD-D94D6CA24258}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4EAA6E5-890D-4E1B-986A-F9C95531A47A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E608CD18-FE0C-4E07-B757-C12C894D8002}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F05C90D3-F406-4DCB-AE26-21097101DF51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F3159932-F7F6-4CCB-B3ED-CBF47CFDDB4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F422221D-6119-4B42-935F-ACE69B5DE58A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FCF903C8-9525-4012-A4C1-785749D1CE91}" = protocol=6 | dir=out | app=system | 
"{FFF86582-F9C8-4F29-9819-32830DB238DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{089DD53D-C1F7-45E7-9E4D-FD74DCF6BEE8}C:\users\ted\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\ted\downloads\starcraft_2_eu_en-gb.exe | 
"TCP Query User{156ACBF3-0E6A-41BD-B36B-1F5C60A9531F}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
"TCP Query User{1D6111F1-67C3-4ACC-B105-64905AB9836A}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{56CA2C37-2357-4BF8-AFA2-5AF948124D99}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{6AD25C7A-9953-41CB-A063-7992419BF60F}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"TCP Query User{7275EE08-5CC5-4344-954F-3C6074218265}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{AD2B0C36-6B9D-4ED0-BED6-71A7D010B3B2}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
"TCP Query User{CF4678AE-1E35-4387-947E-E6DDEB5B1275}C:\users\ted\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\ted\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{F7E16595-E7A8-4877-B50A-B604A33F3966}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{0F9D1E18-98DE-4154-B481-D6549C7A101F}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{0FEB7987-6492-4CDF-B88A-BAC4CF9C523F}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
"UDP Query User{2CC35462-C51F-4CF0-B407-66071FF0BE37}C:\users\ted\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\ted\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{8489EDB3-836A-4C7F-B604-A1976A2DAED7}C:\users\ted\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\ted\downloads\starcraft_2_eu_en-gb.exe | 
"UDP Query User{B1251E4E-7B33-47B9-A5E0-431F65CA346C}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{B45FF184-1981-4DA8-91A3-AA79F7CC9521}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
"UDP Query User{BBFD1BD5-57F6-4597-A41C-4DFAB1E0FC57}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{DDEE9E00-B25B-420A-B2A6-672C9C1C38EE}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | 
"UDP Query User{E7A4C732-7CEB-437A-A342-56F8D11E5BB5}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"CCleaner" = CCleaner
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E03C8BE-0848-430F-BECA-7D7709401626}" = TP-LINK Wireless Client Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"avast" = avast! Free Antivirus
"Diablo III" = Diablo III
"EVE" = EVE Online (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"hon" = Heroes of Newerth
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"T4EPlayer" = T4E Player
"VLC media player" = VLC media player 2.0.0
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 24.07.2012 04:39:26 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 04:45:27 | Computer Name = Teds_PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
 nicht initialisiert werden.  Details: Could not query the status of the EventSystem
 service.  System Error: Der Computer wird heruntergefahren.  .
 
Error - 24.07.2012 04:47:34 | Computer Name = Teds_PC | Source = Application Hang | ID = 1002
Description = Programm svchost.exe, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 848    Startzeit: 01cd6978d7b5db40    Endzeit: 0    Anwendungspfad: C:\Windows\syswow64\svchost.exe

Berichts-ID:
 32354e21-d56c-11e1-a164-e0cb4ecfef19  
 
Error - 24.07.2012 04:48:15 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 04:51:43 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 05:17:57 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 07:54:22 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.07.2012 07:58:55 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.07.2012 05:30:44 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.07.2012 05:33:52 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 24.07.2012 04:44:34 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2012 04:50:04 | Computer Name = Teds_PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?07.?2012 um 10:48:21 unerwartet heruntergefahren.
 
Error - 26.07.2012 05:30:35 | Computer Name = Teds_PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.07.2012 05:34:21 | Computer Name = Teds_PC | Source = nvstor64 | ID = 14548999
Description = Das Gerät wurde vom System entfernt.        Gerät: \Device\RaidPort0    Modell:
 WDC WD360GD-00FLC0    Firmware-Version: 33.0    Seriennummer: WD-WMAKH1218587    Anschluss:
 0  
 
 
< End of report >
hab meinen Rechner schon lang net mehr gereignigt leider
mfg
Mattes

Alt 26.07.2012, 13:26   #2
markusg
/// Malware-holic
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



hi
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
__________________

__________________

Alt 26.07.2012, 13:54   #3
littleTED
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



Hallo,
diesen Ordner finde ich bei mir nicht , leider
finde Java nur unter C: Programme (x86)

oder ich bin zu blond dazu ^^
__________________

Alt 26.07.2012, 13:55   #4
markusg
/// Malware-holic
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



hast du "name" durch deinen nutzernamen ersetzt?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.07.2012, 14:02   #5
littleTED
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



ja hab ich ,
C: Benutzer / Name ist TED

als ordner hab ich da drin
Desktop
Diablo-III installer
Downloads
Eigene Bilder
Eigene Dokumente
Eigene Music
Eigene Videos
Favoriten
Gespeicherte Spiele
Kontakte
Links
SC 2 installer

ja bin doch blond sry
bekommste sofort


Alt 26.07.2012, 14:04   #6
markusg
/// Malware-holic
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



blende mal versteckte dateien und ordner ein:
Versteckte Ordner einblenden in Windows
__________________
--> GVU Trojaner unter win 7

Alt 26.07.2012, 14:16   #7
littleTED
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



ich hoffe es hat geklappt ...

Alt 26.07.2012, 16:15   #8
markusg
/// Malware-holic
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



danke dir
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.07.2012, 17:23   #9
littleTED
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



Hallo,

der Rechner ist nicht neu gestartet bzw hatte ich black screen musste nochmal neu booten .

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-27.02 - Ted 26.07.2012  17:05:20.1.6 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2485 [GMT 2:00]
ausgeführt von:: c:\users\Ted\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ted\AppData\Local\Temp\sfamcc00001.dll
c:\users\Ted\AppData\Local\Temp\sfareca00001.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-26 bis 2012-07-26  ))))))))))))))))))))))))))))))
.
.
2012-07-26 12:09 . 2012-07-26 12:09	--------	d-----w-	c:\program files\WinRAR
2012-07-18 15:36 . 2012-07-18 15:36	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 15:36 . 2012-07-18 15:36	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 22:12 . 2012-06-29 22:12	--------	d-----w-	c:\users\Ted\AppData\Local\Macromedia
2012-06-29 21:52 . 2012-06-29 21:52	--------	d-----w-	c:\program files (x86)\ICQ7M
2012-06-29 21:48 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-29 21:48 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-29 21:48 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-29 21:48 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-29 21:48 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-29 21:48 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-29 21:48 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-29 21:48 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-29 21:48 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-29 21:10 . 2012-06-29 21:10	--------	d-----w-	c:\windows\system32\appmgmt
2012-06-29 17:42 . 2012-06-29 17:42	--------	d-----w-	c:\users\Ted\AppData\Roaming\ICQ Search
2012-06-29 17:41 . 2012-06-29 17:41	--------	d-----w-	c:\programdata\ICQ
2012-06-29 17:41 . 2012-07-24 19:41	--------	d-----w-	c:\users\Ted\AppData\Roaming\ICQ
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 11:46 . 2012-04-03 20:08	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-30 01:47 . 2012-06-15 01:38	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B08B24A-E2F0-4CE3-A694-30AE24CA8ACE}\offreg.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-07-28 1918976]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-21 1270784]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-26  17:19:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-26 15:19
.
Vor Suchlauf: 7 Verzeichnis(se), 78.201.233.408 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 77.922.897.920 Bytes frei
.
- - End Of File - - 12B192E252F389A1B2DE8692D466EE04
         
--- --- ---


hab nochmal OTL drüberlaufenlassen

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.07.2012 17:25:21 - Run 2
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Ted\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,49% Memory free
8,00 Gb Paging File | 6,54 Gb Available in Paging File | 81,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,69 Gb Total Space | 72,96 Gb Free Space | 42,25% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 277,54 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 138,82 Gb Free Space | 59,61% Space Free | Partition Type: NTFS
Drive G: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TEDS_PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.26 12:26:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ted\Downloads\OTL.exe
PRC - [2012.07.18 17:35:33 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.03 10:29:04 | 004,657,048 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.26 17:23:05 | 000,192,512 | ---- | M] () -- C:\Users\Ted\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.07.26 17:23:05 | 000,172,032 | ---- | M] () -- C:\Users\Ted\AppData\Local\Temp\sfareca00001.dll
MOD - [2012.07.18 17:35:32 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
MOD - [2011.02.07 06:14:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll
MOD - [2011.02.07 06:14:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2011.02.07 06:14:16 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll
MOD - [2011.02.07 06:14:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 17:35:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.08.10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.07.28 05:01:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.10.21 05:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.30 11:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 EC C8 DC 51 F1 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.06.29 23:45:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.26 12:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.22 13:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\mozilla\Extensions
[2012.07.04 23:50:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\mozilla\Firefox\Profiles\hptqz0np.default\extensions
[2012.06.07 22:59:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ted\AppData\Roaming\mozilla\Firefox\Profiles\hptqz0np.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.29 19:41:38 | 000,000,168 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\searchplugins\icqplugin.gif
[2012.07.22 22:45:48 | 000,001,056 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\searchplugins\icqplugin.xml
[2012.02.22 13:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.29 23:45:07 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.07.18 17:35:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 04:58:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.19 04:58:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.19 04:58:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 04:58:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 04:58:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 04:58:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.07.26 17:16:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75C0382A-25AA-41C7-8311-D7BAA7B453BA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0241155-722B-40A4-87B0-F0CAA4F68DF3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 15:16:34 | 002,070,624 | R--- | M] () - G:\Autorun.bba -- [ CDFS ]
O32 - AutoRun File - [2007.08.12 11:48:35 | 000,648,440 | R--- | M] (Blue Byte GmbH) - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.08.15 21:47:33 | 000,000,102 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.26 17:16:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.26 17:08:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.26 17:04:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.26 17:04:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.26 17:04:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.26 17:04:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.26 17:03:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.26 14:09:21 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\WinRAR
[2012.07.26 14:09:21 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.26 14:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.26 14:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.07.18 17:36:56 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.18 17:36:56 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.30 00:12:08 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\Macromedia
[2012.06.29 23:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.06.29 23:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2012.06.29 23:48:26 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.29 23:48:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.29 23:48:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.29 23:48:19 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.29 23:48:19 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.29 23:48:19 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.29 23:48:12 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.29 23:48:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.29 23:10:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.06.29 19:54:06 | 000,000,000 | ---D | C] -- C:\Users\Ted\Documents\ICQ
[2012.06.29 19:42:01 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\ICQ Search
[2012.06.29 19:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2012.06.29 19:41:22 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\ICQ
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.26 17:22:33 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 17:22:33 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 17:19:33 | 000,762,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.26 17:19:33 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.26 17:19:33 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.26 17:19:33 | 000,004,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.26 17:19:33 | 000,003,894 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.26 17:16:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.26 17:15:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 17:15:02 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 14:10:35 | 000,661,396 | ---- | M] () -- C:\Users\Ted\Desktop\cache.rar
[2012.07.26 11:45:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.26 11:30:22 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.26 11:30:08 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.07.26 11:30:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.07.18 17:36:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.18 17:36:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.04 09:37:42 | 000,000,024 | ---- | M] () -- C:\Users\Ted\Documents\aionmemo_d17e7c 7.dat
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.30 00:20:35 | 000,094,944 | ---- | M] () -- C:\Users\Ted\Desktop\[000731]_1.jpg
[2012.06.29 23:52:33 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.26 17:04:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.26 17:04:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.26 17:04:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.26 17:04:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.26 17:04:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.26 14:10:35 | 000,661,396 | ---- | C] () -- C:\Users\Ted\Desktop\cache.rar
[2012.07.16 10:44:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.06 14:14:16 | 001,065,432 | ---- | C] () -- C:\Users\Ted\Desktop\Dokument test.rtf
[2012.06.29 23:52:33 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012.06.29 23:45:18 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.06.29 20:15:35 | 000,094,944 | ---- | C] () -- C:\Users\Ted\Desktop\[000731]_1.jpg
[2012.03.06 23:24:00 | 000,000,017 | ---- | C] () -- C:\Users\Ted\AppData\Local\resmon.resmoncfg
[2012.02.22 14:30:54 | 000,029,347 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.02.22 12:58:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.02.22 12:58:45 | 000,022,996 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

< End of report >
         
--- --- ---

und noch ein ein vollstandiger scan
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ted :: TEDS_PC [Administrator]

26.07.2012 17:32:48
mbam-log-2012-07-26 (17-32-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 308649
Laufzeit: 23 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

hab ich noch was vergessen ?


Geändert von littleTED (26.07.2012 um 18:01 Uhr)

Alt 26.07.2012, 20:05   #10
markusg
/// Malware-holic
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.07.2012, 20:10   #11
littleTED
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



ergebniss

HTML-Code:
20:07:14.0038 0848	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:07:14.0105 0848	============================================================
20:07:14.0106 0848	Current date / time: 2012/07/26 20:07:14.0105
20:07:14.0106 0848	SystemInfo:
20:07:14.0106 0848	
20:07:14.0106 0848	OS Version: 6.1.7601 ServicePack: 1.0
20:07:14.0106 0848	Product type: Workstation
20:07:14.0106 0848	ComputerName: TEDS_PC
20:07:14.0106 0848	UserName: Ted
20:07:14.0106 0848	Windows directory: C:\Windows
20:07:14.0106 0848	System windows directory: C:\Windows
20:07:14.0106 0848	Running under WOW64
20:07:14.0106 0848	Processor architecture: Intel x64
20:07:14.0106 0848	Number of processors: 6
20:07:14.0106 0848	Page size: 0x1000
20:07:14.0106 0848	Boot type: Normal boot
20:07:14.0106 0848	============================================================
20:07:15.0249 0848	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:07:15.0264 0848	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x7E2CB, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
20:07:15.0268 0848	============================================================
20:07:15.0268 0848	\Device\Harddisk0\DR0:
20:07:15.0268 0848	MBR partitions:
20:07:15.0268 0848	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
20:07:15.0268 0848	\Device\Harddisk1\DR1:
20:07:15.0268 0848	MBR partitions:
20:07:15.0268 0848	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:07:15.0268 0848	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x15963800
20:07:15.0268 0848	\Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x15996000, BlocksNum 0x249EF000
20:07:15.0268 0848	============================================================
20:07:15.0287 0848	C: <-> \Device\Harddisk1\DR1\Partition1
20:07:15.0379 0848	D: <-> \Device\Harddisk1\DR1\Partition2
20:07:15.0414 0848	E: <-> \Device\Harddisk0\DR0\Partition0
20:07:15.0414 0848	============================================================
20:07:15.0414 0848	Initialize success
20:07:15.0414 0848	============================================================
20:07:53.0403 0852	============================================================
20:07:53.0403 0852	Scan started
20:07:53.0403 0852	Mode: Manual; SigCheck; TDLFS; 
20:07:53.0403 0852	============================================================
20:07:54.0317 0852	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:07:54.0441 0852	1394ohci - ok
20:07:54.0485 0852	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:07:54.0499 0852	ACPI - ok
20:07:54.0507 0852	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:07:54.0565 0852	AcpiPmi - ok
20:07:54.0654 0852	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:07:54.0662 0852	AdobeARMservice - ok
20:07:54.0709 0852	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:07:54.0725 0852	adp94xx - ok
20:07:54.0755 0852	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:07:54.0769 0852	adpahci - ok
20:07:54.0807 0852	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:07:54.0818 0852	adpu320 - ok
20:07:54.0841 0852	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:07:54.0984 0852	AeLookupSvc - ok
20:07:55.0068 0852	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:07:55.0126 0852	AFD - ok
20:07:55.0141 0852	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:07:55.0150 0852	agp440 - ok
20:07:55.0175 0852	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:07:55.0216 0852	ALG - ok
20:07:55.0247 0852	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:07:55.0256 0852	aliide - ok
20:07:55.0271 0852	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:07:55.0280 0852	amdide - ok
20:07:55.0291 0852	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:07:55.0315 0852	AmdK8 - ok
20:07:55.0339 0852	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:07:55.0360 0852	AmdPPM - ok
20:07:55.0395 0852	amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
20:07:55.0405 0852	amdsata - ok
20:07:55.0430 0852	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:07:55.0441 0852	amdsbs - ok
20:07:55.0454 0852	amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
20:07:55.0463 0852	amdxata - ok
20:07:55.0484 0852	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:07:55.0605 0852	AppID - ok
20:07:55.0633 0852	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:07:55.0679 0852	AppIDSvc - ok
20:07:55.0702 0852	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:07:55.0749 0852	Appinfo - ok
20:07:55.0808 0852	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:07:55.0874 0852	AppMgmt - ok
20:07:55.0903 0852	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:07:55.0914 0852	arc - ok
20:07:55.0926 0852	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:07:55.0936 0852	arcsas - ok
20:07:55.0981 0852	aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
20:07:56.0003 0852	aswFsBlk - ok
20:07:56.0075 0852	aswMonFlt       (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
20:07:56.0085 0852	aswMonFlt - ok
20:07:56.0138 0852	aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
20:07:56.0147 0852	aswRdr - ok
20:07:56.0189 0852	aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
20:07:56.0215 0852	aswSnx - ok
20:07:56.0239 0852	aswSP           (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
20:07:56.0252 0852	aswSP - ok
20:07:56.0268 0852	aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
20:07:56.0277 0852	aswTdi - ok
20:07:56.0293 0852	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:07:56.0337 0852	AsyncMac - ok
20:07:56.0376 0852	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:07:56.0385 0852	atapi - ok
20:07:56.0513 0852	athur           (417b9bab376e8e50f6770196656fd348) C:\Windows\system32\DRIVERS\athurx.sys
20:07:56.0588 0852	athur - ok
20:07:56.0737 0852	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:07:56.0799 0852	AudioEndpointBuilder - ok
20:07:56.0804 0852	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:07:56.0833 0852	AudioSrv - ok
20:07:56.0914 0852	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:07:56.0923 0852	avast! Antivirus - ok
20:07:56.0969 0852	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:07:57.0031 0852	AxInstSV - ok
20:07:57.0100 0852	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:07:57.0153 0852	b06bdrv - ok
20:07:57.0184 0852	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:07:57.0220 0852	b57nd60a - ok
20:07:57.0246 0852	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:07:57.0309 0852	BDESVC - ok
20:07:57.0360 0852	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:07:57.0408 0852	Beep - ok
20:07:57.0472 0852	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:07:57.0550 0852	BFE - ok
20:07:57.0612 0852	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:07:57.0715 0852	BITS - ok
20:07:57.0767 0852	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:07:57.0777 0852	blbdrive - ok
20:07:57.0805 0852	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:07:57.0838 0852	bowser - ok
20:07:57.0876 0852	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:07:57.0902 0852	BrFiltLo - ok
20:07:57.0919 0852	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:07:57.0954 0852	BrFiltUp - ok
20:07:57.0989 0852	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:07:58.0030 0852	BridgeMP - ok
20:07:58.0078 0852	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:07:58.0104 0852	Browser - ok
20:07:58.0136 0852	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:07:58.0186 0852	Brserid - ok
20:07:58.0196 0852	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:07:58.0223 0852	BrSerWdm - ok
20:07:58.0238 0852	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:07:58.0250 0852	BrUsbMdm - ok
20:07:58.0264 0852	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:07:58.0288 0852	BrUsbSer - ok
20:07:58.0304 0852	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:07:58.0317 0852	BTHMODEM - ok
20:07:58.0343 0852	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:07:58.0369 0852	bthserv - ok
20:07:58.0387 0852	catchme - ok
20:07:58.0416 0852	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:07:58.0460 0852	cdfs - ok
20:07:58.0509 0852	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:07:58.0520 0852	cdrom - ok
20:07:58.0558 0852	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:07:58.0584 0852	CertPropSvc - ok
20:07:58.0601 0852	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:07:58.0613 0852	circlass - ok
20:07:58.0665 0852	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:07:58.0679 0852	CLFS - ok
20:07:58.0745 0852	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:07:58.0754 0852	clr_optimization_v2.0.50727_32 - ok
20:07:58.0790 0852	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:07:58.0799 0852	clr_optimization_v2.0.50727_64 - ok
20:07:58.0836 0852	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:07:58.0865 0852	CmBatt - ok
20:07:58.0880 0852	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:07:58.0889 0852	cmdide - ok
20:07:58.0945 0852	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:07:58.0985 0852	CNG - ok
20:07:58.0998 0852	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:07:59.0007 0852	Compbatt - ok
20:07:59.0035 0852	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:07:59.0067 0852	CompositeBus - ok
20:07:59.0084 0852	COMSysApp - ok
20:07:59.0099 0852	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:07:59.0108 0852	crcdisk - ok
20:07:59.0150 0852	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:07:59.0204 0852	CryptSvc - ok
20:07:59.0251 0852	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:07:59.0332 0852	CSC - ok
20:07:59.0367 0852	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:07:59.0441 0852	CscService - ok
20:07:59.0494 0852	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:07:59.0530 0852	DcomLaunch - ok
20:07:59.0557 0852	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:07:59.0588 0852	defragsvc - ok
20:07:59.0622 0852	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:07:59.0661 0852	DfsC - ok
20:07:59.0705 0852	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:07:59.0758 0852	Dhcp - ok
20:07:59.0786 0852	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:07:59.0846 0852	discache - ok
20:07:59.0908 0852	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:07:59.0918 0852	Disk - ok
20:07:59.0958 0852	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
20:07:59.0982 0852	dmvsc - ok
20:08:00.0008 0852	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:08:00.0049 0852	Dnscache - ok
20:08:00.0069 0852	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:08:00.0111 0852	dot3svc - ok
20:08:00.0119 0852	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:08:00.0159 0852	DPS - ok
20:08:00.0198 0852	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:08:00.0226 0852	drmkaud - ok
20:08:00.0280 0852	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:08:00.0315 0852	DXGKrnl - ok
20:08:00.0338 0852	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:08:00.0378 0852	EapHost - ok
20:08:00.0511 0852	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:08:00.0596 0852	ebdrv - ok
20:08:00.0721 0852	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:08:00.0741 0852	EFS - ok
20:08:00.0805 0852	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:08:00.0878 0852	ehRecvr - ok
20:08:00.0901 0852	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:08:00.0939 0852	ehSched - ok
20:08:01.0012 0852	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:08:01.0031 0852	elxstor - ok
20:08:01.0045 0852	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:08:01.0071 0852	ErrDev - ok
20:08:01.0126 0852	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:08:01.0173 0852	EventSystem - ok
20:08:01.0213 0852	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:08:01.0242 0852	exfat - ok
20:08:01.0268 0852	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:08:01.0307 0852	fastfat - ok
20:08:01.0365 0852	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:08:01.0421 0852	Fax - ok
20:08:01.0431 0852	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:08:01.0467 0852	fdc - ok
20:08:01.0504 0852	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:08:01.0543 0852	fdPHost - ok
20:08:01.0564 0852	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:08:01.0606 0852	FDResPub - ok
20:08:01.0629 0852	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:08:01.0639 0852	FileInfo - ok
20:08:01.0661 0852	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:08:01.0715 0852	Filetrace - ok
20:08:01.0733 0852	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:08:01.0743 0852	flpydisk - ok
20:08:01.0767 0852	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:08:01.0780 0852	FltMgr - ok
20:08:01.0827 0852	FontCache       (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
20:08:01.0894 0852	FontCache - ok
20:08:01.0956 0852	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:08:01.0965 0852	FontCache3.0.0.0 - ok
20:08:02.0093 0852	ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
20:08:02.0121 0852	ForceWare Intelligent Application Manager (IAM) - ok
20:08:02.0173 0852	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:08:02.0182 0852	FsDepends - ok
20:08:02.0216 0852	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:08:02.0225 0852	Fs_Rec - ok
20:08:02.0281 0852	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:08:02.0295 0852	fvevol - ok
20:08:02.0329 0852	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:08:02.0339 0852	gagp30kx - ok
20:08:02.0382 0852	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:08:02.0440 0852	gpsvc - ok
20:08:02.0506 0852	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:08:02.0516 0852	gusvc - ok
20:08:02.0538 0852	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:08:02.0607 0852	hcw85cir - ok
20:08:02.0669 0852	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:08:02.0699 0852	HdAudAddService - ok
20:08:02.0725 0852	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:08:02.0761 0852	HDAudBus - ok
20:08:02.0785 0852	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:08:02.0813 0852	HidBatt - ok
20:08:02.0854 0852	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:08:02.0878 0852	HidBth - ok
20:08:02.0936 0852	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:08:02.0947 0852	HidIr - ok
20:08:02.0968 0852	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:08:03.0008 0852	hidserv - ok
20:08:03.0037 0852	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:08:03.0047 0852	HidUsb - ok
20:08:03.0073 0852	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:08:03.0116 0852	hkmsvc - ok
20:08:03.0139 0852	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:08:03.0164 0852	HomeGroupListener - ok
20:08:03.0196 0852	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:08:03.0230 0852	HomeGroupProvider - ok
20:08:03.0263 0852	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:08:03.0273 0852	HpSAMD - ok
20:08:03.0313 0852	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:08:03.0370 0852	HTTP - ok
20:08:03.0390 0852	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:08:03.0399 0852	hwpolicy - ok
20:08:03.0442 0852	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:08:03.0452 0852	i8042prt - ok
20:08:03.0478 0852	iaStorV         (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
20:08:03.0492 0852	iaStorV - ok
20:08:03.0570 0852	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:08:03.0594 0852	idsvc - ok
20:08:03.0612 0852	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:08:03.0621 0852	iirsp - ok
20:08:03.0670 0852	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:08:03.0726 0852	IKEEXT - ok
20:08:03.0744 0852	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:08:03.0753 0852	intelide - ok
20:08:03.0790 0852	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
20:08:03.0816 0852	intelppm - ok
20:08:03.0837 0852	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:08:03.0877 0852	IPBusEnum - ok
20:08:03.0899 0852	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:08:03.0924 0852	IpFilterDriver - ok
20:08:03.0988 0852	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:08:04.0049 0852	iphlpsvc - ok
20:08:04.0073 0852	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:08:04.0084 0852	IPMIDRV - ok
20:08:04.0091 0852	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:08:04.0140 0852	IPNAT - ok
20:08:04.0169 0852	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:08:04.0204 0852	IRENUM - ok
20:08:04.0223 0852	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:08:04.0232 0852	isapnp - ok
20:08:04.0259 0852	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:08:04.0272 0852	iScsiPrt - ok
20:08:04.0294 0852	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:08:04.0303 0852	kbdclass - ok
20:08:04.0329 0852	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:08:04.0359 0852	kbdhid - ok
20:08:04.0393 0852	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:04.0404 0852	KeyIso - ok
20:08:04.0440 0852	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:08:04.0449 0852	KSecDD - ok
20:08:04.0469 0852	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:08:04.0480 0852	KSecPkg - ok
20:08:04.0493 0852	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:08:04.0538 0852	ksthunk - ok
20:08:04.0590 0852	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:08:04.0632 0852	KtmRm - ok
20:08:04.0680 0852	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:08:04.0724 0852	LanmanServer - ok
20:08:04.0759 0852	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:08:04.0812 0852	LanmanWorkstation - ok
20:08:04.0858 0852	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:08:04.0905 0852	lltdio - ok
20:08:04.0936 0852	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:08:04.0987 0852	lltdsvc - ok
20:08:05.0019 0852	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:08:05.0057 0852	lmhosts - ok
20:08:05.0108 0852	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:08:05.0118 0852	LSI_FC - ok
20:08:05.0143 0852	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:08:05.0153 0852	LSI_SAS - ok
20:08:05.0166 0852	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:08:05.0176 0852	LSI_SAS2 - ok
20:08:05.0198 0852	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:08:05.0209 0852	LSI_SCSI - ok
20:08:05.0228 0852	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:08:05.0275 0852	luafv - ok
20:08:05.0307 0852	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:08:05.0320 0852	Mcx2Svc - ok
20:08:05.0339 0852	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:08:05.0348 0852	megasas - ok
20:08:05.0370 0852	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:08:05.0383 0852	MegaSR - ok
20:08:05.0402 0852	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:08:05.0429 0852	MMCSS - ok
20:08:05.0440 0852	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:08:05.0489 0852	Modem - ok
20:08:05.0517 0852	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:08:05.0551 0852	monitor - ok
20:08:05.0583 0852	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:08:05.0592 0852	mouclass - ok
20:08:05.0627 0852	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:08:05.0649 0852	mouhid - ok
20:08:05.0682 0852	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:08:05.0692 0852	mountmgr - ok
20:08:05.0807 0852	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:08:05.0817 0852	MozillaMaintenance - ok
20:08:05.0837 0852	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:08:05.0848 0852	mpio - ok
20:08:05.0859 0852	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:08:05.0885 0852	mpsdrv - ok
20:08:05.0931 0852	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:08:05.0972 0852	MpsSvc - ok
20:08:05.0993 0852	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:08:06.0028 0852	MRxDAV - ok
20:08:06.0066 0852	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:08:06.0109 0852	mrxsmb - ok
20:08:06.0136 0852	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:08:06.0149 0852	mrxsmb10 - ok
20:08:06.0163 0852	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:08:06.0174 0852	mrxsmb20 - ok
20:08:06.0186 0852	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:08:06.0195 0852	msahci - ok
20:08:06.0217 0852	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:08:06.0228 0852	msdsm - ok
20:08:06.0266 0852	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:08:06.0290 0852	MSDTC - ok
20:08:06.0310 0852	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:08:06.0354 0852	Msfs - ok
20:08:06.0374 0852	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:08:06.0412 0852	mshidkmdf - ok
20:08:06.0436 0852	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:08:06.0445 0852	msisadrv - ok
20:08:06.0493 0852	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:08:06.0534 0852	MSiSCSI - ok
20:08:06.0536 0852	msiserver - ok
20:08:06.0577 0852	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:08:06.0618 0852	MSKSSRV - ok
20:08:06.0632 0852	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:08:06.0673 0852	MSPCLOCK - ok
20:08:06.0691 0852	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:08:06.0717 0852	MSPQM - ok
20:08:06.0739 0852	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:08:06.0753 0852	MsRPC - ok
20:08:06.0767 0852	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:08:06.0776 0852	mssmbios - ok
20:08:06.0790 0852	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:08:06.0816 0852	MSTEE - ok
20:08:06.0827 0852	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:08:06.0837 0852	MTConfig - ok
20:08:06.0876 0852	MTsensor        (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
20:08:06.0884 0852	MTsensor - ok
20:08:06.0906 0852	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:08:06.0916 0852	Mup - ok
20:08:06.0962 0852	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:08:07.0015 0852	napagent - ok
20:08:07.0076 0852	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:08:07.0116 0852	NativeWifiP - ok
20:08:07.0170 0852	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:08:07.0196 0852	NDIS - ok
20:08:07.0220 0852	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:08:07.0246 0852	NdisCap - ok
20:08:07.0286 0852	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:08:07.0311 0852	NdisTapi - ok
20:08:07.0355 0852	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:08:07.0392 0852	Ndisuio - ok
20:08:07.0411 0852	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:08:07.0460 0852	NdisWan - ok
20:08:07.0482 0852	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:08:07.0506 0852	NDProxy - ok
20:08:07.0544 0852	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:08:07.0593 0852	NetBIOS - ok
20:08:07.0621 0852	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:08:07.0649 0852	NetBT - ok
20:08:07.0694 0852	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:07.0704 0852	Netlogon - ok
20:08:07.0766 0852	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:08:07.0819 0852	Netman - ok
20:08:07.0856 0852	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:08:07.0899 0852	netprofm - ok
20:08:07.0988 0852	netr28ux        (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
20:08:08.0015 0852	netr28ux - ok
20:08:08.0101 0852	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:08:08.0110 0852	NetTcpPortSharing - ok
20:08:08.0154 0852	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:08:08.0164 0852	nfrd960 - ok
20:08:08.0208 0852	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:08:08.0257 0852	NlaSvc - ok
20:08:08.0277 0852	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:08:08.0302 0852	Npfs - ok
20:08:08.0316 0852	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:08:08.0361 0852	nsi - ok
20:08:08.0387 0852	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:08:08.0413 0852	nsiproxy - ok
20:08:08.0520 0852	nSvcIp          (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
20:08:08.0531 0852	nSvcIp - ok
20:08:08.0599 0852	Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
20:08:08.0634 0852	Ntfs - ok
20:08:08.0736 0852	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:08:08.0773 0852	Null - ok
20:08:08.0820 0852	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:08:08.0848 0852	NVENETFD - ok
20:08:08.0897 0852	NVHDA           (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
20:08:08.0909 0852	NVHDA - ok
20:08:09.0450 0852	nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:08:09.0698 0852	nvlddmkm - ok
20:08:09.0859 0852	NVNET           (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
20:08:09.0872 0852	NVNET - ok
20:08:09.0935 0852	nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
20:08:09.0945 0852	nvraid - ok
20:08:09.0981 0852	nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
20:08:09.0992 0852	nvstor - ok
20:08:10.0033 0852	nvstor64        (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
20:08:10.0043 0852	nvstor64 - ok
20:08:10.0132 0852	nvsvc           (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
20:08:10.0157 0852	nvsvc - ok
20:08:10.0286 0852	nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:08:10.0331 0852	nvUpdatusService - ok
20:08:10.0425 0852	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:08:10.0435 0852	nv_agp - ok
20:08:10.0447 0852	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:08:10.0469 0852	ohci1394 - ok
20:08:10.0516 0852	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:08:10.0580 0852	p2pimsvc - ok
20:08:10.0617 0852	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:08:10.0632 0852	p2psvc - ok
20:08:10.0645 0852	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:08:10.0670 0852	Parport - ok
20:08:10.0691 0852	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:08:10.0701 0852	partmgr - ok
20:08:10.0720 0852	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:08:10.0749 0852	PcaSvc - ok
20:08:10.0779 0852	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:08:10.0790 0852	pci - ok
20:08:10.0802 0852	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:08:10.0811 0852	pciide - ok
20:08:10.0833 0852	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:08:10.0845 0852	pcmcia - ok
20:08:10.0863 0852	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:08:10.0872 0852	pcw - ok
20:08:10.0914 0852	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:08:10.0981 0852	PEAUTH - ok
20:08:11.0067 0852	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:08:11.0152 0852	PeerDistSvc - ok
20:08:11.0222 0852	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:08:11.0233 0852	PerfHost - ok
20:08:11.0364 0852	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:08:11.0430 0852	pla - ok
20:08:11.0492 0852	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:08:11.0551 0852	PlugPlay - ok
20:08:11.0564 0852	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:08:11.0596 0852	PNRPAutoReg - ok
20:08:11.0632 0852	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:08:11.0645 0852	PNRPsvc - ok
20:08:11.0695 0852	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:08:11.0748 0852	PolicyAgent - ok
20:08:11.0791 0852	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:08:11.0836 0852	Power - ok
20:08:11.0889 0852	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:08:11.0927 0852	PptpMiniport - ok
20:08:11.0946 0852	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:08:11.0970 0852	Processor - ok
20:08:12.0002 0852	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:08:12.0050 0852	ProfSvc - ok
20:08:12.0086 0852	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:12.0096 0852	ProtectedStorage - ok
20:08:12.0137 0852	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:08:12.0185 0852	Psched - ok
20:08:12.0481 0852	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:08:12.0512 0852	ql2300 - ok
20:08:12.0585 0852	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:08:12.0595 0852	ql40xx - ok
20:08:12.0623 0852	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:08:12.0640 0852	QWAVE - ok
20:08:12.0656 0852	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:08:12.0669 0852	QWAVEdrv - ok
20:08:12.0682 0852	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:08:12.0708 0852	RasAcd - ok
20:08:12.0762 0852	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:08:12.0810 0852	RasAgileVpn - ok
20:08:12.0830 0852	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:08:12.0873 0852	RasAuto - ok
20:08:12.0880 0852	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:08:12.0906 0852	Rasl2tp - ok
20:08:12.0929 0852	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:08:12.0959 0852	RasMan - ok
20:08:12.0973 0852	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:08:13.0023 0852	RasPppoe - ok
20:08:13.0054 0852	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:08:13.0080 0852	RasSstp - ok
20:08:13.0104 0852	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:08:13.0132 0852	rdbss - ok
20:08:13.0151 0852	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:08:13.0177 0852	rdpbus - ok
20:08:13.0207 0852	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:08:13.0232 0852	RDPCDD - ok
20:08:13.0272 0852	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:08:13.0294 0852	RDPDR - ok
20:08:13.0311 0852	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:08:13.0355 0852	RDPENCDD - ok
20:08:13.0360 0852	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:08:13.0385 0852	RDPREFMP - ok
20:08:13.0427 0852	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:08:13.0446 0852	RDPWD - ok
20:08:13.0472 0852	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:08:13.0483 0852	rdyboost - ok
20:08:13.0515 0852	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:08:13.0558 0852	RemoteAccess - ok
20:08:13.0595 0852	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:08:13.0637 0852	RemoteRegistry - ok
20:08:13.0662 0852	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:08:13.0702 0852	RpcEptMapper - ok
20:08:13.0719 0852	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:08:13.0742 0852	RpcLocator - ok
20:08:13.0787 0852	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:08:13.0816 0852	RpcSs - ok
20:08:13.0829 0852	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:08:13.0856 0852	rspndr - ok
20:08:13.0941 0852	RTCore64        (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
20:08:13.0950 0852	RTCore64 - ok
20:08:13.0978 0852	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:08:14.0005 0852	s3cap - ok
20:08:14.0042 0852	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:14.0052 0852	SamSs - ok
20:08:14.0073 0852	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:08:14.0083 0852	sbp2port - ok
20:08:14.0101 0852	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:08:14.0130 0852	SCardSvr - ok
20:08:14.0148 0852	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:08:14.0189 0852	scfilter - ok
20:08:14.0246 0852	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:08:14.0293 0852	Schedule - ok
20:08:14.0326 0852	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:08:14.0351 0852	SCPolicySvc - ok
20:08:14.0372 0852	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:08:14.0426 0852	SDRSVC - ok
20:08:14.0476 0852	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:08:14.0523 0852	secdrv - ok
20:08:14.0539 0852	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:08:14.0566 0852	seclogon - ok
20:08:14.0582 0852	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:08:14.0622 0852	SENS - ok
20:08:14.0642 0852	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:08:14.0695 0852	SensrSvc - ok
20:08:14.0734 0852	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:08:14.0756 0852	Serenum - ok
20:08:14.0776 0852	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:08:14.0806 0852	Serial - ok
20:08:14.0844 0852	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:08:14.0864 0852	sermouse - ok
20:08:14.0896 0852	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:08:14.0942 0852	SessionEnv - ok
20:08:14.0961 0852	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:08:14.0973 0852	sffdisk - ok
20:08:14.0985 0852	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:08:15.0020 0852	sffp_mmc - ok
20:08:15.0044 0852	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:08:15.0075 0852	sffp_sd - ok
20:08:15.0098 0852	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:08:15.0108 0852	sfloppy - ok
20:08:15.0144 0852	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:08:15.0188 0852	SharedAccess - ok
20:08:15.0227 0852	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:08:15.0257 0852	ShellHWDetection - ok
20:08:15.0294 0852	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:08:15.0304 0852	SiSRaid2 - ok
20:08:15.0320 0852	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:08:15.0330 0852	SiSRaid4 - ok
20:08:15.0422 0852	SkypeUpdate     (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:08:15.0431 0852	SkypeUpdate - ok
20:08:15.0471 0852	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:08:15.0517 0852	Smb - ok
20:08:15.0549 0852	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:08:15.0582 0852	SNMPTRAP - ok
20:08:15.0665 0852	speedfan        (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
20:08:15.0676 0852	speedfan - ok
20:08:15.0684 0852	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:08:15.0693 0852	spldr - ok
20:08:15.0724 0852	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:08:15.0769 0852	Spooler - ok
20:08:15.0914 0852	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:08:16.0013 0852	sppsvc - ok
20:08:16.0105 0852	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:08:16.0132 0852	sppuinotify - ok
20:08:16.0177 0852	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:08:16.0227 0852	srv - ok
20:08:16.0253 0852	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:08:16.0287 0852	srv2 - ok
20:08:16.0308 0852	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:08:16.0319 0852	srvnet - ok
20:08:16.0359 0852	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:08:16.0388 0852	SSDPSRV - ok
20:08:16.0412 0852	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:08:16.0440 0852	SstpSvc - ok
20:08:16.0540 0852	Stereo Service  (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:08:16.0555 0852	Stereo Service - ok
20:08:16.0592 0852	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:08:16.0601 0852	stexstor - ok
20:08:16.0666 0852	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:08:16.0722 0852	stisvc - ok
20:08:16.0754 0852	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:08:16.0763 0852	storflt - ok
20:08:16.0792 0852	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:08:16.0858 0852	StorSvc - ok
20:08:16.0894 0852	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:08:16.0903 0852	storvsc - ok
20:08:16.0919 0852	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:08:16.0928 0852	swenum - ok
20:08:16.0962 0852	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:08:17.0008 0852	swprv - ok
20:08:17.0102 0852	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:08:17.0170 0852	SysMain - ok
20:08:17.0275 0852	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:08:17.0291 0852	TabletInputService - ok
20:08:17.0317 0852	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:08:17.0364 0852	TapiSrv - ok
20:08:17.0381 0852	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:08:17.0409 0852	TBS - ok
20:08:17.0562 0852	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:08:17.0600 0852	Tcpip - ok
20:08:17.0755 0852	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:08:17.0799 0852	TCPIP6 - ok
20:08:17.0849 0852	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:08:17.0890 0852	tcpipreg - ok
20:08:17.0908 0852	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:08:17.0937 0852	TDPIPE - ok
20:08:17.0975 0852	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:08:18.0003 0852	TDTCP - ok
20:08:18.0027 0852	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:08:18.0053 0852	tdx - ok
20:08:18.0100 0852	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:08:18.0109 0852	TermDD - ok
20:08:18.0171 0852	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:08:18.0225 0852	TermService - ok
20:08:18.0247 0852	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:08:18.0262 0852	Themes - ok
20:08:18.0290 0852	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:08:18.0316 0852	THREADORDER - ok
20:08:18.0335 0852	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:08:18.0380 0852	TrkWks - ok
20:08:18.0431 0852	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:08:18.0458 0852	TrustedInstaller - ok
20:08:18.0472 0852	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:08:18.0514 0852	tssecsrv - ok
20:08:18.0544 0852	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:08:18.0562 0852	TsUsbFlt - ok
20:08:18.0580 0852	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:08:18.0590 0852	TsUsbGD - ok
20:08:18.0643 0852	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:08:18.0685 0852	tunnel - ok
20:08:18.0710 0852	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:08:18.0720 0852	uagp35 - ok
20:08:18.0744 0852	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:08:18.0795 0852	udfs - ok
20:08:18.0816 0852	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:08:18.0848 0852	UI0Detect - ok
20:08:18.0866 0852	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:08:18.0875 0852	uliagpkx - ok
20:08:18.0911 0852	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:08:18.0937 0852	umbus - ok
20:08:18.0975 0852	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:08:18.0999 0852	UmPass - ok
20:08:19.0039 0852	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:08:19.0087 0852	UmRdpService - ok
20:08:19.0138 0852	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:08:19.0189 0852	upnphost - ok
20:08:19.0216 0852	usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
20:08:19.0228 0852	usbccgp - ok
20:08:19.0240 0852	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:08:19.0253 0852	usbcir - ok
20:08:19.0269 0852	usbehci         (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
20:08:19.0299 0852	usbehci - ok
20:08:19.0328 0852	usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
20:08:19.0348 0852	usbhub - ok
20:08:19.0370 0852	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:08:19.0381 0852	usbohci - ok
20:08:19.0390 0852	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:08:19.0424 0852	usbprint - ok
20:08:19.0441 0852	USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:08:19.0467 0852	USBSTOR - ok
20:08:19.0484 0852	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
20:08:19.0494 0852	usbuhci - ok
20:08:19.0508 0852	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:08:19.0553 0852	UxSms - ok
20:08:19.0586 0852	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:19.0596 0852	VaultSvc - ok
20:08:19.0636 0852	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:08:19.0645 0852	vdrvroot - ok
20:08:19.0677 0852	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:08:19.0735 0852	vds - ok
20:08:19.0768 0852	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:08:19.0780 0852	vga - ok
20:08:19.0801 0852	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:08:19.0855 0852	VgaSave - ok
20:08:19.0883 0852	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:08:19.0895 0852	vhdmp - ok
20:08:19.0995 0852	VIAHdAudAddService (db88ca4f876c7dcaeec29bab9e31ffc1) C:\Windows\system32\drivers\viahduaa.sys
20:08:20.0057 0852	VIAHdAudAddService - ok
20:08:20.0077 0852	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:08:20.0086 0852	viaide - ok
20:08:20.0113 0852	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:08:20.0125 0852	vmbus - ok
20:08:20.0144 0852	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:08:20.0167 0852	VMBusHID - ok
20:08:20.0189 0852	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:08:20.0199 0852	volmgr - ok
20:08:20.0228 0852	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:08:20.0242 0852	volmgrx - ok
20:08:20.0287 0852	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:08:20.0300 0852	volsnap - ok
20:08:20.0349 0852	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:08:20.0360 0852	vsmraid - ok
20:08:20.0446 0852	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:08:20.0511 0852	VSS - ok
20:08:20.0609 0852	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:08:20.0642 0852	vwifibus - ok
20:08:20.0673 0852	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:08:20.0703 0852	vwififlt - ok
20:08:20.0744 0852	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:08:20.0776 0852	W32Time - ok
20:08:20.0788 0852	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:08:20.0812 0852	WacomPen - ok
20:08:20.0848 0852	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:08:20.0889 0852	WANARP - ok
20:08:20.0892 0852	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:08:20.0917 0852	Wanarpv6 - ok
20:08:20.0993 0852	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:08:21.0069 0852	wbengine - ok
20:08:21.0128 0852	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:08:21.0145 0852	WbioSrvc - ok
20:08:21.0175 0852	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:08:21.0207 0852	wcncsvc - ok
20:08:21.0230 0852	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:08:21.0280 0852	WcsPlugInService - ok
20:08:21.0308 0852	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:08:21.0317 0852	Wd - ok
20:08:21.0355 0852	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:08:21.0385 0852	Wdf01000 - ok
20:08:21.0397 0852	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:08:21.0463 0852	WdiServiceHost - ok
20:08:21.0465 0852	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:08:21.0481 0852	WdiSystemHost - ok
20:08:21.0507 0852	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:08:21.0546 0852	WebClient - ok
20:08:21.0578 0852	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:08:21.0624 0852	Wecsvc - ok
20:08:21.0646 0852	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:08:21.0675 0852	wercplsupport - ok
20:08:21.0716 0852	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:08:21.0744 0852	WerSvc - ok
20:08:21.0783 0852	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:08:21.0809 0852	WfpLwf - ok
20:08:21.0827 0852	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:08:21.0836 0852	WIMMount - ok
20:08:21.0853 0852	WinDefend - ok
20:08:21.0857 0852	WinHttpAutoProxySvc - ok
20:08:21.0910 0852	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:08:21.0938 0852	Winmgmt - ok
20:08:22.0028 0852	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:08:22.0093 0852	WinRM - ok
20:08:22.0206 0852	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:08:22.0245 0852	Wlansvc - ok
20:08:22.0282 0852	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:08:22.0312 0852	WmiAcpi - ok
20:08:22.0338 0852	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:08:22.0367 0852	wmiApSrv - ok
20:08:22.0382 0852	WMPNetworkSvc - ok
20:08:22.0400 0852	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:08:22.0425 0852	WPCSvc - ok
20:08:22.0447 0852	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:08:22.0482 0852	WPDBusEnum - ok
20:08:22.0492 0852	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:08:22.0518 0852	ws2ifsl - ok
20:08:22.0539 0852	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:08:22.0574 0852	wscsvc - ok
20:08:22.0576 0852	WSearch - ok
20:08:22.0687 0852	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:08:22.0743 0852	wuauserv - ok
20:08:22.0851 0852	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:08:22.0888 0852	WudfPf - ok
20:08:22.0932 0852	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:08:22.0974 0852	WUDFRd - ok
20:08:22.0995 0852	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:08:23.0023 0852	wudfsvc - ok
20:08:23.0070 0852	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:08:23.0110 0852	WwanSvc - ok
20:08:23.0124 0852	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
20:08:23.0194 0852	\Device\Harddisk0\DR0 - ok
20:08:23.0209 0852	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:08:23.0444 0852	\Device\Harddisk1\DR1 - ok
20:08:23.0446 0852	Boot (0x1200)   (c3d0598b57cfabfc4ad05681c4ff25b9) \Device\Harddisk0\DR0\Partition0
20:08:23.0448 0852	\Device\Harddisk0\DR0\Partition0 - ok
20:08:23.0450 0852	Boot (0x1200)   (893b656c55016f6191da9fe036d346f2) \Device\Harddisk1\DR1\Partition0
20:08:23.0451 0852	\Device\Harddisk1\DR1\Partition0 - ok
20:08:23.0481 0852	Boot (0x1200)   (b0d2b6faa2d50b9ceb0eb5f5b3891500) \Device\Harddisk1\DR1\Partition1
20:08:23.0482 0852	\Device\Harddisk1\DR1\Partition1 - ok
20:08:23.0507 0852	Boot (0x1200)   (ba88f2d3ef38b1070efc19574cc1f72d) \Device\Harddisk1\DR1\Partition2
20:08:23.0508 0852	\Device\Harddisk1\DR1\Partition2 - ok
20:08:23.0509 0852	============================================================
20:08:23.0509 0852	Scan finished
20:08:23.0509 0852	============================================================
20:08:23.0517 2540	Detected object count: 0
20:08:23.0517 2540	Actual detected object count: 0
Hallo , vielleicht könntest du mir auch ein paar nützliche Tipps oder Links geben das ich mich in zukunft besser davor schützen kann .
aber auf alle Fälle schonmal herzlichen dank für die Betreung ist echt ein klasse Forum das ihr hier habt .

Alt 27.07.2012, 23:32   #12
markusg
/// Malware-holic
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



kommt noch
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.07.2012, 15:34   #13
littleTED
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



Hallo,

Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.07.2012 6,00MB 11.3.300.268
Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 21.02.2012 121,0MB 10.1.2
AION Free-To-Play Gameforge 29.02.2012 22,6MB 2.70.0000
avast! Free Antivirus AVAST Software 28.06.2012 7.0.1426.0
CCleaner Piriform 21.02.2012 3.15
Diablo III Blizzard Entertainment 10.07.2012 1.0.3.10485
EVE Online (remove only) CCP Games Ltd. 09.05.2012
Free YouTube to MP3 Converter version 3.11.22.508 DVDVideoSoft Ltd. 06.06.2012 87,6MB 3.11.22.508
Heroes of Newerth S2 Games 22.02.2012 2.3.0
ICQ7M ICQ 28.06.2012 7.8
Java(TM) 6 Update 31 Oracle 23.02.2012 74,5MB 6.0.310
Java(TM) 7 Update 3 (64-bit) Oracle 23.02.2012 93,7MB 7.0.30
Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 25.07.2012 18,8MB 1.62.0.1300
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.02.2012 0,42MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 02.03.2012 0,77MB 9.0.30729 irgendwelche updates ?
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 21.02.2012 0,23MB 9.0.30729 irgendwelche updates ?
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.02.2012 0,58MB 9.0.30729.4148 irgendwelche updates ?
Mozilla Firefox 14.0.1 (x86 de) Mozilla 17.07.2012 36,3MB 14.0.1
Mozilla Maintenance Service Mozilla 17.07.2012 0,30MB 14.0.1
MSI Afterburner 2.1.0 MSI Co., LTD 21.02.2012 2.1.0
NC Launcher (GameForge) NCsoft 29.02.2012
NVIDIA 3D Vision Controller-Treiber 295.73 NVIDIA Corporation 21.02.2012 295.73
NVIDIA 3D Vision Treiber 295.73 NVIDIA Corporation 21.02.2012 295.73
NVIDIA Drivers NVIDIA Corporation 21.02.2012 1.7
NVIDIA ForceWare Network Access Manager NVIDIA Corporation 21.02.2012 39,0MB 1.00.7316
NVIDIA Grafiktreiber 295.73 NVIDIA Corporation 21.02.2012 295.73
NVIDIA HD-Audiotreiber 1.3.12.0 NVIDIA Corporation 21.02.2012 1.3.12.0
NVIDIA Update 1.7.11 NVIDIA Corporation 21.02.2012 1.7.11
Picasa 3 Google, Inc. 26.02.2012 3.8
Skype™ 5.9 Skype Technologies S.A. 30.05.2012 19,3MB 5.9.115
SpeedFan (remove only) 21.02.2012
StarCraft II Blizzard Entertainment 21.02.2012 1.4.3.21029
T4E Player Techno4ever 22.03.2012
TeamSpeak 3 Client TeamSpeak Systems GmbH 03.03.2012
TP-LINK Wireless Client Utility TP-LINK 03.04.2012 7.0
VIA Plattform-Geräte-Manager VIA Technologies, Inc. 21.02.2012 2,62MB 1.34
VLC media player 2.0.0 VideoLAN 21.02.2012 2.0.0
WinRAR 4.20 (64-bit) win.rar GmbH 25.07.2012 4.20.0

sehe auf anhieb kein Programm das stören würde

Geändert von littleTED (28.07.2012 um 15:44 Uhr)

Alt 29.07.2012, 18:42   #14
littleTED
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



???
gehts noch weiter

Alt 29.07.2012, 18:44   #15
markusg
/// Malware-holic
 
GVU Trojaner unter win 7 - Standard

GVU Trojaner unter win 7



wieso fehlen die beschriftungen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU Trojaner unter win 7
adobe, antivirus, autorun, avast, battle.net, bho, converter, error, firefox, flash player, format, helper, install.exe, langs, logfile, mozilla, mp3, nvidia update, registry, rundll, searchscopes, security, seriennummer, software, starten, svchost.exe, system error, teamspeak, temp, trojaner, udp, vdeck.exe



Ähnliche Themen: GVU Trojaner unter win 7


  1. Begrenzte Internetverbindung unter Windows 10; keinerlei Probleme unter Ubuntu
    Netzwerk und Hardware - 05.09.2015 (13)
  2. Trojaner unter WIN 7
    Log-Analyse und Auswertung - 09.05.2015 (27)
  3. Sicherung unter Win7 32 Bit-unter 7 64 Bit einspielen?
    Alles rund um Windows - 17.11.2013 (10)
  4. GVU Trojaner 2.12 unter Win 7 - 64Bit
    Plagegeister aller Art und deren Bekämpfung - 15.07.2013 (26)
  5. Trojaner unter OS X
    Alles rund um Mac OSX & Linux - 08.07.2013 (18)
  6. GVU Trojaner unter Windows 8
    Log-Analyse und Auswertung - 31.05.2013 (28)
  7. GUV Trojaner unter Win7
    Log-Analyse und Auswertung - 23.05.2013 (5)
  8. GVU Trojaner unter XP
    Mülltonne - 07.03.2013 (0)
  9. GVU-Trojaner unter WindowsXP SP3
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (3)
  10. GVU Trojaner unter Win7
    Log-Analyse und Auswertung - 10.01.2013 (7)
  11. GVU Trojaner v2.07 unter Win XP
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (16)
  12. Desktop.ini Trojaner + Trojaner unter windows\Installer
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  13. GVU Trojaner unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (17)
  14. BKA-Trojaner unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  15. BKA Trojaner unter Vista
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  16. Trojaner unter Java
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (3)
  17. BKA-Trojaner unter Mac OS X ausgeführt - was tun?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2007 (1)

Zum Thema GVU Trojaner unter win 7 - Hallo, (schönen Dank schonmal im Vorraus hab mir leider den GVU trojaner eingefangen . Typischen symptome , keine Systemwiederher. möglich , Avas hat nach starten mit einer alten xp Platte - GVU Trojaner unter win 7...
Archiv
Du betrachtest: GVU Trojaner unter win 7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.