| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System-Bereinigung nach GVU-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.12.2012, 13:17
| #1 |
 |  System-Bereinigung nach GVU-Trojaner Hallo zusammen, ich habe mir gestern den GVU-Trojaner eingefangen und ihn dann mit einer Systemwiederherstellung nach diesem Video (hxxp://www.youtube.com/watch?v=slYjwblUWOY) wegbekommen - oder sagen wir, ich habe zumindest die Sperrung wegbekommen, denn ich hege Zweifel daran, dass der Trjonaer jetzt komplett weg sein soll. Ich habe mir jetzt " Malwarebytes Anti-Malware " und "OTL" runtergeladen. Der Log von Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.28.05 Windows Vista Service Pack 1 x64 NTFS Internet Explorer 7.0.6001.18000 *** :: ***-PC [Administrator] Schutz: Aktiviert 28.12.2012 13:01:57 MBAM-log-2012-12-28 (13-13-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225836 Laufzeit: 2 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 28.12.2012 12:35:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 64,29% Memory free 8,23 Gb Paging File | 6,70 Gb Available in Paging File | 81,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 30,34 Gb Free Space | 6,51% Space Free | Partition Type: NTFS Drive E: | 3,71 Gb Total Space | 2,52 Gb Free Space | 67,78% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McUicnt.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\SDL.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data] IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alternate.net [binary data] IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=EEA7DD08-5377-42A4-81BA-E156B1214719&apn_sauid=0AB50834-32BA-4036-92D4-299F3BA5A1D6 IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-599166037-456172063-773513045-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data] IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alternate.net [binary data] IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-599166037-456172063-773513045-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.zeit.de/index" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=EEA7DD08-5377-42A4-81BA-E156B1214719&apn_ptnrs=U3&apn_sauid=0AB50834-32BA-4036-92D4-299F3BA5A1D6&apn_dtid=OSJ000YYDE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 19:56:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.12 18:00:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.14 15:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.12.22 10:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vcb97rw6.default\extensions [2012.11.22 18:02:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vcb97rw6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.12.22 10:22:01 | 000,000,000 | ---D | M] (Ask Toolbar Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vcb97rw6.default\extensions\toolbar@ask.com [2012.12.22 10:22:01 | 000,002,308 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\vcb97rw6.default\searchplugins\askcom.xml [2012.12.05 19:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.05 19:56:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.05 19:56:11 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.19 15:52:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 04:40:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.19 15:52:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 15:52:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 15:52:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 15:52:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-599166037-456172063-773513045-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-599166037-456172063-773513045-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-599166037-456172063-773513045-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKU\S-1-5-21-599166037-456172063-773513045-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-599166037-456172063-773513045-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-599166037-456172063-773513045-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-599166037-456172063-773513045-1001..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16B58801-C743-4126-9E9E-DAFB525BB981}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.09.05 15:51:10 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ] O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\CoJBiBLauncher.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autoplay.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.28 12:33:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.27 00:44:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2012.12.27 00:03:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Rockstar Games [2012.12.26 23:56:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012.12.26 23:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2012.12.23 17:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 GOLD [2012.12.23 17:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ANNO 1503 GOLD [2012.12.22 10:51:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bedouin Soundclash [2012.12.22 10:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.12.22 10:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.12.22 10:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.12.21 18:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.12.21 18:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.21 18:02:54 | 000,000,000 | ---D | C] -- C:\Users\***\.freemind [2012.12.21 18:02:08 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.12.21 18:02:08 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.21 18:02:08 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.21 18:02:04 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.21 18:02:04 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.21 18:02:04 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.21 18:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.12.21 17:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind [2012.12.21 17:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeMind [2012.12.16 22:40:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.12.16 22:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.12.16 22:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.12.16 13:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.16 13:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.16 13:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.16 13:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.12.16 13:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.12 18:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.12.08 15:27:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Proben [2012.12.07 17:19:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Falllösungen [2012.12.05 19:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.03 19:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA [2012.12.02 13:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.12.02 13:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.28 12:39:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.28 12:34:44 | 001,573,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.28 12:34:44 | 000,676,776 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.28 12:34:44 | 000,636,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.28 12:34:44 | 000,146,542 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.28 12:34:44 | 000,120,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.28 12:30:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.28 12:13:29 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 12:13:28 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 12:13:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.27 23:53:57 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.27 20:05:33 | 000,006,608 | ---- | M] () -- C:\Users\***\Desktop\Klausurkurs Öffentliches Recht.mm [2012.12.25 11:25:44 | 000,068,173 | ---- | M] () -- C:\Users\***\Desktop\6161764_700b_v1.jpg [2012.12.25 11:12:21 | 045,669,382 | ---- | M] () -- C:\Users\***\Desktop\Jon Gomm - Passionflower.flv [2012.12.25 11:09:46 | 093,428,351 | ---- | M] () -- C:\Users\***\Desktop\Jon Gomm - Message In A Bottle.mp4 [2012.12.23 22:53:50 | 000,027,136 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.23 22:52:04 | 003,629,928 | ---- | M] () -- C:\Users\***\Desktop\P4230124.JPG [2012.12.23 22:50:55 | 000,686,839 | ---- | M] () -- C:\Users\***\Desktop\Foto 3.jpg [2012.12.23 22:48:12 | 000,411,956 | ---- | M] () -- C:\Users\***\Desktop\Foto 2.jpg [2012.12.23 22:46:00 | 000,554,581 | ---- | M] () -- C:\Users\***\Desktop\Foto 1.jpg [2012.12.23 16:08:56 | 000,018,757 | ---- | M] () -- C:\Users\***\Desktop\BGB.mm [2012.12.23 12:57:18 | 518,176,787 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.12.22 10:48:10 | 000,000,220 | ---- | M] () -- C:\Users\***\Desktop\dediziert – Wiktionary.URL [2012.12.21 18:01:01 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.21 18:00:56 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.12.21 18:00:56 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.21 18:00:56 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.21 18:00:56 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.21 18:00:56 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.19 21:50:28 | 211,373,690 | ---- | M] () -- C:\Users\***\Desktop\Coheed and Cambria - The Hard Sell [Lyric Video].mp4 [2012.12.19 19:36:17 | 000,169,162 | ---- | M] () -- C:\Users\***\Desktop\Coverfoto.jpg [2012.12.19 08:44:32 | 022,214,556 | ---- | M] () -- C:\Users\***\Desktop\GHOST_-_Secular_Haze_OFFICIAL_AUDIO.flv [2012.12.18 20:15:32 | 000,066,704 | ---- | M] () -- C:\Users\***\Desktop\6110142_700b.jpg [2012.12.17 16:57:49 | 000,000,240 | ---- | M] () -- C:\Users\***\Desktop\GHOST - Secular Haze (OFFICIAL AUDIO) - YouTube.URL [2012.12.16 15:42:34 | 000,000,245 | ---- | M] () -- C:\Users\***\Desktop\hrr-strafrecht.de - HRRS März 2004 Jakobs - Bürgerstrafrecht und Feindstrafrecht.URL [2012.12.16 13:43:52 | 000,293,183 | ---- | M] () -- C:\Users\***\Desktop\6084969_460s_v1.jpg [2012.12.16 13:40:59 | 000,103,412 | ---- | M] () -- C:\Users\***\Desktop\6092016_460s.jpg [2012.12.15 14:35:33 | 010,603,147 | ---- | M] () -- C:\Users\***\Desktop\Wir sind Helden - Denkmal.flv [2012.12.12 08:50:42 | 041,093,125 | ---- | M] () -- C:\Users\***\Desktop\JIMI HENDRIX - Who Knows (Studio Live Jam).flv [2012.12.11 18:39:42 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.11 18:39:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.09 20:11:33 | 000,000,286 | ---- | M] () -- C:\Users\***\Desktop\Stellvertretung-Übersicht.pdf (applicationpdf-Objekt).URL [2012.12.09 16:35:47 | 000,000,262 | ---- | M] () -- C:\Users\***\Desktop\BGB_AT_0506_§2VIII_166.pdf (applicationpdf-Objekt).URL [2012.12.01 20:51:25 | 000,000,068 | ---- | M] () -- C:\Users\***\Desktop\abbreviieren – Wiktionary.URL [2012.11.30 18:39:47 | 269,231,760 | ---- | M] () -- C:\Users\***\Desktop\Reignwolf - Full Performance (Live on KEXP).mp4 [2012.11.30 18:34:37 | 011,595,151 | ---- | M] () -- C:\Users\***\Desktop\Tocotronic - Kapitulation.flv [2012.11.30 16:59:39 | 000,052,088 | ---- | M] () -- C:\Users\***\Desktop\5962977_460s.jpg [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.27 23:31:23 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.26 19:27:56 | 000,006,608 | ---- | C] () -- C:\Users\***\Desktop\Klausurkurs Öffentliches Recht.mm [2012.12.25 11:25:44 | 000,068,173 | ---- | C] () -- C:\Users\***\Desktop\6161764_700b_v1.jpg [2012.12.25 11:07:05 | 045,669,382 | ---- | C] () -- C:\Users\***\Desktop\Jon Gomm - Passionflower.flv [2012.12.25 11:06:36 | 093,428,351 | ---- | C] () -- C:\Users\***\Desktop\Jon Gomm - Message In A Bottle.mp4 [2012.12.23 22:53:51 | 003,629,928 | ---- | C] () -- C:\Users\***\Desktop\P4230124.JPG [2012.12.23 22:50:53 | 000,686,839 | ---- | C] () -- C:\Users\***\Desktop\Foto 3.jpg [2012.12.23 22:48:10 | 000,411,956 | ---- | C] () -- C:\Users\***\Desktop\Foto 2.jpg [2012.12.23 22:45:57 | 000,554,581 | ---- | C] () -- C:\Users\***\Desktop\Foto 1.jpg [2012.12.22 11:27:35 | 000,018,757 | ---- | C] () -- C:\Users\***\Desktop\BGB.mm [2012.12.22 10:48:10 | 000,000,220 | ---- | C] () -- C:\Users\***\Desktop\dediziert – Wiktionary.URL [2012.12.19 21:37:19 | 211,373,690 | ---- | C] () -- C:\Users\***\Desktop\Coheed and Cambria - The Hard Sell [Lyric Video].mp4 [2012.12.19 19:36:16 | 000,169,162 | ---- | C] () -- C:\Users\***\Desktop\Coverfoto.jpg [2012.12.19 08:40:52 | 022,214,556 | ---- | C] () -- C:\Users\***\Desktop\GHOST_-_Secular_Haze_OFFICIAL_AUDIO.flv [2012.12.18 20:15:31 | 000,066,704 | ---- | C] () -- C:\Users\***\Desktop\6110142_700b.jpg [2012.12.17 16:57:49 | 000,000,240 | ---- | C] () -- C:\Users\***\Desktop\GHOST - Secular Haze (OFFICIAL AUDIO) - YouTube.URL [2012.12.16 15:42:34 | 000,000,245 | ---- | C] () -- C:\Users\***\Desktop\hrr-strafrecht.de - HRRS März 2004 Jakobs - Bürgerstrafrecht und Feindstrafrecht.URL [2012.12.16 13:43:51 | 000,293,183 | ---- | C] () -- C:\Users\***\Desktop\6084969_460s_v1.jpg [2012.12.16 13:40:58 | 000,103,412 | ---- | C] () -- C:\Users\***\Desktop\6092016_460s.jpg [2012.12.15 14:32:40 | 010,603,147 | ---- | C] () -- C:\Users\***\Desktop\Wir sind Helden - Denkmal.flv [2012.12.12 08:42:38 | 041,093,125 | ---- | C] () -- C:\Users\***\Desktop\JIMI HENDRIX - Who Knows (Studio Live Jam).flv [2012.12.09 20:11:33 | 000,000,286 | ---- | C] () -- C:\Users\***\Desktop\Stellvertretung-Übersicht.pdf (applicationpdf-Objekt).URL [2012.12.09 16:35:47 | 000,000,262 | ---- | C] () -- C:\Users\***\Desktop\BGB_AT_0506_§2VIII_166.pdf (applicationpdf-Objekt).URL [2012.12.01 20:51:25 | 000,000,068 | ---- | C] () -- C:\Users\***\Desktop\abbreviieren – Wiktionary.URL [2012.11.30 18:32:42 | 269,231,760 | ---- | C] () -- C:\Users\***\Desktop\Reignwolf - Full Performance (Live on KEXP).mp4 [2012.11.30 18:31:41 | 011,595,151 | ---- | C] () -- C:\Users\***\Desktop\Tocotronic - Kapitulation.flv [2012.11.30 16:59:38 | 000,052,088 | ---- | C] () -- C:\Users\***\Desktop\5962977_460s.jpg [2012.11.10 01:10:47 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.07.16 10:31:56 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2012.05.01 16:11:03 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2012.04.30 15:34:26 | 000,000,092 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2012.04.29 16:47:32 | 001,550,940 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.29 16:42:31 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.04.29 16:42:30 | 002,793,768 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.04.29 16:42:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.04.16 13:04:37 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012.04.16 13:04:37 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2012.04.12 14:52:30 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat [2012.04.12 13:56:08 | 000,027,136 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.12 13:36:07 | 000,027,862 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.04.12 13:35:16 | 000,027,546 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.04.12 13:21:19 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat [2012.02.25 17:56:28 | 000,063,364 | ---- | C] () -- C:\Users\***\Rückseite Weiß.jpg [2011.03.10 23:19:30 | 000,002,095 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.12.18 15:59:12 | 000,073,964 | ---- | C] () -- C:\Users\***\Unbenannt.jpg ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 16:56:31 | 012,898,304 | ---- | M] () "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.03.03 05:53:36 | 000,891,392 | ---- | M] () "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] () "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.03 14:42:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2012.12.16 22:40:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.11.27 08:28:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2012.05.19 23:24:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.04.30 21:01:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg [2012.07.26 23:14:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly [2012.04.14 15:41:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.11.11 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > MfG Waitjef |
|
28.12.2012, 13:34
| #2 |
| /// Malware-holic   | System-Bereinigung nach GVU-Trojaner Hi
__________________ich kann nur abraten, von solchem Quark wie der Systemwiederherstellung bei malware, man kann da viel kaputt machen! die leute in den Videos wissen doch gar nicht, was für schadsoftware noch läuft... download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
28.12.2012, 13:51
| #3 |
| | System-Bereinigung nach GVU-Trojaner Hallo markusg!
__________________Vielen Dank für die schnelle Antwort. Hier der Log: Code:
ATTFilter 13:44:10.0158 1144 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:44:10.0183 1144 ============================================================
13:44:10.0184 1144 Current date / time: 2012/12/28 13:44:10.0183
13:44:10.0184 1144 SystemInfo:
13:44:10.0184 1144
13:44:10.0184 1144 OS Version: 6.0.6001 ServicePack: 1.0
13:44:10.0184 1144 Product type: Workstation
13:44:10.0184 1144 ComputerName: ***-PC
13:44:10.0184 1144 UserName: ***
13:44:10.0184 1144 Windows directory: C:\Windows
13:44:10.0184 1144 System windows directory: C:\Windows
13:44:10.0184 1144 Running under WOW64
13:44:10.0184 1144 Processor architecture: Intel x64
13:44:10.0184 1144 Number of processors: 4
13:44:10.0184 1144 Page size: 0x1000
13:44:10.0184 1144 Boot type: Normal boot
13:44:10.0184 1144 ============================================================
13:44:11.0167 1144 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:45:33.0299 1144 Drive \Device\Harddisk5\DR7 - Size: 0xEE200000 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:45:33.0301 1144 ============================================================
13:45:33.0301 1144 \Device\Harddisk0\DR0:
13:45:33.0307 1144 MBR partitions:
13:45:33.0307 1144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:45:33.0307 1144 \Device\Harddisk5\DR7:
13:45:33.0308 1144 MBR partitions:
13:45:33.0308 1144 \Device\Harddisk5\DR7\Partition1: MBR, Type 0xC, StartLBA 0x14B8, BlocksNum 0x76FB48
13:45:33.0308 1144 ============================================================
13:45:33.0331 1144 C: <-> \Device\Harddisk0\DR0\Partition1
13:45:33.0510 1144 ============================================================
13:45:33.0510 1144 Initialize success
13:45:33.0510 1144 ============================================================
13:45:50.0093 3560 ============================================================
13:45:50.0093 3560 Scan started
13:45:50.0093 3560 Mode: Manual; SigCheck; TDLFS;
13:45:50.0093 3560 ============================================================
13:45:51.0121 3560 ================ Scan system memory ========================
13:45:51.0121 3560 System memory - ok
13:45:51.0121 3560 ================ Scan services =============================
13:45:51.0725 3560 [ 8C99ED256A889D647935A97C543B7B85 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:45:51.0809 3560 ACPI - ok
13:45:51.0921 3560 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:45:51.0927 3560 AdobeARMservice - ok
13:45:52.0226 3560 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:45:52.0235 3560 AdobeFlashPlayerUpdateSvc - ok
13:45:52.0268 3560 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:45:52.0318 3560 adp94xx - ok
13:45:52.0407 3560 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:45:52.0463 3560 adpahci - ok
13:45:52.0496 3560 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:45:52.0505 3560 adpu160m - ok
13:45:52.0523 3560 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:45:52.0536 3560 adpu320 - ok
13:45:52.0588 3560 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:45:52.0636 3560 AeLookupSvc - ok
13:45:52.0736 3560 [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD C:\Windows\system32\drivers\afd.sys
13:45:52.0882 3560 AFD - ok
13:45:52.0927 3560 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:45:52.0935 3560 agp440 - ok
13:45:52.0955 3560 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:45:52.0981 3560 aic78xx - ok
13:45:52.0994 3560 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
13:45:53.0043 3560 ALG - ok
13:45:53.0064 3560 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
13:45:53.0077 3560 aliide - ok
13:45:53.0111 3560 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
13:45:53.0118 3560 amdide - ok
13:45:53.0147 3560 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:45:53.0217 3560 AmdK8 - ok
13:45:53.0247 3560 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
13:45:53.0294 3560 Appinfo - ok
13:45:53.0368 3560 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:45:53.0374 3560 Apple Mobile Device - ok
13:45:53.0390 3560 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
13:45:53.0400 3560 arc - ok
13:45:53.0449 3560 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:45:53.0458 3560 arcsas - ok
13:45:53.0595 3560 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:45:53.0603 3560 aspnet_state - ok
13:45:53.0621 3560 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:45:53.0667 3560 AsyncMac - ok
13:45:53.0708 3560 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
13:45:53.0714 3560 atapi - ok
13:45:53.0749 3560 [ 69EEBB256503CDED9BD0E9E43128C626 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
13:45:53.0782 3560 AtiPcie - ok
13:45:53.0816 3560 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
13:45:53.0839 3560 atksgt - ok
13:45:53.0863 3560 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:45:53.0943 3560 AudioEndpointBuilder - ok
13:45:53.0970 3560 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:45:54.0005 3560 AudioSrv - ok
13:45:54.0042 3560 [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE C:\Windows\System32\bfe.dll
13:45:54.0107 3560 BFE - ok
13:45:54.0193 3560 [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS C:\Windows\System32\qmgr.dll
13:45:54.0353 3560 BITS - ok
13:45:54.0390 3560 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:45:54.0436 3560 blbdrive - ok
13:45:54.0505 3560 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:45:54.0533 3560 Bonjour Service - ok
13:45:54.0577 3560 [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:45:54.0640 3560 bowser - ok
13:45:54.0660 3560 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:45:54.0681 3560 BrFiltLo - ok
13:45:54.0707 3560 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:45:54.0753 3560 BrFiltUp - ok
13:45:54.0782 3560 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
13:45:54.0835 3560 Browser - ok
13:45:54.0863 3560 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
13:45:55.0345 3560 Brserid - ok
13:45:55.0360 3560 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:45:55.0421 3560 BrSerWdm - ok
13:45:55.0433 3560 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:45:55.0492 3560 BrUsbMdm - ok
13:45:55.0511 3560 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:45:55.0575 3560 BrUsbSer - ok
13:45:55.0584 3560 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:45:55.0647 3560 BTHMODEM - ok
13:45:55.0661 3560 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:45:55.0717 3560 cdfs - ok
13:45:55.0747 3560 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:45:55.0804 3560 cdrom - ok
13:45:55.0832 3560 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc C:\Windows\System32\certprop.dll
13:45:55.0879 3560 CertPropSvc - ok
13:45:55.0903 3560 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
13:45:55.0932 3560 circlass - ok
13:45:55.0977 3560 [ CAEDA2572B7042B11062F327F099251D ] CLFS C:\Windows\system32\CLFS.sys
13:45:55.0997 3560 CLFS - ok
13:45:56.0100 3560 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:45:56.0109 3560 clr_optimization_v2.0.50727_32 - ok
13:45:56.0161 3560 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:45:56.0169 3560 clr_optimization_v2.0.50727_64 - ok
13:45:56.0248 3560 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:45:56.0258 3560 clr_optimization_v4.0.30319_32 - ok
13:45:56.0280 3560 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:45:56.0291 3560 clr_optimization_v4.0.30319_64 - ok
13:45:56.0303 3560 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:45:56.0310 3560 cmdide - ok
13:45:56.0318 3560 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:45:56.0326 3560 Compbatt - ok
13:45:56.0330 3560 COMSysApp - ok
13:45:56.0348 3560 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:45:56.0364 3560 crcdisk - ok
13:45:56.0386 3560 [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:45:56.0439 3560 CryptSvc - ok
13:45:56.0630 3560 [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch C:\Windows\system32\rpcss.dll
13:45:56.0720 3560 DcomLaunch - ok
13:45:56.0741 3560 [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:45:56.0783 3560 DfsC - ok
13:45:56.0885 3560 [ 1781F99840979EE7B126C9073C377FD0 ] DFSR C:\Windows\system32\DFSR.exe
13:45:57.0244 3560 DFSR - ok
13:45:57.0319 3560 [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:45:57.0389 3560 Dhcp - ok
13:45:57.0418 3560 [ 2DC415FC05FB8A079F896CBBACB19324 ] disk C:\Windows\system32\drivers\disk.sys
13:45:57.0427 3560 disk - ok
13:45:57.0448 3560 [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:45:57.0483 3560 Dnscache - ok
13:45:57.0520 3560 [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc C:\Windows\System32\dot3svc.dll
13:45:57.0576 3560 dot3svc - ok
13:45:57.0599 3560 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
13:45:57.0656 3560 DPS - ok
13:45:57.0699 3560 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:45:57.0718 3560 drmkaud - ok
13:45:57.0753 3560 [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:45:57.0835 3560 DXGKrnl - ok
13:45:57.0877 3560 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
13:45:57.0909 3560 E1G60 - ok
13:45:57.0925 3560 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
13:45:57.0963 3560 EapHost - ok
13:45:57.0999 3560 [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache C:\Windows\system32\drivers\ecache.sys
13:45:58.0011 3560 Ecache - ok
13:45:58.0063 3560 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:45:58.0099 3560 ehRecvr - ok
13:45:58.0119 3560 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
13:45:58.0143 3560 ehSched - ok
13:45:58.0169 3560 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
13:45:58.0212 3560 ehstart - ok
13:45:58.0284 3560 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:45:58.0358 3560 elxstor - ok
13:45:58.0388 3560 [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:45:58.0430 3560 EMDMgmt - ok
13:45:58.0447 3560 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:45:58.0491 3560 ErrDev - ok
13:45:58.0530 3560 [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem C:\Windows\system32\es.dll
13:45:58.0603 3560 EventSystem - ok
13:45:58.0622 3560 [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat C:\Windows\system32\drivers\exfat.sys
13:45:58.0679 3560 exfat - ok
13:45:58.0704 3560 [ FE731D345ED9EEABBC72A59B35941834 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:45:58.0757 3560 fastfat - ok
13:45:58.0781 3560 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:45:58.0808 3560 fdc - ok
13:45:58.0836 3560 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
13:45:58.0881 3560 fdPHost - ok
13:45:58.0896 3560 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
13:45:58.0954 3560 FDResPub - ok
13:45:58.0967 3560 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:45:58.0980 3560 FileInfo - ok
13:45:58.0990 3560 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:45:59.0018 3560 Filetrace - ok
13:45:59.0039 3560 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:45:59.0067 3560 flpydisk - ok
13:45:59.0123 3560 [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:45:59.0135 3560 FltMgr - ok
13:45:59.0174 3560 [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:45:59.0193 3560 FontCache3.0.0.0 - ok
13:45:59.0202 3560 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:45:59.0238 3560 Fs_Rec - ok
13:45:59.0250 3560 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:45:59.0259 3560 gagp30kx - ok
13:45:59.0306 3560 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:45:59.0322 3560 GEARAspiWDM - ok
13:45:59.0383 3560 [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc C:\Windows\System32\gpsvc.dll
13:45:59.0456 3560 gpsvc - ok
13:45:59.0553 3560 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:45:59.0635 3560 HdAudAddService - ok
13:45:59.0670 3560 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:45:59.0713 3560 HDAudBus - ok
13:45:59.0737 3560 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:45:59.0781 3560 HidBth - ok
13:45:59.0808 3560 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:45:59.0870 3560 HidIr - ok
13:45:59.0914 3560 [ 0AA154538544E988429DA2D5AA803A6C ] hidserv C:\Windows\system32\hidserv.dll
13:45:59.0961 3560 hidserv - ok
13:45:59.0984 3560 [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:46:00.0032 3560 HidUsb - ok
13:46:00.0086 3560 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
13:46:00.0124 3560 hkmsvc - ok
13:46:00.0172 3560 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:46:00.0191 3560 HpCISSs - ok
13:46:00.0279 3560 [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:46:00.0351 3560 HTTP - ok
13:46:00.0357 3560 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:46:00.0365 3560 i2omp - ok
13:46:00.0436 3560 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:46:00.0476 3560 i8042prt - ok
13:46:00.0512 3560 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:46:00.0538 3560 iaStorV - ok
13:46:00.0677 3560 [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:46:00.0949 3560 idsvc - ok
13:46:00.0992 3560 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:46:01.0012 3560 iirsp - ok
13:46:01.0119 3560 [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT C:\Windows\System32\ikeext.dll
13:46:01.0321 3560 IKEEXT - ok
13:46:01.0386 3560 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
13:46:01.0402 3560 intelide - ok
13:46:01.0439 3560 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:46:01.0490 3560 intelppm - ok
13:46:01.0505 3560 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:46:01.0562 3560 IPBusEnum - ok
13:46:01.0625 3560 [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:46:01.0702 3560 IpFilterDriver - ok
13:46:02.0108 3560 [ 3A0427F35E7F8C16BBC5B1BE32B8DE76 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:46:02.0196 3560 iphlpsvc - ok
13:46:02.0200 3560 IpInIp - ok
13:46:02.0237 3560 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:46:02.0307 3560 IPMIDRV - ok
13:46:02.0343 3560 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:46:02.0510 3560 IPNAT - ok
13:46:03.0075 3560 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:46:03.0117 3560 iPod Service - ok
13:46:03.0156 3560 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:46:03.0200 3560 IRENUM - ok
13:46:03.0237 3560 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:46:03.0246 3560 isapnp - ok
13:46:03.0262 3560 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:46:03.0278 3560 iScsiPrt - ok
13:46:03.0290 3560 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:46:03.0299 3560 iteatapi - ok
13:46:03.0348 3560 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:46:03.0358 3560 iteraid - ok
13:46:03.0396 3560 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:46:03.0407 3560 kbdclass - ok
13:46:03.0424 3560 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:46:03.0469 3560 kbdhid - ok
13:46:03.0501 3560 [ 80F4593E92FF960E4763380D3168E498 ] KeyIso C:\Windows\system32\lsass.exe
13:46:03.0540 3560 KeyIso - ok
13:46:03.0576 3560 [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:46:03.0660 3560 KSecDD - ok
13:46:03.0669 3560 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:46:03.0719 3560 ksthunk - ok
13:46:03.0773 3560 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
13:46:03.0837 3560 KtmRm - ok
13:46:03.0874 3560 [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:46:03.0927 3560 LanmanServer - ok
13:46:04.0001 3560 [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:46:04.0072 3560 LanmanWorkstation - ok
13:46:04.0115 3560 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
13:46:04.0125 3560 lirsgt - ok
13:46:04.0158 3560 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:46:04.0214 3560 lltdio - ok
13:46:04.0256 3560 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:46:04.0297 3560 lltdsvc - ok
13:46:04.0330 3560 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:46:04.0383 3560 lmhosts - ok
13:46:04.0416 3560 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:46:04.0429 3560 LSI_FC - ok
13:46:04.0452 3560 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:46:04.0463 3560 LSI_SAS - ok
13:46:04.0494 3560 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:46:04.0508 3560 LSI_SCSI - ok
13:46:04.0549 3560 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
13:46:04.0602 3560 luafv - ok
13:46:04.0721 3560 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:46:04.0731 3560 MBAMProtector - ok
13:46:04.0797 3560 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:46:04.0810 3560 MBAMScheduler - ok
13:46:04.0939 3560 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:46:05.0011 3560 MBAMService - ok
13:46:05.0105 3560 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
13:46:05.0114 3560 McComponentHostService - ok
13:46:05.0138 3560 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:46:05.0166 3560 Mcx2Svc - ok
13:46:05.0222 3560 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
13:46:05.0233 3560 megasas - ok
13:46:05.0322 3560 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:46:05.0378 3560 MegaSR - ok
13:46:05.0412 3560 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
13:46:05.0449 3560 MMCSS - ok
13:46:05.0475 3560 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
13:46:05.0504 3560 Modem - ok
13:46:05.0541 3560 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:46:05.0582 3560 monitor - ok
13:46:05.0600 3560 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:46:05.0623 3560 mouclass - ok
13:46:05.0660 3560 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:46:05.0703 3560 mouhid - ok
13:46:05.0746 3560 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:46:05.0758 3560 MountMgr - ok
13:46:05.0867 3560 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:46:05.0877 3560 MozillaMaintenance - ok
13:46:05.0890 3560 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
13:46:05.0902 3560 mpio - ok
13:46:05.0942 3560 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:46:05.0990 3560 mpsdrv - ok
13:46:06.0038 3560 [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc C:\Windows\system32\mpssvc.dll
13:46:06.0210 3560 MpsSvc - ok
13:46:06.0234 3560 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:46:06.0242 3560 Mraid35x - ok
13:46:06.0272 3560 [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:46:06.0342 3560 MRxDAV - ok
13:46:06.0364 3560 [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:46:06.0433 3560 mrxsmb - ok
13:46:06.0471 3560 [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:46:06.0504 3560 mrxsmb10 - ok
13:46:06.0531 3560 [ F9425D610712533107A264E2D5B2154B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:46:06.0569 3560 mrxsmb20 - ok
13:46:06.0593 3560 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
13:46:06.0603 3560 msahci - ok
13:46:06.0624 3560 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:46:06.0636 3560 msdsm - ok
13:46:06.0660 3560 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
13:46:06.0693 3560 MSDTC - ok
13:46:06.0727 3560 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:46:06.0771 3560 Msfs - ok
13:46:06.0782 3560 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:46:06.0790 3560 msisadrv - ok
13:46:06.0830 3560 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:46:06.0873 3560 MSiSCSI - ok
13:46:06.0877 3560 msiserver - ok
13:46:06.0932 3560 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:46:06.0961 3560 MSKSSRV - ok
13:46:07.0003 3560 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:46:07.0066 3560 MSPCLOCK - ok
13:46:07.0116 3560 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:46:07.0173 3560 MSPQM - ok
13:46:07.0208 3560 [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:46:07.0232 3560 MsRPC - ok
13:46:07.0269 3560 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:46:07.0279 3560 mssmbios - ok
13:46:07.0324 3560 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:46:07.0376 3560 MSTEE - ok
13:46:07.0437 3560 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
13:46:07.0446 3560 MTsensor - ok
13:46:07.0452 3560 [ DDF133501F68D6988A0F55DFA88637B4 ] Mup C:\Windows\system32\Drivers\mup.sys
13:46:07.0463 3560 Mup - ok
13:46:07.0551 3560 [ C25022CDD18980846973B598900915F8 ] napagent C:\Windows\system32\qagentRT.dll
13:46:07.0642 3560 napagent - ok
13:46:07.0685 3560 [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:46:07.0708 3560 NativeWifiP - ok
13:46:07.0766 3560 [ 2A2EE457AF36C5C9A6808C768BD3A12B ] NDIS C:\Windows\system32\drivers\ndis.sys
13:46:07.0840 3560 NDIS - ok
13:46:07.0909 3560 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:46:07.0992 3560 NdisTapi - ok
13:46:08.0022 3560 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:46:08.0076 3560 Ndisuio - ok
13:46:08.0227 3560 [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:46:08.0304 3560 NdisWan - ok
13:46:08.0399 3560 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:46:08.0472 3560 NDProxy - ok
13:46:08.0553 3560 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:46:08.0600 3560 NetBIOS - ok
13:46:08.0630 3560 [ 7A29CA243A629230799754162D80120F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:46:08.0682 3560 netbt - ok
13:46:08.0764 3560 [ 80F4593E92FF960E4763380D3168E498 ] Netlogon C:\Windows\system32\lsass.exe
13:46:08.0776 3560 Netlogon - ok
13:46:08.0873 3560 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
13:46:08.0980 3560 Netman - ok
13:46:09.0032 3560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:46:09.0061 3560 NetMsmqActivator - ok
13:46:09.0066 3560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:46:09.0073 3560 NetPipeActivator - ok
13:46:09.0114 3560 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
13:46:09.0156 3560 netprofm - ok
13:46:09.0161 3560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:46:09.0168 3560 NetTcpActivator - ok
13:46:09.0177 3560 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:46:09.0183 3560 NetTcpPortSharing - ok
13:46:09.0217 3560 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:46:09.0234 3560 nfrd960 - ok
13:46:09.0299 3560 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
13:46:09.0374 3560 NlaSvc - ok
13:46:09.0378 3560 [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:46:09.0426 3560 Npfs - ok
13:46:09.0453 3560 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
13:46:09.0498 3560 nsi - ok
13:46:09.0505 3560 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:46:09.0553 3560 nsiproxy - ok
13:46:09.0674 3560 [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:46:10.0031 3560 Ntfs - ok
13:46:10.0037 3560 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
13:46:10.0082 3560 Null - ok
13:46:10.0783 3560 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:46:11.0853 3560 nvlddmkm - ok
13:46:11.0987 3560 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:46:11.0998 3560 nvraid - ok
13:46:12.0044 3560 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:46:12.0052 3560 nvstor - ok
13:46:12.0129 3560 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
13:46:12.0196 3560 nvsvc - ok
13:46:12.0274 3560 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:46:12.0322 3560 nvUpdatusService - ok
13:46:12.0343 3560 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:46:12.0353 3560 nv_agp - ok
13:46:12.0357 3560 NwlnkFlt - ok
13:46:12.0362 3560 NwlnkFwd - ok
13:46:12.0519 3560 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:46:12.0571 3560 odserv - ok
13:46:12.0616 3560 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:46:12.0652 3560 ohci1394 - ok
13:46:12.0750 3560 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:46:12.0775 3560 ose - ok
13:46:12.0849 3560 [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:46:12.0931 3560 p2pimsvc - ok
13:46:12.0953 3560 [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc C:\Windows\system32\p2psvc.dll
13:46:13.0014 3560 p2psvc - ok
13:46:13.0041 3560 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
13:46:13.0105 3560 Parport - ok
13:46:13.0137 3560 [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:46:13.0163 3560 partmgr - ok
13:46:13.0193 3560 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
13:46:13.0218 3560 PcaSvc - ok
13:46:13.0255 3560 [ 2A5B2A51559066EA84742909B5B2CD69 ] pci C:\Windows\system32\drivers\pci.sys
13:46:13.0268 3560 pci - ok
13:46:13.0277 3560 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
13:46:13.0284 3560 pciide - ok
13:46:13.0308 3560 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:46:13.0330 3560 pcmcia - ok
13:46:13.0362 3560 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:46:13.0457 3560 PEAUTH - ok
13:46:13.0715 3560 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:46:13.0754 3560 PerfHost - ok
13:46:13.0815 3560 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
13:46:14.0206 3560 pla - ok
13:46:14.0297 3560 [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:46:14.0381 3560 PlugPlay - ok
13:46:14.0385 3560 PnkBstrA - ok
13:46:14.0429 3560 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:46:14.0489 3560 PNRPAutoReg - ok
13:46:14.0507 3560 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:46:14.0554 3560 PNRPsvc - ok
13:46:14.0613 3560 [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:46:14.0684 3560 PolicyAgent - ok
13:46:14.0711 3560 [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:46:14.0757 3560 PptpMiniport - ok
13:46:14.0772 3560 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:46:14.0813 3560 Processor - ok
13:46:14.0854 3560 [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc C:\Windows\system32\profsvc.dll
13:46:14.0908 3560 ProfSvc - ok
13:46:14.0925 3560 [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:46:14.0950 3560 ProtectedStorage - ok
13:46:14.0997 3560 [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:46:15.0042 3560 PSched - ok
13:46:15.0075 3560 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:46:15.0158 3560 ql2300 - ok
13:46:15.0179 3560 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:46:15.0189 3560 ql40xx - ok
13:46:15.0214 3560 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
13:46:15.0265 3560 QWAVE - ok
13:46:15.0281 3560 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:46:15.0293 3560 QWAVEdrv - ok
13:46:15.0301 3560 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:46:15.0342 3560 RasAcd - ok
13:46:15.0371 3560 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
13:46:15.0401 3560 RasAuto - ok
13:46:15.0420 3560 [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:46:15.0466 3560 Rasl2tp - ok
13:46:15.0492 3560 [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan C:\Windows\System32\rasmans.dll
13:46:15.0529 3560 RasMan - ok
13:46:15.0549 3560 [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:46:15.0577 3560 RasPppoe - ok
13:46:15.0582 3560 [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:46:15.0613 3560 RasSstp - ok
13:46:15.0633 3560 [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:46:15.0686 3560 rdbss - ok
13:46:15.0706 3560 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:46:15.0733 3560 RDPCDD - ok
13:46:15.0757 3560 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:46:15.0799 3560 rdpdr - ok
13:46:15.0810 3560 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:46:15.0837 3560 RDPENCDD - ok
13:46:15.0866 3560 [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:46:15.0905 3560 RDPWD - ok
13:46:15.0944 3560 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:46:15.0992 3560 RemoteAccess - ok
13:46:16.0027 3560 [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:46:16.0085 3560 RemoteRegistry - ok
13:46:16.0126 3560 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
13:46:16.0163 3560 RpcLocator - ok
13:46:16.0212 3560 [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs C:\Windows\system32\rpcss.dll
13:46:16.0247 3560 RpcSs - ok
13:46:16.0253 3560 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:46:16.0282 3560 rspndr - ok
13:46:16.0294 3560 [ 80F4593E92FF960E4763380D3168E498 ] SamSs C:\Windows\system32\lsass.exe
13:46:16.0302 3560 SamSs - ok
13:46:16.0326 3560 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:46:16.0334 3560 sbp2port - ok
13:46:16.0355 3560 [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:46:16.0387 3560 SCardSvr - ok
13:46:16.0460 3560 [ CE75D26E0A1106129F4D156851E298ED ] Schedule C:\Windows\system32\schedsvc.dll
13:46:16.0539 3560 Schedule - ok
13:46:16.0563 3560 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:46:16.0591 3560 SCPolicySvc - ok
13:46:16.0615 3560 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:46:16.0662 3560 SDRSVC - ok
13:46:16.0673 3560 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:46:16.0731 3560 secdrv - ok
13:46:16.0750 3560 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
13:46:16.0779 3560 seclogon - ok
13:46:16.0822 3560 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
13:46:16.0866 3560 SENS - ok
13:46:16.0895 3560 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:46:16.0923 3560 Serenum - ok
13:46:16.0955 3560 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:46:16.0985 3560 Serial - ok
13:46:17.0004 3560 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:46:17.0050 3560 sermouse - ok
13:46:17.0084 3560 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
13:46:17.0115 3560 SessionEnv - ok
13:46:17.0138 3560 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:46:17.0183 3560 sffdisk - ok
13:46:17.0205 3560 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:46:17.0235 3560 sffp_mmc - ok
13:46:17.0281 3560 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:46:17.0324 3560 sffp_sd - ok
13:46:17.0356 3560 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:46:17.0415 3560 sfloppy - ok
13:46:17.0451 3560 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:46:17.0508 3560 SharedAccess - ok
13:46:17.0552 3560 [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:46:17.0593 3560 ShellHWDetection - ok
13:46:17.0604 3560 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:46:17.0612 3560 SiSRaid2 - ok
13:46:17.0623 3560 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:46:17.0632 3560 SiSRaid4 - ok
13:46:17.0752 3560 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:46:17.0907 3560 Skype C2C Service - ok
13:46:17.0968 3560 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:46:17.0978 3560 SkypeUpdate - ok
13:46:18.0077 3560 [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc C:\Windows\system32\SLsvc.exe
13:46:18.0208 3560 slsvc - ok
13:46:18.0250 3560 [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:46:18.0280 3560 SLUINotify - ok
13:46:18.0359 3560 [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:46:18.0405 3560 Smb - ok
13:46:18.0429 3560 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:46:18.0471 3560 SNMPTRAP - ok
13:46:18.0487 3560 [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr C:\Windows\system32\drivers\spldr.sys
13:46:18.0494 3560 spldr - ok
13:46:18.0532 3560 [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler C:\Windows\System32\spoolsv.exe
13:46:18.0577 3560 Spooler - ok
13:46:18.0608 3560 [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:46:18.0664 3560 srv - ok
13:46:18.0687 3560 [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:46:18.0731 3560 srv2 - ok
13:46:18.0756 3560 [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:46:18.0788 3560 srvnet - ok
13:46:18.0809 3560 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:46:18.0842 3560 SSDPSRV - ok
13:46:18.0885 3560 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:46:18.0938 3560 SstpSvc - ok
13:46:18.0953 3560 Steam Client Service - ok
13:46:19.0004 3560 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:46:19.0051 3560 Stereo Service - ok
13:46:19.0090 3560 [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc C:\Windows\System32\wiaservc.dll
13:46:19.0157 3560 stisvc - ok
13:46:19.0199 3560 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:46:19.0206 3560 swenum - ok
13:46:19.0221 3560 [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv C:\Windows\System32\swprv.dll
13:46:19.0275 3560 swprv - ok
13:46:19.0296 3560 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:46:19.0303 3560 Symc8xx - ok
13:46:19.0312 3560 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:46:19.0320 3560 Sym_hi - ok
13:46:19.0331 3560 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:46:19.0353 3560 Sym_u3 - ok
13:46:19.0482 3560 [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain C:\Windows\system32\sysmain.dll
13:46:19.0540 3560 SysMain - ok
13:46:19.0567 3560 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:46:19.0621 3560 TabletInputService - ok
13:46:19.0649 3560 [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv C:\Windows\System32\tapisrv.dll
13:46:19.0688 3560 TapiSrv - ok
13:46:19.0724 3560 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
13:46:19.0782 3560 TBS - ok
13:46:19.0997 3560 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:46:20.0478 3560 Tcpip - ok
13:46:20.0649 3560 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:46:20.0755 3560 Tcpip6 - ok
13:46:20.0797 3560 [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:46:20.0833 3560 tcpipreg - ok
13:46:20.0853 3560 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:46:20.0881 3560 TDPIPE - ok
13:46:20.0897 3560 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:46:20.0946 3560 TDTCP - ok
13:46:20.0969 3560 [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:46:21.0020 3560 tdx - ok
13:46:21.0039 3560 [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:46:21.0047 3560 TermDD - ok
13:46:21.0090 3560 [ F870A5589D6A94B426EFB13689023946 ] TermService C:\Windows\System32\termsrv.dll
13:46:21.0211 3560 TermService - ok
13:46:21.0258 3560 [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes C:\Windows\system32\shsvcs.dll
13:46:21.0270 3560 Themes - ok
13:46:21.0287 3560 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
13:46:21.0315 3560 THREADORDER - ok
13:46:21.0347 3560 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
13:46:21.0399 3560 TrkWks - ok
13:46:21.0448 3560 [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:46:21.0474 3560 TrustedInstaller - ok
13:46:21.0494 3560 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:46:21.0530 3560 tssecsrv - ok
13:46:21.0554 3560 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:46:21.0577 3560 tunmp - ok
13:46:21.0626 3560 [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:46:21.0647 3560 tunnel - ok
13:46:21.0665 3560 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:46:21.0684 3560 uagp35 - ok
13:46:21.0718 3560 [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:46:21.0768 3560 udfs - ok
13:46:21.0799 3560 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:46:21.0828 3560 UI0Detect - ok
13:46:21.0847 3560 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:46:21.0864 3560 uliagpkx - ok
13:46:21.0893 3560 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:46:21.0924 3560 uliahci - ok
13:46:21.0942 3560 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:46:21.0963 3560 UlSata - ok
13:46:21.0984 3560 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:46:21.0997 3560 ulsata2 - ok
13:46:22.0022 3560 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:46:22.0070 3560 umbus - ok
13:46:22.0090 3560 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
13:46:22.0166 3560 upnphost - ok
13:46:22.0198 3560 [ C899FB269BE4740DBE2801B204CD71D4 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:46:22.0256 3560 usbaudio - ok
13:46:22.0339 3560 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:46:22.0374 3560 usbccgp - ok
13:46:22.0408 3560 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:46:22.0467 3560 usbcir - ok
13:46:22.0503 3560 [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:46:22.0549 3560 usbehci - ok
13:46:22.0586 3560 [ 99045369AE3216216573D0775FD7ED56 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:46:23.0399 3560 usbhub - ok
13:46:23.0433 3560 [ 540B622DA0949695C40CDC9D5D497A8B ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:46:23.0462 3560 usbohci - ok
13:46:23.0482 3560 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:46:23.0540 3560 usbprint - ok
13:46:23.0570 3560 [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:46:23.0598 3560 USBSTOR - ok
13:46:23.0607 3560 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:46:23.0645 3560 usbuhci - ok
13:46:23.0672 3560 [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms C:\Windows\System32\uxsms.dll
13:46:23.0700 3560 UxSms - ok
13:46:23.0755 3560 [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds C:\Windows\System32\vds.exe
13:46:23.0820 3560 vds - ok
13:46:23.0852 3560 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:46:23.0887 3560 vga - ok
13:46:23.0897 3560 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:46:23.0937 3560 VgaSave - ok
13:46:23.0959 3560 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
13:46:23.0965 3560 viaide - ok
13:46:23.0970 3560 [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:46:23.0979 3560 volmgr - ok
13:46:23.0997 3560 [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:46:24.0032 3560 volmgrx - ok
13:46:24.0061 3560 [ DE4307412D98050239026E56A7DFF3C0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:46:24.0076 3560 volsnap - ok
13:46:24.0103 3560 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:46:24.0112 3560 vsmraid - ok
13:46:24.0165 3560 [ 186BD53F8A408AD20F5A056C05678629 ] VSS C:\Windows\system32\vssvc.exe
13:46:24.0249 3560 VSS - ok
13:46:24.0268 3560 [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time C:\Windows\system32\w32time.dll
13:46:24.0305 3560 W32Time - ok
13:46:24.0327 3560 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:46:24.0386 3560 WacomPen - ok
13:46:24.0391 3560 [ AEA75207E443C8623C36B8D03596F84F ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:46:24.0420 3560 Wanarp - ok
13:46:24.0424 3560 [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:46:24.0452 3560 Wanarpv6 - ok
13:46:24.0478 3560 [ 055449247C490E24B968B44FE8A969EB ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:46:24.0733 3560 wcncsvc - ok
13:46:24.0839 3560 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:46:24.0890 3560 WcsPlugInService - ok
13:46:24.0990 3560 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
13:46:25.0015 3560 Wd - ok
13:46:25.0038 3560 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:46:25.0075 3560 Wdf01000 - ok
13:46:25.0101 3560 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:46:25.0130 3560 WdiServiceHost - ok
13:46:25.0134 3560 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:46:25.0162 3560 WdiSystemHost - ok
13:46:25.0201 3560 [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient C:\Windows\System32\webclnt.dll
13:46:25.0216 3560 WebClient - ok
13:46:25.0239 3560 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:46:25.0284 3560 Wecsvc - ok
13:46:25.0303 3560 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:46:25.0325 3560 wercplsupport - ok
13:46:25.0346 3560 [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc C:\Windows\System32\WerSvc.dll
13:46:25.0392 3560 WerSvc - ok
13:46:25.0408 3560 WinDefend - ok
13:46:25.0415 3560 WinHttpAutoProxySvc - ok
13:46:25.0510 3560 [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:46:25.0540 3560 Winmgmt - ok
13:46:25.0614 3560 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
13:46:25.0771 3560 WinRM - ok
13:46:25.0820 3560 [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc C:\Windows\System32\wlansvc.dll
13:46:25.0890 3560 Wlansvc - ok
13:46:25.0911 3560 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:46:25.0929 3560 WmiAcpi - ok
13:46:25.0976 3560 [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:46:26.0006 3560 wmiApSrv - ok
13:46:26.0031 3560 WMPNetworkSvc - ok
13:46:26.0060 3560 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:46:26.0086 3560 WPCSvc - ok
13:46:26.0111 3560 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:46:26.0152 3560 WPDBusEnum - ok
13:46:26.0183 3560 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:46:26.0218 3560 WpdUsb - ok
13:46:26.0288 3560 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:46:26.0326 3560 WPFFontCache_v0400 - ok
13:46:26.0372 3560 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:46:26.0416 3560 ws2ifsl - ok
13:46:26.0443 3560 [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc C:\Windows\System32\wscsvc.dll
13:46:26.0478 3560 wscsvc - ok
13:46:26.0482 3560 WSearch - ok
13:46:26.0555 3560 [ FB3796754FE00F0BDC87A36F164A5F4D ] wuauserv C:\Windows\system32\wuaueng.dll
13:46:26.0655 3560 wuauserv - ok
13:46:26.0677 3560 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:46:26.0706 3560 WUDFRd - ok
13:46:26.0711 3560 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:46:26.0757 3560 wudfsvc - ok
13:46:26.0805 3560 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
13:46:26.0852 3560 yukonx64 - ok
13:46:26.0855 3560 ================ Scan global ===============================
13:46:26.0882 3560 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
13:46:26.0910 3560 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
13:46:26.0926 3560 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
13:46:26.0958 3560 [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
13:46:26.0965 3560 [Global] - ok
13:46:26.0965 3560 ================ Scan MBR ==================================
13:46:26.0976 3560 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:46:27.0694 3560 \Device\Harddisk0\DR0 - ok
13:46:27.0698 3560 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR7
13:46:30.0100 3560 \Device\Harddisk5\DR7 - ok
13:46:30.0100 3560 ================ Scan VBR ==================================
13:46:30.0124 3560 [ CB13A482F8E14CB0AB9C6E8C76F09D8E ] \Device\Harddisk0\DR0\Partition1
13:46:30.0128 3560 \Device\Harddisk0\DR0\Partition1 - ok
13:46:30.0131 3560 [ 20727DEE1CBBCD53BE2C6D40A20EE12A ] \Device\Harddisk5\DR7\Partition1
13:46:30.0132 3560 \Device\Harddisk5\DR7\Partition1 - ok
13:46:30.0133 3560 ============================================================
13:46:30.0133 3560 Scan finished
13:46:30.0133 3560 ============================================================
13:46:30.0142 1744 Detected object count: 0
13:46:30.0142 1744 Actual detected object count: 0
|
|
28.12.2012, 14:26
| #4 | |
| /// Malware-holic | System-Bereinigung nach GVU-Trojaner Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 15:15
| #5 |
| | System-Bereinigung nach GVU-Trojaner Hi, hier der Log von Combo-Fix: Code:
ATTFilter ComboFix 12-12-28.02 - *** 28.12.2012 15:02:26.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.4094.2886 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Settings
c:\program files (x86)\Search Settings\FF\chrome.manifest
c:\program files (x86)\Search Settings\FF\chrome\content\plugin.js
c:\program files (x86)\Search Settings\FF\chrome\content\plugin.xul
c:\program files (x86)\Search Settings\FF\chrome\content\protection.js
c:\program files (x86)\Search Settings\FF\chrome\content\utils.js
c:\program files (x86)\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files (x86)\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files (x86)\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files (x86)\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files (x86)\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files (x86)\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files (x86)\Search Settings\FF\install.rdf
c:\program files (x86)\Search Settings\SearchSettings.dll
c:\program files (x86)\Search Settings\SearchSettings.exe
c:\program files (x86)\Search Settings\SearchSettingsRes409.dll
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\***\4.0
c:\users\Public\Black Rebel Motorcycle Club - Ha Ha High Babe (Live On Open .flv
c:\users\Public\sdelevURL.tmp
c:\windows\IsUn0407.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-28 bis 2012-12-28 ))))))))))))))))))))))))))))))
.
.
2012-12-28 13:58 . 2012-12-28 13:58 -------- d-----w- C:\32788R22FWJFW
2012-12-28 11:58 . 2012-12-28 11:58 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-12-28 11:58 . 2012-12-28 11:58 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 11:58 . 2012-12-28 12:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-28 11:58 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 11:16 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AEB49C6-7161-4A68-BCA0-3616FF8AC4CB}\mpengine.dll
2012-12-26 23:44 . 2012-12-26 23:44 -------- d-sh--w- c:\programdata\SecuROM
2012-12-26 23:03 . 2012-12-26 23:43 -------- d-----w- c:\users\***\AppData\Local\Rockstar Games
2012-12-26 22:56 . 2012-12-26 22:56 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-12-26 22:28 . 2012-12-27 00:00 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-12-23 16:35 . 2012-12-23 16:38 -------- d-----w- c:\program files (x86)\ANNO 1503 GOLD
2012-12-23 16:34 . 2002-12-05 13:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-12-23 16:34 . 2002-12-05 13:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-12-23 16:34 . 2002-12-02 14:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-12-23 16:34 . 2002-12-02 12:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-12-23 16:34 . 2002-12-02 12:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-12-23 16:34 . 2012-12-23 16:34 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-12-23 16:34 . 2012-12-23 16:34 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-12-22 09:28 . 2012-12-22 09:28 -------- d-----w- c:\program files (x86)\Microsoft
2012-12-22 09:21 . 2012-12-22 09:22 -------- d-----w- c:\program files (x86)\Ask.com
2012-12-21 17:02 . 2012-12-21 17:02 -------- d-----w- c:\programdata\Ask
2012-12-21 17:02 . 2012-12-28 13:12 -------- d-----w- c:\users\***\.freemind
2012-12-21 17:02 . 2012-12-21 17:00 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-21 17:02 . 2012-12-21 17:00 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-21 17:02 . 2012-12-21 17:01 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-21 17:00 . 2012-12-21 17:00 -------- d-----w- c:\program files (x86)\Java
2012-12-21 16:18 . 2012-12-21 16:18 -------- d-----w- c:\program files (x86)\FreeMind
2012-12-16 21:40 . 2012-12-16 21:40 -------- d-----w- c:\users\***\AppData\Roaming\DVDVideoSoft
2012-12-16 21:39 . 2012-12-16 21:39 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-12-16 12:28 . 2012-12-16 12:28 -------- d-----w- c:\program files\iPod
2012-12-16 12:28 . 2012-12-16 12:29 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-16 12:28 . 2012-12-16 12:29 -------- d-----w- c:\program files\iTunes
2012-12-16 12:28 . 2012-12-16 12:29 -------- d-----w- c:\program files (x86)\iTunes
2012-12-12 17:00 . 2012-12-12 17:31 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-12-02 12:38 . 2012-12-02 12:39 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 17:39 . 2012-04-14 14:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 17:39 . 2012-04-14 14:37 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-28 14:58 . 2006-11-02 12:35 67413224 ----a-w- c:\windows\system32\mrt.exe
2012-11-14 22:29 . 2012-06-21 21:01 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-14 22:29 . 2012-04-29 15:42 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-11 14:30 . 2012-04-29 15:42 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-10 00:28 . 2012-04-29 15:42 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-09 23:41 . 2012-11-10 00:10 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-04-12 17:49 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2012-04-12 17:49 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-10-10 20:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-04-12 17:49 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-04-12 17:49 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:51 . 2012-04-12 17:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-04-12 17:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-04-12 17:51 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-04-12 17:51 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-04-12 17:51 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-04-12 17:51 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-10 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-12-10 18:32 1520840 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-10 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-10 1573576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-22 110592]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 17:39]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vcb97rw6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.zeit.de/index
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=EEA7DD08-5377-42A4-81BA-E156B1214719&apn_ptnrs=U3&apn_sauid=0AB50834-32BA-4036-92D4-299F3BA5A1D6&apn_dtid=OSJ000YYDE&&q=
FF - ExtSQL: 2012-12-22 10:22; toolbar@ask.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vcb97rw6.default\extensions\toolbar@ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-599166037-456172063-773513045-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2012-12-28 15:12:37
ComboFix-quarantined-files.txt 2012-12-28 14:12
.
Vor Suchlauf: 20 Verzeichnis(se), 33.254.834.176 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 34.921.971.712 Bytes frei
.
- - End Of File - - 72EB895FADE77AE9D67BF4EA42D789B0
|
|
28.12.2012, 19:02
| #6 |
| /// Malware-holic | System-Bereinigung nach GVU-Trojaner Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. wenn fertig, prüfe unter Rechtsklick Computer, Eigenschaften, ob das Serivcepack 2 instaliert ist. Wenn fertig, melden bitte
__________________ --> System-Bereinigung nach GVU-Trojaner |
|
28.12.2012, 19:49
| #7 |
| | System-Bereinigung nach GVU-Trojaner Hallo, dazu müsste ich den Pc ja wieder ans Internet anschließen - macht das etwas aus? Trojaner lesen ja dann empfindlichen Daten etc. aus und verschicken diese - oder ist der Trojaner jetzt schon unschädlich? Tut mir Leid, wenn die Frage evtl. dumm erscheint, aber ich bin nicht allzu versiert, was Pcs angeht! |
|
02.01.2013, 13:40
| #8 |
| | System-Bereinigung nach GVU-Trojaner Ich will nicht ungeduldig erscheinen, aber wollte jetzt dann mal eine Erinnerung posten. |
|
02.01.2013, 20:26
| #9 |
| /// Malware-holic | System-Bereinigung nach GVU-Trojaner Hi stand in meiner Signatur, dass ich nicht da bin :-) PC kann ans Netz.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.01.2013, 23:45
| #10 |
| | System-Bereinigung nach GVU-Trojaner Alles klar - die Updates sind jetzt installiert. |
|
03.01.2013, 18:24
| #11 |
| /// Malware-holic | System-Bereinigung nach GVU-Trojaner Hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools,uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.01.2013, 21:39
| #12 |
| | System-Bereinigung nach GVU-Trojaner Hi, hier die Liste: Code:
ATTFilter 2007 Microsoft Office system Microsoft Corporation 19.04.2012 490MB 12.0.6612.1000 notwendig Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 12.04.2012 14,0MB notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.12.2012 11.5.502.135 notwendig Adobe Photoshop Elements 2.0 Adobe Systems, Inc. 18.04.2012 97,3MB 2.0 notwendig Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 16.04.2012 10.1.3 notwendig ANNO 1503 GOLD 23.12.20121,48GB1.05.00 unnötig Any Video Converter 3.3.9 Any-Video-Converter.com 03.06.2012 96,6MB notwendig Apple Application Support Apple Inc. 02.12.2012 64,9MB 2.3.2 notwendig Apple Mobile Device Support Apple Inc. 02.12.2012 25,1MB 6.0.1.3 notwendig Apple Software Update Apple Inc. 14.04.2012 2,38MB 2.1.3.127 notwendig Ask Toolbar Ask.com 22.12.2012 4,84MB 1.15.14.0 unbekannt Ask Toolbar Updater Ask.com 22.12.2012 1,54MB 1.2.3.29495 unbekannt ATI Catalyst Install Manager ATI Technologies, Inc. 12.04.2012 18,2MB 3.0.642.0 notwendig avast! Free Antivirus AVAST Software 29.12.2012 307MB 7.0.1474.0 notwendig Bing-Desktop Microsoft Corporation 02.01.2013 5,25MB 1.1.165.0 unnötig Bonjour Apple Inc. 14.04.2012 2,01MB 3.0.0.10 unbekannt Call of Duty(R) 4 - Modern Warfare(TM) Activision 01.05.2012 6,23GB 1.7 unnötig CCleaner Piriform 19.12.2012 10,4MB 3.26 notwendig Creation Kit 17.06.2012 5,83GB unnötig Day of Defeat: Source Valve 14.07.2012 3,36GB 1.0.0.0 unnötig EA Download Manager Electronic Arts, Inc. 10.05.2012 61,0MB 7.2.0.32 unnötig Empire: Total War The Creative Assembly 18.10.2012 16,1GB unnötig FLV Player 2.0 (build 25) Martijn de Visser 14.04.2012 1,94MB 2.0 (build 25) notwendig Free 3GP Video Converter version 5.0.21.1201 DVDVideoSoft Ltd. 16.12.2012 11,0MB 5.0.21.1201 unnötig FreeMind 21.12.2012 16,3MB 0.9.0 notwendig Grand Theft Auto IV Rockstar Games 03.01.2013 15,0GB 1.00.0000 unnötig Half-Life 2: Deathmatch Valve 27.08.2012 4,92MB unnötig Half-Life 2: Episode One Valve 27.08.2012 8,26MB unnötig Half-Life 2: Episode Two Valve 01.09.2012 604MB unnötig Half-Life(R) 2 Valve 27.08.2012 959MB 1.0.0.0 unnötig ICQ7M ICQ 02.07.2012 59,8 MB 7.8 unnötig iTunes Apple Inc. 16.12.2012 189MB 11.0.1.12 notwendig Java 7 Update 10 Oracle 21.12.2012 128MB 7.0.100 notwendig Left 4 Dead 2 Valve 13.06.2012 13,9GB unnötig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 28.12.2012 12,3MB 1.70.0.1100 notwendig McAfee Security Scan Plus McAfee, Inc. 03.05.2012 2,32MB 3.0.207.4 unnötig Medieval II Total War SEGA 03.12.2012 52,0MB 1.03.000 unnötig Medieval II Total War : Kingdoms : Crusades SEGA 03.12.2012 1,59MB 1.03.000 unnötig Medieval II Total War : Kingdoms : Teutonic SEGA 03.12.2012 1,58MB 1.03.000 unnötig Microsoft .NET Framework 1.1 01.05.2012 notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 18.04.2012 42,4MB notwendig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 22.04.2012 42,4MB notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 21.04.2012 189MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 21.04.2012 46,4MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 10.11.2012 46,4MB 4.0.30319 notwendig Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 03.01.2013 32,5MB 2.0.672.0 unnötig Microsoft Office File Validation Add-In Microsoft Corporation 23.12.2012 14.0.5130.5003 notwendig Microsoft Office Home and Student 2007 Microsoft Corporation 19.04.2012 567MB 12.0.6612.1000 notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 22.12.2012 506KB 2.0.4024.1 notwendig Microsoft Silverlight Microsoft Corporation 02.01.2013 22,5MB 5.1.10411.0 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.10.2012 2,37MB 8.0.59193 notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 29.04.2012 698KB 8.0.61000 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 15.04.2012 782KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 18.04.2012 782KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 26.07.2012 1,41MB 9.0.21022 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 10.05.2012 238KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 30.05.2012 229KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 15.04.2012 226KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 18.04.2012 594KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 24.04.2012 10.0.40219 notwendig Microsoft WSE 3.0 Runtime Microsoft Corp. 07.06.2012 942KB 3.0.5305.0 notwendig Mozilla Firefox 17.0.1 (x86 de) Mozilla 05.12.2012 46,2MB 17.0.1 notwendig Mozilla Maintenance Service Mozilla 12.12.2012 216KB 17.0 notwendig Mozilla Thunderbird 17.0 (x86 de) Mozilla 12.12.2012 42,1MB 17.0 notwendig NVIDIA 3D Vision Controller-Treiber 296.10 NVIDIA Corporation 12.04.2012 4,04MB 296.10 notwendig NVIDIA 3D Vision Treiber 306.97 NVIDIA Corporation 18.11.2012 23,5MB 306.97 notwendig NVIDIA Grafiktreiber 306.97 NVIDIA Corporation 18.11.2012 164MB 306.97 notwendig NVIDIA PhysX-Systemsoftware 9.12.0213 NVIDIA Corporation 12.04.2012 90,5MB 9.12.0213 notwendig NVIDIA Update 1.10.8 NVIDIA Corporation 18.11.2012 1,00MB 1.10.8 notwendig Oblivion Bethesda Softworks 16.07.2012 8,74GB 1.00.0000 unnötig Oblivion mod manager 1.1.12 Timeslip 16.07.2012 8,74GB unnötig OpenOffice.org 3.3 OpenOffice.org 14.04.2012 414MB 3.3.9567 notwendig Pixum Fotobuch 08.11.2012 214MB notwendig PunkBuster Services Even Balance, Inc. 10.11.2012 0.992 unnötig QuickTime Apple Inc. 02.12.2012 73,1MB 7.73.80.64 unnötig Rockstar Games Social Club Rockstar Games 03.01.2013 1,87MB 1.00.0000 unnötig Skype Click to Call Skype Technologies S.A. 03.11.2012 16,1MB 6.3.11079 unnötig Skype™ 5.10 Skype Technologies S.A. 19.09.2012 19,3MB 5.10.116unnötig Source SDK Valve 15.04.2012 unnötig Source SDK Base 2007 Valve 18.09.2012 63,6MB unnötig Steam Valve Corporation 14.04.2012 35,4MB 1.0.0.0 unnötig Steinberg Cubase SE 30.04.2012 170MB notwendig The Elder Scrolls V: Skyrim Bethesda Game Studios 22.04.2012 5,43GB unnötig WinRAR 4.20 (64-Bit) win.rar GmbH 16.07.2012 4,80MB 4.20.0 unnötig |
|
05.01.2013, 16:00
| #13 |
| /// Malware-holic | System-Bereinigung nach GVU-Trojaner deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: ANNO Ask : beide Bing Bonjour Call of Creation Day of EA Empire: Free 3GP Grand Theft Half-Life alle ICQ7M Left McAfee Medieval : alle Oblivion : beide PunkBuster Rockstar Skype : beide Source : beide Steam The Elder Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.01.2013, 23:55
| #14 |
| | System-Bereinigung nach GVU-Trojaner Alles klar, hier die Log-Datei: Code:
ATTFilter # AdwCleaner v2.105 - Datei am 08/01/2013 um 23:52:12 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vcb97rw6.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files (x86)\Application Updater
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKU\S-1-5-21-599166037-456172063-773513045-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6002.18005
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vcb97rw6.default\prefs.js
Gefunden : user_pref("browser.search.order.1", "Ask.com");
*************************
AdwCleaner[R1].txt - [2243 octets] - [08/01/2013 23:52:12]
########## EOF - C:\AdwCleaner[R1].txt - [2303 octets] ##########
|
|
08.01.2013, 23:57
| #15 |
| /// Malware-holic | System-Bereinigung nach GVU-Trojaner Hi, Downloade Dir bitte AdwCleaner auf deinen Desktop.
Neustarten, teste bitte, wie der PC + Programme laufen, auch browser wie den ie testen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu System-Bereinigung nach GVU-Trojaner |
| administrator, adobe, adobe flash player, autorun, bho, bonjour, bot, defender, dsgsdgdsgdsgw.pad, explorer, firefox, flash player, format, google, home, log, logfile, nvidia, nvidia update, performance, plug-in, programme, registry, security, senden, software, vista |
Linear-Darstellung
