Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner auch bei mir

GVU Trojaner auch bei mir


Log-Analyse und Auswertung: GVU Trojaner auch bei mir

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 2 1 2
Alt 01.09.2012, 13:02   #1
Mykron
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Meine Freundin hat es gestern auch erwischt. Leider habe ich bereits "herum gespielt", bevor ich auf OTL und dieses Board gestoßen bin. Folgendes habe ich getan:

1. Mehrere Rescue CD's laufen lassen: desinfec't, Kaspersky, Avira, Avast boottime Prüfung. Diese hatte nichts gebracht.
2. habe ich im abgesicherten Modus unter ProgramData Date eine kryptische exe Datei gelöscht, die, wie ich jetzt weiß, mit Sicherheit der gvu trojaner war.
3. habe ich einen Autostarteintrag zur ctfmon.exe entfernt.

Ich hoffe das verkompliziert die Sache nicht. Das System bootet wieder normal, aber ich möchte mit sicher gehen.

Daher hier jetzt die Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.01.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ******-PC [Administrator]

Schutz: Aktiviert

01.09.2012 11:10:33
mbam-log-2012-09-01 (11-10-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 379319
Laufzeit: 47 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\****\AppData\Local\Temp\roper0dun.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\****\Progs\office\pdfsam2\pdfsam-starter.exe (Trojan.Agent.VGENX) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.09.2012 13:44:02 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Admin\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,20% Memory free
6,49 Gb Paging File | 5,43 Gb Available in Paging File | 83,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 566,84 Gb Free Space | 95,10% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 335,38 Gb Free Space | 56,26% Space Free | Partition Type: NTFS
Drive E: | 259,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 971,73 Mb Total Space | 698,52 Mb Free Space | 71,88% Space Free | Partition Type: FAT
 
Computer Name: %BENUTZERNAME%-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 1B AD 28 EC 89 CC 01  [binary data]
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.28 15:57:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.01 12:17:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.01 11:06:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.01 12:17:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.01 11:06:58 | 000,000,000 | ---D | M]
 
[2012.09.01 11:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.08.28 01:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.01 12:17:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.01 11:04:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 12:17:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.01 11:04:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.01 11:04:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.08 19:47:47 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012.09.01 11:04:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.01 11:04:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - toolplugin\toolbar.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6510FABB-189A-4FC2-BEE6-3EF395115855}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.01 13:43:45 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.09.01 12:20:37 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5
[2012.09.01 12:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 3.5
[2012.09.01 12:09:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Secunia PSI
[2012.09.01 11:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.09.01 11:14:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\LibreOffice
[2012.09.01 11:05:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Adobe
[2012.09.01 11:02:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012.09.01 11:02:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
[2012.09.01 00:47:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012.09.01 00:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.01 00:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.01 00:47:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.01 00:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.15 22:01:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.15 22:00:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.15 22:00:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.15 22:00:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.15 22:00:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.15 22:00:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.15 22:00:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.15 18:55:58 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.08.15 18:55:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.15 18:55:48 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.01 13:46:32 | 000,021,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.01 13:46:32 | 000,021,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.01 13:45:10 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.01 13:45:10 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.01 13:45:10 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.01 13:45:10 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.01 13:39:33 | 000,322,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.01 13:39:25 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.01 13:39:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.01 13:38:55 | 2615,611,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.01 12:20:37 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012.09.01 12:13:05 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.01 12:11:43 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.09.01 12:11:11 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.01 11:18:59 | 000,001,074 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.09.01 00:58:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.09.01 00:20:14 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2012.09.01 12:20:37 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012.09.01 12:11:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.01 11:18:59 | 000,001,074 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.09.01 11:18:59 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011.09.22 14:30:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.09.22 14:30:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.08.28 01:33:34 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2011.08.28 00:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.21 02:46:14 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== LOP Check ==========
 
[2011.09.22 14:30:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreePDF
[2011.08.28 17:18:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2012.09.01 11:14:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LibreOffice
[2012.07.14 22:41:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2011.10.08 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\toolplugin
[2011.09.22 14:24:39 | 000,000,000 | ---D | M] -- C:\Users\%BENUTZERNAME%\AppData\Roaming\Epson
[2011.08.28 13:55:48 | 000,000,000 | ---D | M] -- C:\Users\%BENUTZERNAME%\AppData\Roaming\GHISLER
[2011.08.28 01:11:26 | 000,000,000 | ---D | M] -- C:\Users\%BENUTZERNAME%\AppData\Roaming\gsmartcontrol
[2011.10.10 23:49:56 | 000,000,000 | ---D | M] -- C:\Users\%BENUTZERNAME%\AppData\Roaming\IrfanView
[2011.08.28 02:25:12 | 000,000,000 | ---D | M] -- C:\Users\%BENUTZERNAME%\AppData\Roaming\LibreOffice
[2012.07.16 20:41:38 | 000,000,000 | ---D | M] -- C:\Users\%BENUTZERNAME%\AppData\Roaming\Origin
[2012.07.29 16:21:54 | 000,000,000 | ---D | M] -- C:\Users\%BENUTZERNAME%\AppData\Roaming\Research In Motion
[2012.08.20 18:00:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.09.2012 13:44:02 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Admin\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,20% Memory free
6,49 Gb Paging File | 5,43 Gb Available in Paging File | 83,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 566,84 Gb Free Space | 95,10% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 335,38 Gb Free Space | 56,26% Space Free | Partition Type: NTFS
Drive E: | 259,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 971,73 Mb Total Space | 698,52 Mb Free Space | 71,88% Space Free | Partition Type: FAT
 
Computer Name: %BENUTZERNAME%-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4016740758-2741641857-2634709060-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{487C6126-AA77-4CB8-A7F4-33B235216518}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{4DFB923B-C74D-4C3A-B1F4-E21610C3F412}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{9274E872-F8E1-47FB-8FF5-4D41CDBE6314}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{C60DA30E-8AA7-4E20-8753-94B401CC8F0A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FCE15EA-DF2D-46C1-ADEA-C704540AE4A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{175E9CC3-AF84-42C7-9DA3-3FF224DED1F0}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{2DA913EF-4DEA-494A-9DE5-155583948940}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"{33EFB0C2-EF44-4B12-AE74-F46B0E771121}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{50F1122F-E143-4990-9042-E08684C8518C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{77A5D617-B5A7-4F06-A6AE-47DF1B7AABF8}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{8536DBE3-4C4B-4B3A-A8FA-621197850BDF}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"{9E129C19-F948-4EBF-8E5F-D4B081DD4D2A}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{9FA8F79A-D526-4DFC-BC92-8BF13CB6C901}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{A7C25058-CDB7-4334-BBCB-5836013AB2A5}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{C2AD7BFC-0303-417D-946B-E195AACDADB2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C9992EB0-69A3-415D-B13F-32A7114AAE58}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{D135C92B-8F58-4C3F-B217-058768FAADBC}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{D28D7934-2CB0-46D5-BCE9-3DAF5DE8C22B}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"TCP Query User{24EC3722-203E-4927-B5F8-D53E895FE5B1}D:\spiele\aoeii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\spiele\aoeii\age2_x1\age2_x1.exe | 
"TCP Query User{45F66798-C43A-4E3A-82AB-313ADE43A6F8}D:\spiele\aoe2\empires2_cr.exe" = protocol=6 | dir=in | app=d:\spiele\aoe2\empires2_cr.exe | 
"TCP Query User{4BC6932D-56A9-4CD2-8E91-4D256879B9FF}D:\spiele\aoeiii\age3.exe" = protocol=6 | dir=in | app=d:\spiele\aoeiii\age3.exe | 
"TCP Query User{697B18B7-4676-4245-AFC5-851C0CC32EFA}D:\spiele\aoe\empires.exe" = protocol=6 | dir=in | app=d:\spiele\aoe\empires.exe | 
"TCP Query User{8B62216B-0C10-426C-955B-57314688F3F0}C:\users\admin\appdata\local\temp\7zs5f7b\enterprisedu.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\7zs5f7b\enterprisedu.exe | 
"TCP Query User{9CCD4F5A-AB9B-4CF8-92DB-7C2E49E4B428}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{A3DF8684-2762-4156-B254-3BA3ED80784A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{D9DD09B5-3D9D-4490-8DC4-1AE6DE0A774B}D:\spiele\total annihilation\totala.exe" = protocol=6 | dir=in | app=d:\spiele\total annihilation\totala.exe | 
"TCP Query User{E6F3FE4B-5C0E-4525-8C8D-CE1514D24C57}D:\spiele\aoeii\empires2.exe" = protocol=6 | dir=in | app=d:\spiele\aoeii\empires2.exe | 
"TCP Query User{F191012F-0323-44B4-AC5C-FBA931BDE442}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{06C96D7D-535D-4D49-A73B-F02AADDC34CF}D:\spiele\aoe2\empires2_cr.exe" = protocol=17 | dir=in | app=d:\spiele\aoe2\empires2_cr.exe | 
"UDP Query User{2645324F-82D4-4E43-93AC-040A3C946B0B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{442DEF10-655E-4E10-8103-F5E578F6B6AF}D:\spiele\aoe\empires.exe" = protocol=17 | dir=in | app=d:\spiele\aoe\empires.exe | 
"UDP Query User{74E2BB30-289F-4677-BF21-21054B031A7E}D:\spiele\aoeii\empires2.exe" = protocol=17 | dir=in | app=d:\spiele\aoeii\empires2.exe | 
"UDP Query User{7E73456E-CDF6-4694-B9BD-950864BC914D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{8072A9BF-D507-4670-889C-6D8E9311A97F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{9DD50978-D9E6-4D27-995E-9BC32B88C075}D:\spiele\total annihilation\totala.exe" = protocol=17 | dir=in | app=d:\spiele\total annihilation\totala.exe | 
"UDP Query User{A5E8AEAF-9939-4E7A-B3AE-483D42D0EB3B}D:\spiele\aoeiii\age3.exe" = protocol=17 | dir=in | app=d:\spiele\aoeiii\age3.exe | 
"UDP Query User{D566C8FF-F524-4A3F-93BD-0AFCCD5EDEA5}D:\spiele\aoeii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\spiele\aoeii\age2_x1\age2_x1.exe | 
"UDP Query User{EFC240C5-E391-43D9-BA47-18009AE6E292}C:\users\admin\appdata\local\temp\7zs5f7b\enterprisedu.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\7zs5f7b\enterprisedu.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = Die Sims™ 3 Traumsuite-Accessoires
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = Die Sims™ 3 Diesel Accessoires
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2506E3-9A3F-45B5-96BF-509CAD584650}" = Die Sims™ 3 Katy Perry Süße Welt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B1F9C834-0594-4563-B344-4ED9599A5945}" = LibreOffice 3.5
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{D47F8A9B-E7B0-4900-9107-705E59EFDF6C}" = LibreOffice 3.3 Help Pack (German)
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX-Setup
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Origin" = Origin
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4016740758-2741641857-2634709060-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.08.2012 17:53:54 | Computer Name = %BENUTZERNAME%-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.08.2012 18:57:01 | Computer Name = %BENUTZERNAME%-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.08.2012 19:01:23 | Computer Name = %BENUTZERNAME%-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.08.2012 19:56:23 | Computer Name = %BENUTZERNAME%-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.09.2012 03:41:19 | Computer Name = %BENUTZERNAME%-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.09.2012 03:55:53 | Computer Name = %BENUTZERNAME%-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 01.09.2012 04:01:32 | Computer Name = %BENUTZERNAME%-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Research
 In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe".  Die abhängige Assemblierung
 "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.09.2012 04:01:40 | Computer Name = %BENUTZERNAME%-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe".  Die abhängige Assemblierung
 "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.09.2012 05:10:20 | Computer Name = %BENUTZERNAME%-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.09.2012 07:40:42 | Computer Name = %BENUTZERNAME%-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 11.10.2011 11:35:55 | Computer Name = %BENUTZERNAME%-PC | Source = MCUpdate | ID = 0
Description = 17:35:46 - Fehler beim Herstellen der Internetverbindung.  17:35:46 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.10.2011 09:10:49 | Computer Name = %BENUTZERNAME%-PC | Source = MCUpdate | ID = 0
Description = 15:10:49 - Fehler beim Herstellen der Internetverbindung.  15:10:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.10.2011 09:13:52 | Computer Name = %BENUTZERNAME%-PC | Source = MCUpdate | ID = 0
Description = 15:13:43 - Fehler beim Herstellen der Internetverbindung.  15:13:43 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.10.2011 02:48:27 | Computer Name = %BENUTZERNAME%-PC | Source = MCUpdate | ID = 0
Description = 08:48:19 - Fehler beim Herstellen der Internetverbindung.  08:48:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.10.2011 09:20:50 | Computer Name = %BENUTZERNAME%-PC | Source = MCUpdate | ID = 0
Description = 15:20:50 - Fehler beim Herstellen der Internetverbindung.  15:20:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.10.2011 09:23:51 | Computer Name = %BENUTZERNAME%-PC | Source = MCUpdate | ID = 0
Description = 15:23:44 - Fehler beim Herstellen der Internetverbindung.  15:23:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.10.2011 11:35:33 | Computer Name = %BENUTZERNAME%-PC | Source = MCUpdate | ID = 0
Description = 17:35:33 - Fehler beim Herstellen der Internetverbindung.  17:35:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.10.2011 11:38:35 | Computer Name = %BENUTZERNAME%-PC | Source = MCUpdate | ID = 0
Description = 17:38:26 - Fehler beim Herstellen der Internetverbindung.  17:38:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.10.2011 18:05:57 | Computer Name = %BENUTZERNAME%-PC | Source = MCUpdate | ID = 0
Description = 00:05:56 - Fehler beim Herstellen der Internetverbindung.  00:05:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.10.2011 18:08:58 | Computer Name = %BENUTZERNAME%-PC | Source = MCUpdate | ID = 0
Description = 00:08:50 - Fehler beim Herstellen der Internetverbindung.  00:08:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 01.09.2012 05:19:39 | Computer Name = %BENUTZERNAME%-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.09.2012 05:21:09 | Computer Name = %BENUTZERNAME%-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.09.2012 05:21:22 | Computer Name = %BENUTZERNAME%-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.09.2012 05:25:53 | Computer Name = %BENUTZERNAME%-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.09.2012 05:26:06 | Computer Name = %BENUTZERNAME%-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.09.2012 05:26:40 | Computer Name = %BENUTZERNAME%-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.09.2012 05:26:50 | Computer Name = %BENUTZERNAME%-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.09.2012 06:32:17 | Computer Name = %BENUTZERNAME%-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.09.2012 07:39:18 | Computer Name = %BENUTZERNAME%-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 01.09.2012 07:39:18 | Computer Name = %BENUTZERNAME%-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >


adwcleaner und EmsisoftAntiMalwareSetup habe ich schon besorgt, wie soll ich weiter vorgehen? Danke für eurer Hilfe!
Geändert von Mykron (01.09.2012 um 13:09 Uhr)

Alt 01.09.2012, 14:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.


Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Im als Administrator geöffneten Browser diesen Link aufrufen => ESET Online Scanner
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Alt 01.09.2012, 18:07   #3
Mykron
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Einen anderen MWBAM log habe ich nicht, das war der erste. Da ist nur noch die Log Datei, wo protokolliert wird, das der Hintergrundwächter an ging.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3a6661b450c2db43a90634d11e0eedd3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-01 04:59:51
# local_time=2012-09-01 06:59:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 17452 98144522 0 0
# compatibility_mode=8192 67108863 100 0 133 133 0 0
# scanned=178403
# found=0
# cleaned=0
# scan_time=5460
Danke, dass du dich meiner annimst. Ein OTL Fix ist unnötig?
__________________
Alt 03.09.2012, 15:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.09.2012, 21:38   #5
Mykron
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 09/03/2012 um 22:35:12 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Admin - *****-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Admin\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Admin\AppData\Roaming\toolplugin
Ordner Gefunden : C:\Users\*****\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v6.0.2 (de)

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mbd8ed01.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7mpxomti.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1465 octets] - [03/09/2012 22:35:12]

########## EOF - C:\AdwCleaner[R1].txt - [1525 octets] ##########
Der Log zeigt Firefox 6, ich habe aber hier einen 15er offen, mit diesem arbeite ich. Das ist merkwürdig. Von 6er aus hatte ich vor kurzen aktualisiert. Im Menü zur Deinstallation von Programme wird auf beide Versionen Verwiesen. zum deistallieren wird aber der selbe Ordner angeboten. Ist wohl ein Updateproblem gewesen. Das bekomme ich hin, wenn hir erstmal alles OK ist.

Geändert von Mykron (03.09.2012 um 21:47 Uhr)

Alt 04.09.2012, 09:04   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
--> GVU Trojaner auch bei mir

Alt 04.09.2012, 11:19   #7
Mykron
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 09/04/2012 um 12:14:26 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Admin - *****-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Admin\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\toolplugin
Ordner Gelöscht : C:\Users\*****\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v6.0.2 (de)

Profilname : default 
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mbd8ed01.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7mpxomti.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1594 octets] - [03/09/2012 22:35:12]
AdwCleaner[R2].txt - [1654 octets] - [03/09/2012 22:44:02]
AdwCleaner[S2].txt - [1844 octets] - [04/09/2012 12:14:26]

########## EOF - C:\AdwCleaner[S2].txt - [1904 octets] ##########

Alt 04.09.2012, 16:16   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.09.2012, 17:00   #9
Mykron
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Gerne:

1.) Rechner läuft einwandfrei im normalen Modus, kann schon seit meinen eigenen Schritten (löschen von C:\PragramData\roper0dun.exe) nichts ungewöhnliches erkennen.

2.) Nichts ungewöhnliches auch im Startmenü, alle vorhandenen Ordner sind erwartet und mit den zugehörigen Links gefüllt. Es scheint nichts zu fehlen. Auch alle Icons stimmen.
Geändert von Mykron (04.09.2012 um 17:10 Uhr)

Alt 04.09.2012, 19:14   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.09.2012, 11:06   #11
Mykron
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Code:
ATTFilter
OTL logfile created on: 05.09.2012 11:49:31 - Run 3
OTL by OldTimer - Version 3.2.61.0     Folder = C:\Users\Admin\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 68,98% Memory free
6,49 Gb Paging File | 5,48 Gb Available in Paging File | 84,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 567,94 Gb Free Space | 95,28% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 336,39 Gb Free Space | 56,43% Space Free | Partition Type: NTFS
Drive E: | 259,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: *****-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 1B AD 28 EC 89 CC 01  [binary data]
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.28 15:57:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.01 12:17:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.01 11:06:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.01 12:17:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.01 11:06:58 | 000,000,000 | ---D | M]
 
[2012.09.01 11:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.09.03 22:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\7mpxomti.default\extensions
[2011.08.28 01:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.01 12:17:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.01 11:04:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 12:17:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.01 11:04:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.01 11:04:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.08 19:47:47 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012.09.01 11:04:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.01 11:04:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Programme\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-4016740758-2741641857-2634709060-1001..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6510FABB-189A-4FC2-BEE6-3EF395115855}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: EEventManager - hkey= - key= -  File not found
MsConfig - StartUpReg: Sidebar - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.05 11:47:45 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.09.01 17:29:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Macromedia
[2012.09.01 17:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.01 12:20:37 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5
[2012.09.01 12:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 3.5
[2012.09.01 12:09:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Secunia PSI
[2012.09.01 11:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.09.01 11:14:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\LibreOffice
[2012.09.01 11:05:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Adobe
[2012.09.01 11:02:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012.09.01 11:02:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
[2012.09.01 00:47:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012.09.01 00:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.01 00:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.01 00:47:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.01 00:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.05 11:52:13 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.05 11:52:13 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.05 11:52:13 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.05 11:52:13 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.05 11:47:48 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012.09.05 11:45:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.05 11:44:53 | 2615,611,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.04 17:59:51 | 000,021,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.04 17:59:51 | 000,021,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.02 20:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.01 13:39:33 | 000,322,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.01 12:20:37 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012.09.01 12:13:05 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.01 11:18:59 | 000,001,074 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.09.01 00:58:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2012.09.01 12:20:37 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012.09.01 12:11:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.01 11:18:59 | 000,001,074 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.09.01 11:18:59 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011.09.22 14:30:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.09.22 14:30:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.08.28 01:33:34 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2011.08.28 00:39:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.21 02:46:14 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== LOP Check ==========
 
[2011.09.22 14:30:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreePDF
[2011.08.28 17:18:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2012.09.01 11:14:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LibreOffice
[2012.07.14 22:41:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2011.09.22 14:24:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Epson
[2011.08.28 13:55:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GHISLER
[2011.08.28 01:11:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gsmartcontrol
[2011.10.10 23:49:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView
[2011.08.28 02:25:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LibreOffice
[2012.07.16 20:41:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin
[2012.07.29 16:21:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Research In Motion
[2012.08.20 18:00:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.01 11:05:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2011.11.16 04:02:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2011.09.22 14:30:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreePDF
[2011.10.04 00:01:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2011.08.28 17:18:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2012.09.01 11:14:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LibreOffice
[2011.10.04 00:21:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2012.09.01 00:47:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2010.11.21 02:55:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012.09.01 11:05:31 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2012.09.03 22:40:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012.07.14 22:41:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2011.10.08 19:51:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

Alt 05.09.2012, 14:52   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
FF - user.js - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) -  File not found
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.09.2012, 17:27   #13
Mykron
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Admin\Desktop\cmd.bat deleted successfully.
C:\Users\Admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 249293835 bytes
->Temporary Internet Files folder emptied: 56364584 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58963404 bytes
->Flash cache emptied: 506 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: *****
->Temp folder emptied: 761436 bytes
->Temporary Internet Files folder emptied: 10868693 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 65021334 bytes
->Flash cache emptied: 120791 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17462 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 421,00 mb
 
 
[EMPTYFLASH]
 
User: Admin
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: *****
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.0 log created on 09052012_182118

Files\Folders moved on Reboot...
File\Folder C:\Users\*****\AppData\Local\Temp\2011-09-16-1183503726_04-RG.PDF  not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 06.09.2012, 12:27   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.09.2012, 16:09   #15
Mykron
 
GVU Trojaner auch bei mir - Standard

GVU Trojaner auch bei mir


Code:
ATTFilter
17:04:37.0413 1224  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:04:37.0615 1224  ============================================================
17:04:37.0615 1224  Current date / time: 2012/09/06 17:04:37.0615
17:04:37.0615 1224  SystemInfo:
17:04:37.0615 1224  
17:04:37.0615 1224  OS Version: 6.1.7601 ServicePack: 1.0
17:04:37.0615 1224  Product type: Workstation
17:04:37.0615 1224  ComputerName: *****-PC
17:04:37.0615 1224  UserName: Admin
17:04:37.0615 1224  Windows directory: C:\Windows
17:04:37.0615 1224  System windows directory: C:\Windows
17:04:37.0615 1224  Processor architecture: Intel x86
17:04:37.0615 1224  Number of processors: 4
17:04:37.0615 1224  Page size: 0x1000
17:04:37.0615 1224  Boot type: Normal boot
17:04:37.0615 1224  ============================================================
17:04:39.0160 1224  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:04:39.0175 1224  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:04:39.0238 1224  ============================================================
17:04:39.0238 1224  \Device\Harddisk0\DR0:
17:04:39.0238 1224  MBR partitions:
17:04:39.0238 1224  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:04:39.0238 1224  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
17:04:39.0238 1224  \Device\Harddisk1\DR1:
17:04:39.0238 1224  MBR partitions:
17:04:39.0238 1224  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
17:04:39.0238 1224  ============================================================
17:04:39.0253 1224  C: <-> \Device\Harddisk0\DR0\Partition2
17:04:39.0269 1224  D: <-> \Device\Harddisk1\DR1\Partition1
17:04:39.0269 1224  ============================================================
17:04:39.0269 1224  Initialize success
17:04:39.0269 1224  ============================================================
17:04:46.0929 3380  ============================================================
17:04:46.0929 3380  Scan started
17:04:46.0929 3380  Mode: Manual; SigCheck; TDLFS; 
17:04:46.0929 3380  ============================================================
17:04:48.0645 3380  ================ Scan system memory ========================
17:04:48.0645 3380  System memory - ok
17:04:48.0645 3380  ================ Scan services =============================
17:04:48.0770 3380  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
17:04:48.0879 3380  1394ohci - ok
17:04:48.0894 3380  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:04:48.0910 3380  ACPI - ok
17:04:48.0926 3380  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:04:48.0972 3380  AcpiPmi - ok
17:04:49.0050 3380  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:04:49.0082 3380  AdobeARMservice - ok
17:04:49.0144 3380  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:04:49.0160 3380  AdobeFlashPlayerUpdateSvc - ok
17:04:49.0175 3380  Scan interrupted by user!
17:04:49.0175 3380  ================ Scan global ===============================
17:04:49.0175 3380  Scan interrupted by user!
17:04:49.0175 3380  ================ Scan MBR ==================================
17:04:49.0175 3380  Scan interrupted by user!
17:04:49.0175 3380  ================ Scan VBR ==================================
17:04:49.0175 3380  Scan interrupted by user!
17:04:49.0175 3380  ============================================================
17:04:49.0175 3380  Scan finished
17:04:49.0175 3380  ============================================================
17:04:49.0175 3344  Detected object count: 0
17:04:49.0175 3344  Actual detected object count: 0
17:06:37.0049 0776  ============================================================
17:06:37.0049 0776  Scan started
17:06:37.0049 0776  Mode: Manual; SigCheck; TDLFS; 
17:06:37.0049 0776  ============================================================
17:06:38.0516 0776  ================ Scan system memory ========================
17:06:38.0516 0776  System memory - ok
17:06:38.0516 0776  ================ Scan services =============================
17:06:38.0656 0776  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
17:06:38.0672 0776  1394ohci - ok
17:06:38.0687 0776  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:06:38.0703 0776  ACPI - ok
17:06:38.0718 0776  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:06:38.0734 0776  AcpiPmi - ok
17:06:38.0796 0776  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:06:38.0796 0776  AdobeARMservice - ok
17:06:38.0843 0776  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:06:38.0859 0776  AdobeFlashPlayerUpdateSvc - ok
17:06:38.0874 0776  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:06:38.0890 0776  adp94xx - ok
17:06:38.0921 0776  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:06:38.0937 0776  adpahci - ok
17:06:38.0968 0776  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:06:38.0984 0776  adpu320 - ok
17:06:38.0999 0776  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:06:39.0030 0776  AeLookupSvc - ok
17:06:39.0077 0776  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
17:06:39.0108 0776  AFD - ok
17:06:39.0140 0776  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:06:39.0140 0776  agp440 - ok
17:06:39.0171 0776  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:06:39.0186 0776  aic78xx - ok
17:06:39.0202 0776  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
17:06:39.0218 0776  ALG - ok
17:06:39.0233 0776  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:06:39.0249 0776  aliide - ok
17:06:39.0280 0776  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:06:39.0296 0776  AMD External Events Utility - ok
17:06:39.0311 0776  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:06:39.0327 0776  amdagp - ok
17:06:39.0327 0776  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:06:39.0342 0776  amdide - ok
17:06:39.0358 0776  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:06:39.0374 0776  AmdK8 - ok
17:06:39.0389 0776  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:06:39.0420 0776  AmdPPM - ok
17:06:39.0436 0776  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:06:39.0452 0776  amdsata - ok
17:06:39.0467 0776  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:06:39.0483 0776  amdsbs - ok
17:06:39.0498 0776  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:06:39.0514 0776  amdxata - ok
17:06:39.0545 0776  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
17:06:39.0576 0776  AppID - ok
17:06:39.0592 0776  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:06:39.0623 0776  AppIDSvc - ok
17:06:39.0654 0776  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
17:06:39.0686 0776  Appinfo - ok
17:06:39.0764 0776  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:06:39.0779 0776  Apple Mobile Device - ok
17:06:39.0810 0776  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:06:39.0826 0776  AppMgmt - ok
17:06:39.0842 0776  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
17:06:39.0857 0776  arc - ok
17:06:39.0857 0776  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:06:39.0873 0776  arcsas - ok
17:06:39.0904 0776  [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
17:06:39.0935 0776  aswFsBlk - ok
17:06:39.0966 0776  [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
17:06:39.0982 0776  aswMonFlt - ok
17:06:40.0013 0776  [ 924819669AFD0EDF5C067193D371FAB0 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
17:06:40.0013 0776  aswRdr - ok
17:06:40.0044 0776  [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
17:06:40.0060 0776  aswSnx - ok
17:06:40.0076 0776  [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
17:06:40.0091 0776  aswSP - ok
17:06:40.0107 0776  [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
17:06:40.0122 0776  aswTdi - ok
17:06:40.0122 0776  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:06:40.0169 0776  AsyncMac - ok
17:06:40.0185 0776  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
17:06:40.0200 0776  atapi - ok
17:06:40.0310 0776  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:06:40.0403 0776  atikmdag - ok
17:06:40.0434 0776  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:06:40.0481 0776  AudioEndpointBuilder - ok
17:06:40.0481 0776  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:06:40.0512 0776  Audiosrv - ok
17:06:40.0575 0776  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:06:40.0590 0776  avast! Antivirus - ok
17:06:40.0622 0776  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:06:40.0653 0776  AxInstSV - ok
17:06:40.0684 0776  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
17:06:40.0715 0776  b06bdrv - ok
17:06:40.0746 0776  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:06:40.0778 0776  b57nd60x - ok
17:06:40.0793 0776  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:06:40.0809 0776  BDESVC - ok
17:06:40.0825 0776  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:06:40.0871 0776  Beep - ok
17:06:40.0903 0776  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
17:06:40.0934 0776  BFE - ok
17:06:40.0965 0776  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
17:06:40.0996 0776  BITS - ok
17:06:41.0012 0776  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:06:41.0027 0776  blbdrive - ok
17:06:41.0059 0776  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:06:41.0074 0776  Bonjour Service - ok
17:06:41.0090 0776  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:06:41.0121 0776  bowser - ok
17:06:41.0137 0776  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:06:41.0168 0776  BrFiltLo - ok
17:06:41.0183 0776  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:06:41.0215 0776  BrFiltUp - ok
17:06:41.0230 0776  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
17:06:41.0246 0776  Browser - ok
17:06:41.0261 0776  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:06:41.0277 0776  Brserid - ok
17:06:41.0293 0776  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:06:41.0308 0776  BrSerWdm - ok
17:06:41.0324 0776  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:06:41.0339 0776  BrUsbMdm - ok
17:06:41.0371 0776  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:06:41.0402 0776  BrUsbSer - ok
17:06:41.0433 0776  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
17:06:41.0464 0776  BthEnum - ok
17:06:41.0480 0776  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:06:41.0511 0776  BTHMODEM - ok
17:06:41.0527 0776  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:06:41.0542 0776  BthPan - ok
17:06:41.0558 0776  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
17:06:41.0589 0776  BTHPORT - ok
17:06:41.0636 0776  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
17:06:41.0651 0776  bthserv - ok
17:06:41.0683 0776  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
17:06:41.0698 0776  BTHUSB - ok
17:06:41.0714 0776  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:06:41.0761 0776  cdfs - ok
17:06:41.0807 0776  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:06:41.0823 0776  cdrom - ok
17:06:41.0854 0776  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:06:41.0870 0776  CertPropSvc - ok
17:06:41.0901 0776  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:06:41.0932 0776  circlass - ok
17:06:41.0948 0776  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
17:06:41.0963 0776  CLFS - ok
17:06:42.0026 0776  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:06:42.0026 0776  clr_optimization_v2.0.50727_32 - ok
17:06:42.0088 0776  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:06:42.0104 0776  clr_optimization_v4.0.30319_32 - ok
17:06:42.0104 0776  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:06:42.0135 0776  CmBatt - ok
17:06:42.0151 0776  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:06:42.0166 0776  cmdide - ok
17:06:42.0213 0776  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
17:06:42.0244 0776  CNG - ok
17:06:42.0244 0776  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:06:42.0260 0776  Compbatt - ok
17:06:42.0291 0776  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:06:42.0307 0776  CompositeBus - ok
17:06:42.0322 0776  COMSysApp - ok
17:06:42.0338 0776  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:06:42.0353 0776  crcdisk - ok
17:06:42.0385 0776  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:06:42.0416 0776  CryptSvc - ok
17:06:42.0431 0776  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
17:06:42.0463 0776  CSC - ok
17:06:42.0494 0776  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
17:06:42.0525 0776  CscService - ok
17:06:42.0556 0776  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:06:42.0587 0776  DcomLaunch - ok
17:06:42.0619 0776  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:06:42.0665 0776  defragsvc - ok
17:06:42.0665 0776  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:06:42.0697 0776  DfsC - ok
17:06:42.0712 0776  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:06:42.0743 0776  Dhcp - ok
17:06:42.0759 0776  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
17:06:42.0775 0776  discache - ok
17:06:42.0821 0776  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
17:06:42.0837 0776  Disk - ok
17:06:42.0853 0776  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
17:06:42.0868 0776  dmvsc - ok
17:06:42.0884 0776  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:06:42.0915 0776  Dnscache - ok
17:06:42.0931 0776  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:06:42.0977 0776  dot3svc - ok
17:06:42.0993 0776  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
17:06:43.0024 0776  DPS - ok
17:06:43.0055 0776  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:06:43.0071 0776  drmkaud - ok
17:06:43.0102 0776  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:06:43.0118 0776  DXGKrnl - ok
17:06:43.0165 0776  [ 0535BFBEDB9378DDD15BDF9957D57D71 ] e1express       C:\Windows\system32\DRIVERS\e1e6232.sys
17:06:43.0165 0776  e1express - ok
17:06:43.0196 0776  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
17:06:43.0243 0776  EapHost - ok
17:06:43.0305 0776  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
17:06:43.0367 0776  ebdrv - ok
17:06:43.0383 0776  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
17:06:43.0414 0776  EFS - ok
17:06:43.0461 0776  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:06:43.0492 0776  ehRecvr - ok
17:06:43.0523 0776  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
17:06:43.0555 0776  ehSched - ok
17:06:43.0570 0776  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:06:43.0601 0776  elxstor - ok
17:06:43.0601 0776  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:06:43.0633 0776  ErrDev - ok
17:06:43.0679 0776  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
17:06:43.0726 0776  EventSystem - ok
17:06:43.0742 0776  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
17:06:43.0757 0776  exfat - ok
17:06:43.0773 0776  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:06:43.0820 0776  fastfat - ok
17:06:43.0851 0776  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
17:06:43.0882 0776  Fax - ok
17:06:43.0898 0776  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
17:06:43.0913 0776  fdc - ok
17:06:43.0913 0776  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
17:06:43.0945 0776  fdPHost - ok
17:06:43.0960 0776  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
17:06:43.0991 0776  FDResPub - ok
17:06:43.0991 0776  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:06:44.0007 0776  FileInfo - ok
17:06:44.0007 0776  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:06:44.0054 0776  Filetrace - ok
17:06:44.0054 0776  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:06:44.0085 0776  flpydisk - ok
17:06:44.0101 0776  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:06:44.0116 0776  FltMgr - ok
17:06:44.0163 0776  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
17:06:44.0194 0776  FontCache - ok
17:06:44.0257 0776  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:06:44.0257 0776  FontCache3.0.0.0 - ok
17:06:44.0272 0776  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:06:44.0288 0776  FsDepends - ok
17:06:44.0319 0776  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:06:44.0319 0776  Fs_Rec - ok
17:06:44.0350 0776  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:06:44.0366 0776  fvevol - ok
17:06:44.0381 0776  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:06:44.0397 0776  gagp30kx - ok
17:06:44.0428 0776  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:06:44.0444 0776  GEARAspiWDM - ok
17:06:44.0491 0776  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:06:44.0553 0776  gpsvc - ok
17:06:44.0631 0776  [ 89364CC2A694364F4AA148B7CB802D57 ] HCW85BDA        C:\Windows\system32\drivers\HCW85BDA.sys
17:06:44.0662 0776  HCW85BDA - ok
17:06:44.0662 0776  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:06:44.0693 0776  hcw85cir - ok
17:06:44.0709 0776  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:06:44.0740 0776  HdAudAddService - ok
17:06:44.0771 0776  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:06:44.0787 0776  HDAudBus - ok
17:06:44.0803 0776  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:06:44.0834 0776  HidBatt - ok
17:06:44.0849 0776  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:06:44.0896 0776  HidBth - ok
17:06:44.0927 0776  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:06:44.0959 0776  HidIr - ok
17:06:44.0990 0776  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
17:06:45.0021 0776  hidserv - ok
17:06:45.0083 0776  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:06:45.0115 0776  HidUsb - ok
17:06:45.0130 0776  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:06:45.0161 0776  hkmsvc - ok
17:06:45.0193 0776  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:06:45.0239 0776  HomeGroupListener - ok
17:06:45.0271 0776  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:06:45.0333 0776  HomeGroupProvider - ok
17:06:45.0349 0776  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:06:45.0364 0776  HpSAMD - ok
17:06:45.0395 0776  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:06:45.0427 0776  HTTP - ok
17:06:45.0427 0776  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:06:45.0442 0776  hwpolicy - ok
17:06:45.0473 0776  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:06:45.0489 0776  i8042prt - ok
17:06:45.0520 0776  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:06:45.0536 0776  iaStorV - ok
17:06:45.0567 0776  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:06:45.0598 0776  idsvc - ok
17:06:45.0629 0776  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:06:45.0645 0776  iirsp - ok
17:06:45.0676 0776  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:06:45.0723 0776  IKEEXT - ok
17:06:45.0754 0776  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:06:45.0754 0776  intelide - ok
17:06:45.0770 0776  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:06:45.0785 0776  intelppm - ok
17:06:45.0801 0776  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:06:45.0832 0776  IPBusEnum - ok
17:06:45.0848 0776  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:06:45.0895 0776  IpFilterDriver - ok
17:06:45.0910 0776  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:06:45.0957 0776  iphlpsvc - ok
17:06:45.0973 0776  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:06:45.0988 0776  IPMIDRV - ok
17:06:45.0988 0776  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:06:46.0019 0776  IPNAT - ok
17:06:46.0097 0776  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:06:46.0113 0776  iPod Service - ok
17:06:46.0144 0776  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:06:46.0175 0776  IRENUM - ok
17:06:46.0191 0776  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:06:46.0207 0776  isapnp - ok
17:06:46.0222 0776  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:06:46.0238 0776  iScsiPrt - ok
17:06:46.0253 0776  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:06:46.0269 0776  kbdclass - ok
17:06:46.0300 0776  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:06:46.0300 0776  kbdhid - ok
17:06:46.0316 0776  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
17:06:46.0331 0776  KeyIso - ok
17:06:46.0363 0776  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:06:46.0378 0776  KSecDD - ok
17:06:46.0394 0776  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:06:46.0409 0776  KSecPkg - ok
17:06:46.0425 0776  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:06:46.0472 0776  KtmRm - ok
17:06:46.0503 0776  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:06:46.0550 0776  LanmanServer - ok
17:06:46.0581 0776  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:06:46.0612 0776  LanmanWorkstation - ok
17:06:46.0644 0776  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:06:46.0691 0776  lltdio - ok
17:06:46.0722 0776  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:06:46.0754 0776  lltdsvc - ok
17:06:46.0769 0776  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:06:46.0816 0776  lmhosts - ok
17:06:46.0832 0776  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:06:46.0847 0776  LSI_FC - ok
17:06:46.0878 0776  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:06:46.0894 0776  LSI_SAS - ok
17:06:46.0910 0776  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:06:46.0925 0776  LSI_SAS2 - ok
17:06:46.0925 0776  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:06:46.0941 0776  LSI_SCSI - ok
17:06:46.0941 0776  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
17:06:46.0988 0776  luafv - ok
17:06:47.0019 0776  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:06:47.0034 0776  MBAMProtector - ok
17:06:47.0081 0776  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:06:47.0097 0776  MBAMService - ok
17:06:47.0128 0776  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:06:47.0144 0776  Mcx2Svc - ok
17:06:47.0159 0776  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:06:47.0175 0776  megasas - ok
17:06:47.0190 0776  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:06:47.0206 0776  MegaSR - ok
17:06:47.0222 0776  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
17:06:47.0268 0776  MMCSS - ok
17:06:47.0268 0776  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
17:06:47.0300 0776  Modem - ok
17:06:47.0315 0776  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:06:47.0346 0776  monitor - ok
17:06:47.0362 0776  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:06:47.0378 0776  mouclass - ok
17:06:47.0424 0776  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:06:47.0440 0776  mouhid - ok
17:06:47.0456 0776  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:06:47.0471 0776  mountmgr - ok
17:06:47.0487 0776  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:06:47.0502 0776  mpio - ok
17:06:47.0502 0776  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:06:47.0534 0776  mpsdrv - ok
17:06:47.0549 0776  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:06:47.0596 0776  MpsSvc - ok
17:06:47.0612 0776  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:06:47.0643 0776  MRxDAV - ok
17:06:47.0658 0776  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:06:47.0674 0776  mrxsmb - ok
17:06:47.0690 0776  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:06:47.0705 0776  mrxsmb10 - ok
17:06:47.0721 0776  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:06:47.0752 0776  mrxsmb20 - ok
17:06:47.0799 0776  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
17:06:47.0814 0776  msahci - ok
17:06:47.0830 0776  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:06:47.0846 0776  msdsm - ok
17:06:47.0861 0776  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
17:06:47.0892 0776  MSDTC - ok
17:06:47.0924 0776  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:06:47.0939 0776  Msfs - ok
17:06:47.0955 0776  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:06:47.0986 0776  mshidkmdf - ok
17:06:47.0986 0776  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:06:48.0002 0776  msisadrv - ok
17:06:48.0033 0776  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:06:48.0080 0776  MSiSCSI - ok
17:06:48.0080 0776  msiserver - ok
17:06:48.0095 0776  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:06:48.0126 0776  MSKSSRV - ok
17:06:48.0126 0776  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:06:48.0158 0776  MSPCLOCK - ok
17:06:48.0173 0776  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:06:48.0220 0776  MSPQM - ok
17:06:48.0236 0776  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:06:48.0251 0776  MsRPC - ok
17:06:48.0251 0776  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:06:48.0267 0776  mssmbios - ok
17:06:48.0267 0776  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:06:48.0298 0776  MSTEE - ok
17:06:48.0314 0776  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:06:48.0345 0776  MTConfig - ok
17:06:48.0345 0776  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:06:48.0360 0776  Mup - ok
17:06:48.0392 0776  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
17:06:48.0438 0776  napagent - ok
17:06:48.0470 0776  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:06:48.0485 0776  NativeWifiP - ok
17:06:48.0516 0776  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:06:48.0532 0776  NDIS - ok
17:06:48.0548 0776  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:06:48.0579 0776  NdisCap - ok
17:06:48.0610 0776  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:06:48.0641 0776  NdisTapi - ok
17:06:48.0657 0776  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:06:48.0688 0776  Ndisuio - ok
17:06:48.0704 0776  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:06:48.0750 0776  NdisWan - ok
17:06:48.0766 0776  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:06:48.0782 0776  NDProxy - ok
17:06:48.0797 0776  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:06:48.0828 0776  NetBIOS - ok
17:06:48.0844 0776  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:06:48.0875 0776  NetBT - ok
17:06:48.0891 0776  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
17:06:48.0906 0776  Netlogon - ok
17:06:48.0938 0776  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
17:06:48.0969 0776  Netman - ok
17:06:48.0984 0776  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
17:06:49.0031 0776  netprofm - ok
17:06:49.0062 0776  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:06:49.0062 0776  NetTcpPortSharing - ok
17:06:49.0078 0776  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:06:49.0094 0776  nfrd960 - ok
17:06:49.0109 0776  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:06:49.0156 0776  NlaSvc - ok
17:06:49.0172 0776  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:06:49.0203 0776  Npfs - ok
17:06:49.0218 0776  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
17:06:49.0250 0776  nsi - ok
17:06:49.0265 0776  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:06:49.0296 0776  nsiproxy - ok
17:06:49.0328 0776  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:06:49.0359 0776  Ntfs - ok
17:06:49.0374 0776  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
17:06:49.0390 0776  Null - ok
17:06:49.0421 0776  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:06:49.0421 0776  nvraid - ok
17:06:49.0437 0776  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:06:49.0452 0776  nvstor - ok
17:06:49.0468 0776  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:06:49.0484 0776  nv_agp - ok
17:06:49.0499 0776  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:06:49.0515 0776  ohci1394 - ok
17:06:49.0546 0776  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:06:49.0577 0776  p2pimsvc - ok
17:06:49.0593 0776  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:06:49.0624 0776  p2psvc - ok
17:06:49.0640 0776  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
17:06:49.0655 0776  Parport - ok
17:06:49.0686 0776  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:06:49.0702 0776  partmgr - ok
17:06:49.0702 0776  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:06:49.0718 0776  Parvdm - ok
17:06:49.0733 0776  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:06:49.0749 0776  PcaSvc - ok
17:06:49.0764 0776  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
17:06:49.0780 0776  pci - ok
17:06:49.0780 0776  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
17:06:49.0796 0776  pciide - ok
17:06:49.0811 0776  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:06:49.0827 0776  pcmcia - ok
17:06:49.0827 0776  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
17:06:49.0842 0776  pcw - ok
17:06:49.0874 0776  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:06:49.0905 0776  PEAUTH - ok
17:06:49.0952 0776  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:06:49.0983 0776  PeerDistSvc - ok
17:06:50.0030 0776  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
17:06:50.0092 0776  pla - ok
17:06:50.0123 0776  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:06:50.0154 0776  PlugPlay - ok
17:06:50.0170 0776  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:06:50.0201 0776  PNRPAutoReg - ok
17:06:50.0201 0776  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:06:50.0232 0776  PNRPsvc - ok
17:06:50.0310 0776  [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32         C:\Windows\system32\DRIVERS\point32.sys
17:06:50.0326 0776  Point32 - ok
17:06:50.0373 0776  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:06:50.0420 0776  PolicyAgent - ok
17:06:50.0451 0776  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
17:06:50.0482 0776  Power - ok
17:06:50.0544 0776  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:06:50.0576 0776  PptpMiniport - ok
17:06:50.0591 0776  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
17:06:50.0622 0776  Processor - ok
17:06:50.0685 0776  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
17:06:50.0716 0776  ProfSvc - ok
17:06:50.0732 0776  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:06:50.0747 0776  ProtectedStorage - ok
17:06:50.0794 0776  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:06:50.0841 0776  Psched - ok
17:06:50.0888 0776  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
17:06:50.0903 0776  PSI - ok
17:06:51.0012 0776  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:06:51.0044 0776  ql2300 - ok
17:06:51.0075 0776  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:06:51.0106 0776  ql40xx - ok
17:06:51.0153 0776  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
17:06:51.0200 0776  QWAVE - ok
17:06:51.0215 0776  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:06:51.0231 0776  QWAVEdrv - ok
17:06:51.0246 0776  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:06:51.0293 0776  RasAcd - ok
17:06:51.0340 0776  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:06:51.0371 0776  RasAgileVpn - ok
17:06:51.0496 0776  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
17:06:51.0527 0776  RasAuto - ok
17:06:51.0558 0776  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:06:51.0605 0776  Rasl2tp - ok
17:06:51.0636 0776  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
17:06:51.0683 0776  RasMan - ok
17:06:51.0683 0776  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:06:51.0714 0776  RasPppoe - ok
17:06:51.0746 0776  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:06:51.0792 0776  RasSstp - ok
17:06:51.0855 0776  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:06:51.0933 0776  rdbss - ok
17:06:51.0948 0776  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:06:51.0964 0776  rdpbus - ok
17:06:51.0980 0776  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:06:52.0026 0776  RDPCDD - ok
17:06:52.0058 0776  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:06:52.0073 0776  RDPDR - ok
17:06:52.0120 0776  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:06:52.0151 0776  RDPENCDD - ok
17:06:52.0182 0776  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:06:52.0214 0776  RDPREFMP - ok
17:06:52.0245 0776  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:06:52.0276 0776  RDPWD - ok
17:06:52.0307 0776  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:06:52.0338 0776  rdyboost - ok
17:06:52.0370 0776  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:06:52.0401 0776  RemoteAccess - ok
17:06:52.0416 0776  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:06:52.0448 0776  RemoteRegistry - ok
17:06:52.0479 0776  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:06:52.0510 0776  RFCOMM - ok
17:06:52.0588 0776  [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
17:06:52.0604 0776  RimUsb - ok
17:06:52.0650 0776  [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
17:06:52.0682 0776  RimVSerPort - ok
17:06:52.0713 0776  [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
17:06:52.0760 0776  ROOTMODEM - ok
17:06:52.0806 0776  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:06:52.0838 0776  RpcEptMapper - ok
17:06:52.0869 0776  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
17:06:52.0931 0776  RpcLocator - ok
17:06:52.0962 0776  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
17:06:52.0994 0776  RpcSs - ok
17:06:53.0009 0776  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:06:53.0056 0776  rspndr - ok
17:06:53.0072 0776  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:06:53.0103 0776  s3cap - ok
17:06:53.0134 0776  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
17:06:53.0134 0776  SamSs - ok
17:06:53.0181 0776  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:06:53.0196 0776  sbp2port - ok
17:06:53.0212 0776  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:06:53.0259 0776  SCardSvr - ok
17:06:53.0274 0776  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:06:53.0306 0776  scfilter - ok
17:06:53.0337 0776  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
17:06:53.0384 0776  Schedule - ok
17:06:53.0399 0776  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:06:53.0415 0776  SCPolicySvc - ok
17:06:53.0430 0776  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:06:53.0446 0776  SDRSVC - ok
17:06:53.0462 0776  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:06:53.0493 0776  secdrv - ok
17:06:53.0508 0776  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
17:06:53.0555 0776  seclogon - ok
17:06:53.0711 0776  [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
17:06:53.0742 0776  Secunia PSI Agent - ok
17:06:53.0820 0776  [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
17:06:53.0852 0776  Secunia Update Agent - ok
17:06:53.0867 0776  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
17:06:53.0914 0776  SENS - ok
17:06:53.0930 0776  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:06:53.0961 0776  SensrSvc - ok
17:06:53.0976 0776  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:06:53.0992 0776  Serenum - ok
17:06:54.0008 0776  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\drivers\serial.sys
17:06:54.0023 0776  Serial - ok
17:06:54.0054 0776  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:06:54.0070 0776  sermouse - ok
17:06:54.0101 0776  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:06:54.0132 0776  SessionEnv - ok
17:06:54.0132 0776  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:06:54.0164 0776  sffdisk - ok
17:06:54.0164 0776  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:06:54.0179 0776  sffp_mmc - ok
17:06:54.0195 0776  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:06:54.0226 0776  sffp_sd - ok
17:06:54.0226 0776  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:06:54.0242 0776  sfloppy - ok
17:06:54.0257 0776  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:06:54.0288 0776  SharedAccess - ok
17:06:54.0320 0776  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:06:54.0351 0776  ShellHWDetection - ok
17:06:54.0366 0776  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:06:54.0382 0776  sisagp - ok
17:06:54.0398 0776  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:06:54.0413 0776  SiSRaid2 - ok
17:06:54.0429 0776  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:06:54.0444 0776  SiSRaid4 - ok
17:06:54.0460 0776  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:06:54.0491 0776  Smb - ok
17:06:54.0522 0776  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:06:54.0554 0776  SNMPTRAP - ok
17:06:54.0554 0776  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:06:54.0569 0776  spldr - ok
17:06:54.0600 0776  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
17:06:54.0632 0776  Spooler - ok
17:06:54.0694 0776  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
17:06:54.0756 0776  sppsvc - ok
17:06:54.0772 0776  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:06:54.0803 0776  sppuinotify - ok
17:06:54.0834 0776  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:06:54.0866 0776  srv - ok
17:06:54.0881 0776  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:06:54.0912 0776  srv2 - ok
17:06:54.0928 0776  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:06:54.0959 0776  srvnet - ok
17:06:54.0990 0776  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:06:55.0037 0776  SSDPSRV - ok
17:06:55.0053 0776  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:06:55.0068 0776  SstpSvc - ok
17:06:55.0100 0776  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:06:55.0115 0776  stexstor - ok
17:06:55.0146 0776  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:06:55.0178 0776  StillCam - ok
17:06:55.0209 0776  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:06:55.0256 0776  StiSvc - ok
17:06:55.0271 0776  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:06:55.0287 0776  storflt - ok
17:06:55.0318 0776  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
17:06:55.0334 0776  StorSvc - ok
17:06:55.0365 0776  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:06:55.0365 0776  storvsc - ok
17:06:55.0380 0776  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:06:55.0396 0776  swenum - ok
17:06:55.0412 0776  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
17:06:55.0443 0776  swprv - ok
17:06:55.0474 0776  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
17:06:55.0521 0776  SysMain - ok
17:06:55.0521 0776  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:06:55.0552 0776  TabletInputService - ok
17:06:55.0568 0776  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:06:55.0614 0776  TapiSrv - ok
17:06:55.0630 0776  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
17:06:55.0661 0776  TBS - ok
17:06:55.0708 0776  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:06:55.0739 0776  Tcpip - ok
17:06:55.0770 0776  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:06:55.0802 0776  TCPIP6 - ok
17:06:55.0817 0776  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:06:55.0848 0776  tcpipreg - ok
17:06:55.0864 0776  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:06:55.0880 0776  TDPIPE - ok
17:06:55.0911 0776  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:06:55.0926 0776  TDTCP - ok
17:06:55.0926 0776  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:06:55.0958 0776  tdx - ok
17:06:55.0958 0776  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:06:55.0973 0776  TermDD - ok
17:06:55.0989 0776  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
17:06:56.0036 0776  TermService - ok
17:06:56.0036 0776  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
17:06:56.0067 0776  Themes - ok
17:06:56.0082 0776  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
17:06:56.0114 0776  THREADORDER - ok
17:06:56.0129 0776  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
17:06:56.0176 0776  TrkWks - ok
17:06:56.0207 0776  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:06:56.0238 0776  TrustedInstaller - ok
17:06:56.0254 0776  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:06:56.0285 0776  tssecsrv - ok
17:06:56.0301 0776  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:06:56.0332 0776  TsUsbFlt - ok
17:06:56.0348 0776  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:06:56.0363 0776  TsUsbGD - ok
17:06:56.0379 0776  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:06:56.0410 0776  tunnel - ok
17:06:56.0426 0776  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:06:56.0426 0776  uagp35 - ok
17:06:56.0441 0776  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:06:56.0488 0776  udfs - ok
17:06:56.0535 0776  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:06:56.0582 0776  UI0Detect - ok
17:06:56.0613 0776  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:06:56.0628 0776  uliagpkx - ok
17:06:56.0644 0776  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:06:56.0660 0776  umbus - ok
17:06:56.0675 0776  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:06:56.0706 0776  UmPass - ok
17:06:56.0722 0776  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:06:56.0753 0776  UmRdpService - ok
17:06:56.0800 0776  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
17:06:56.0831 0776  upnphost - ok
17:06:56.0862 0776  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:06:56.0878 0776  usbccgp - ok
17:06:56.0894 0776  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
17:06:56.0909 0776  usbcir - ok
17:06:56.0940 0776  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:06:56.0956 0776  usbehci - ok
17:06:56.0987 0776  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:06:57.0003 0776  usbhub - ok
17:06:57.0018 0776  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:06:57.0050 0776  usbohci - ok
17:06:57.0065 0776  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:06:57.0096 0776  usbprint - ok
17:06:57.0096 0776  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:06:57.0128 0776  USBSTOR - ok
17:06:57.0143 0776  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:06:57.0159 0776  usbuhci - ok
17:06:57.0174 0776  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
17:06:57.0206 0776  UxSms - ok
17:06:57.0221 0776  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
17:06:57.0237 0776  VaultSvc - ok
17:06:57.0284 0776  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:06:57.0284 0776  vdrvroot - ok
17:06:57.0299 0776  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
17:06:57.0346 0776  vds - ok
17:06:57.0362 0776  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:06:57.0393 0776  vga - ok
17:06:57.0408 0776  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:06:57.0440 0776  VgaSave - ok
17:06:57.0455 0776  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:06:57.0471 0776  vhdmp - ok
17:06:57.0502 0776  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:06:57.0502 0776  viaagp - ok
17:06:57.0518 0776  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:06:57.0533 0776  ViaC7 - ok
17:06:57.0549 0776  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
17:06:57.0564 0776  viaide - ok
17:06:57.0580 0776  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:06:57.0596 0776  vmbus - ok
17:06:57.0611 0776  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:06:57.0642 0776  VMBusHID - ok
17:06:57.0642 0776  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:06:57.0658 0776  volmgr - ok
17:06:57.0674 0776  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:06:57.0689 0776  volmgrx - ok
17:06:57.0705 0776  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:06:57.0720 0776  volsnap - ok
17:06:57.0752 0776  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:06:57.0767 0776  vsmraid - ok
17:06:57.0798 0776  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
17:06:57.0861 0776  VSS - ok
17:06:57.0861 0776  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:06:57.0892 0776  vwifibus - ok
17:06:57.0908 0776  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
17:06:57.0954 0776  W32Time - ok
17:06:57.0970 0776  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:06:57.0986 0776  WacomPen - ok
17:06:58.0017 0776  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:06:58.0048 0776  WANARP - ok
17:06:58.0048 0776  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:06:58.0079 0776  Wanarpv6 - ok
17:06:58.0110 0776  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
17:06:58.0142 0776  wbengine - ok
17:06:58.0157 0776  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:06:58.0188 0776  WbioSrvc - ok
17:06:58.0204 0776  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:06:58.0220 0776  wcncsvc - ok
17:06:58.0235 0776  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:06:58.0266 0776  WcsPlugInService - ok
17:06:58.0282 0776  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
17:06:58.0282 0776  Wd - ok
17:06:58.0313 0776  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:06:58.0329 0776  Wdf01000 - ok
17:06:58.0344 0776  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:06:58.0360 0776  WdiServiceHost - ok
17:06:58.0360 0776  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:06:58.0376 0776  WdiSystemHost - ok
17:06:58.0407 0776  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
17:06:58.0438 0776  WebClient - ok
17:06:58.0454 0776  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:06:58.0516 0776  Wecsvc - ok
17:06:58.0532 0776  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:06:58.0563 0776  wercplsupport - ok
17:06:58.0594 0776  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:06:58.0625 0776  WerSvc - ok
17:06:58.0656 0776  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:06:58.0672 0776  WfpLwf - ok
17:06:58.0688 0776  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:06:58.0703 0776  WIMMount - ok
17:06:58.0750 0776  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:06:58.0812 0776  WinDefend - ok
17:06:58.0812 0776  WinHttpAutoProxySvc - ok
17:06:58.0859 0776  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:06:58.0890 0776  Winmgmt - ok
17:06:58.0922 0776  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
17:06:58.0984 0776  WinRM - ok
17:06:59.0015 0776  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.SYS
17:06:59.0046 0776  WinUsb - ok
17:06:59.0062 0776  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:06:59.0109 0776  Wlansvc - ok
17:06:59.0124 0776  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:06:59.0156 0776  WmiAcpi - ok
17:06:59.0171 0776  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:06:59.0187 0776  wmiApSrv - ok
17:06:59.0218 0776  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:06:59.0265 0776  WMPNetworkSvc - ok
17:06:59.0280 0776  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:06:59.0296 0776  WPCSvc - ok
17:06:59.0312 0776  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:06:59.0343 0776  WPDBusEnum - ok
17:06:59.0358 0776  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:06:59.0390 0776  ws2ifsl - ok
17:06:59.0405 0776  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:06:59.0421 0776  wscsvc - ok
17:06:59.0421 0776  WSearch - ok
17:06:59.0483 0776  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:06:59.0530 0776  wuauserv - ok
17:06:59.0546 0776  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:06:59.0577 0776  WudfPf - ok
17:06:59.0608 0776  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:06:59.0639 0776  WUDFRd - ok
17:06:59.0655 0776  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:06:59.0686 0776  wudfsvc - ok
17:06:59.0686 0776  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:06:59.0717 0776  WwanSvc - ok
17:06:59.0733 0776  ================ Scan global ===============================
17:06:59.0764 0776  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:06:59.0795 0776  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
17:06:59.0795 0776  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
17:06:59.0826 0776  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:06:59.0842 0776  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:06:59.0858 0776  [Global] - ok
17:06:59.0858 0776  ================ Scan MBR ==================================
17:06:59.0858 0776  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:07:00.0107 0776  \Device\Harddisk0\DR0 - ok
17:07:00.0107 0776  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:07:00.0170 0776  \Device\Harddisk1\DR1 - ok
17:07:00.0170 0776  ================ Scan VBR ==================================
17:07:00.0170 0776  [ 97CD880D7D854A027F49A6B2B89017BA ] \Device\Harddisk0\DR0\Partition1
17:07:00.0201 0776  \Device\Harddisk0\DR0\Partition1 - ok
17:07:00.0216 0776  [ E477E07D59C1240D479447D9A10D6A7C ] \Device\Harddisk0\DR0\Partition2
17:07:00.0216 0776  \Device\Harddisk0\DR0\Partition2 - ok
17:07:00.0216 0776  [ BC30FCA928B325BA5105CD632EFC362B ] \Device\Harddisk1\DR1\Partition1
17:07:00.0232 0776  \Device\Harddisk1\DR1\Partition1 - ok
17:07:00.0232 0776  ============================================================
17:07:00.0232 0776  Scan finished
17:07:00.0232 0776  ============================================================
17:07:00.0248 3864  Detected object count: 0
17:07:00.0248 3864  Actual detected object count: 0

Antwort
Seite 1 von 2 1 2

Themen zu GVU Trojaner auch bei mir
antivirus, autorun, avira, bho, bonjour, browser, datei gelöscht, error, exe, fehler, firefox, flash player, format, helper, home, install.exe, kaspersky, langs, logfile, officejet, registry, rescue cd, rundll, scan, secunia psi, security, software, system, taskhost.exe, trojaner, udp, usb


« mystart Incredibar loswerden | Adware/InstallBrain.Gen entfernen »


Ähnliche Themen: GVU Trojaner auch bei mir


  1. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  2. Möchte meinen PC Trojaner frei bekommen (auch Trojaner Downloader)
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (12)
  3. Auch der GVU Trojaner
    Log-Analyse und Auswertung - 09.10.2012 (19)
  4. Auch GUV Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (17)
  5. Auch Trojaner GVU 2.07
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (13)
  6. Habe auch den 50€ trojaner
    Alles rund um Windows - 27.04.2012 (1)
  7. auch bei mir ein 50€-Trojaner..
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (10)
  8. Bundespolizei - Trojaner auch bei mir!
    Plagegeister aller Art und deren Bekämpfung - 08.03.2012 (19)
  9. auch BKA Trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.07.2011 (1)
  10. BKA Trojaner auch bei mir ...
    Log-Analyse und Auswertung - 15.07.2011 (1)
  11. kazy.mekml.1 auch bei mir , ich bin auch dabei
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (13)
  12. TR/Shutdowner.fft bei mir auch Hilfe kopiert sich auch auf jede SDkarte mit ?
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (6)
  13. 20 Tan Trojaner auch bei mir
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (47)
  14. 20 TAN Trojaner auch bei mir
    Plagegeister aller Art und deren Bekämpfung - 29.10.2010 (3)
  15. 40 TAN Trojaner - auch ich...
    Plagegeister aller Art und deren Bekämpfung - 13.08.2010 (8)
  16. auch ratlos hier ist auch mein logfile bitte helfen
    Mülltonne - 30.03.2006 (1)
  17. tach auch könnt ihr auch hier ein auge drauf werfen
    Log-Analyse und Auswertung - 25.02.2005 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner auch bei mir - Meine Freundin hat es gestern auch erwischt. Leider habe ich bereits "herum gespielt", bevor ich auf OTL und dieses Board gestoßen bin. Folgendes habe ich getan: 1. Mehrere Rescue CD's - GVU Trojaner auch bei mir...
Archiv
Du betrachtest: GVU Trojaner auch bei mir auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58