Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner - Mich hat es auch erwischt!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.01.2013, 16:51   #1
Sebas.Berlin
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Liebes Board,

meinen Laptop mit Windows 7 hat es heute auch erwischt und plötzlich war der Desktop mit der entsprechenden Nachricht gesperrt.

In meiner Ratlosigkeit habe ich nach einem Neustart Kaspersky WindowsUnlocker und RescueDisk drüberlaufen lassen, bin aber nach der anschließenden Lektüre in diesem Forum unsicher, ob das wirklich die optimale Lösung war.

Könnt Ihr mir weiterhelfen? Habe ich mit den beiden Porgrammen bereits alles beseitigt oder ist mein Rechner irgendwo doch noch verseucht? Wie finde ich das raus?

Schon vorab tausend Dank für alle Unterstützung!

Alt 05.01.2013, 16:54   #2
markusg
/// Malware-holic
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Poste bitte die Kaspersky logs...
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 06.01.2013, 01:44   #3
Sebas.Berlin
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Hier der Log des WindowsUnlocker von Kaspersky:

Code:
ATTFilter
Kaspersky Lab WindowsUnlocker, 2012
version 1.2.1 Sep 19 2012 08:04:02

Bearbeitet Volume "/discs/C:"

Registrierung "/discs/C:/windows/system32/config/system" wurde erfolgreich geöffnet
"AlternateShell" - OK
"AlternateShell" - OK

Registrierung "/discs/C:/windows/system32/config/software" wurde erfolgreich geöffnet
Windows wurde erkannt: Windows 7 Home Premium Service Pack 1 ( 7601.win7sp1_gdr.120830-0333 ) C:\Windows
Bearbeitet "Winlogon"
"Shell" - OK
"Userinit" - OK
Bearbeitet WOW64 "Winlogon"
"Shell" - OK
"Userinit" - OK
Bearbeitet "Windows"
Bearbeitet WOW64 "Windows"
Bearbeitet "Image File Execution Options"
Bearbeitet "Run"
Bearbeitet WOW64 "Run"
Bearbeitet Volume "/discs/Webbrowser"
Bearbeitet Volume "/discs/sda4"
Bearbeitet Volume "/discs/Kaspersky Rescue Disk"
Bearbeitet Volume "/discs/sda1"
Bearbeitet Volume "/discs/D:"
Bearbeitet Volume "/discs/Dateimanager"
Bearbeitet Volume "/discs/Kaspersky Registry Editor"
Bearbeitet Volume "/discs/sdb1"

Registrierung "/discs/C:/Windows/ServiceProfiles/LocalService/NTUSER.DAT" wurde erfolgreich geöffnet
Bearbeitet "Winlogon"
Bearbeitet "Windows"
Bearbeitet "Run"

Registrierung "/discs/C:/Windows/ServiceProfiles/NetworkService/NTUSER.DAT" wurde erfolgreich geöffnet
Bearbeitet "Winlogon"
Bearbeitet "Windows"
Bearbeitet "Run"

Registrierung "/discs/C:/Users/UpdatusUser/NTUSER.DAT" wurde erfolgreich geöffnet
Bearbeitet "Winlogon"
Bearbeitet "Windows"
Bearbeitet "Run"

Registrierung "/discs/C:/Users/Sverige/NTUSER.DAT" wurde erfolgreich geöffnet
Bearbeitet "Winlogon"
Bearbeitet "Windows"
Bearbeitet "Run"
"spotify web helper" : ""c:\users\sverige\appdata\roaming\spotify\data\spotifywebhelper.exe"" - verdächtiger Wert
spotify web helper - gelöscht
         


Und hier der Log der RescueDisk von Kaspersky:

Code:
ATTFilter
Untersuchung von Objekten: wurde abgeschlossen vor weniger als einer Minute  (Ereignis: 2, Objekte: 1669, Zeit: 00:04:03)	
06.01.13 00:52	Aufgabe wurde abgeschlossen			
06.01.13 00:48	Aufgabe wurde gestartet
         
Hier der Inhalt aus OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.01.2013 01:47:00 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sverige\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,95 Gb Available Physical Memory | 75,48% Memory free
7,81 Gb Paging File | 7,07 Gb Available in Paging File | 90,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 647,54 Gb Total Space | 534,57 Gb Free Space | 82,55% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 26,07 Gb Free Space | 52,13% Space Free | Partition Type: NTFS
 
Computer Name: SVERIGE-PC | User Name: Sverige | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sverige\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe ()
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (WisLMSvc) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)
DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (smsbda) -- C:\Windows\SysNative\drivers\smsbda.sys (Siano)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3699052161-2714556747-3613960282-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKU\S-1-5-21-3699052161-2714556747-3613960282-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3699052161-2714556747-3613960282-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?tab=wc
IE - HKU\S-1-5-21-3699052161-2714556747-3613960282-1001\..\SearchScopes,DefaultScope = {842D6134-DB35-4B84-BF03-CCDDE47DEE65}
IE - HKU\S-1-5-21-3699052161-2714556747-3613960282-1001\..\SearchScopes\{842D6134-DB35-4B84-BF03-CCDDE47DEE65}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKU\S-1-5-21-3699052161-2714556747-3613960282-1001\..\SearchScopes\{AF69F48A-7A39-4979-B71A-3F51EE8F8E5B}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
IE - HKU\S-1-5-21-3699052161-2714556747-3613960282-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.com/calendar/render?gsessionid=OK"
FF - prefs.js..extensions.enabledAddons: unplug@compunach:2.052
FF - prefs.js..extensions.enabledAddons: readable@evernote.com:7.3346.272.999
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.12
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.10
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 14:55:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.09 14:55:46 | 000,000,000 | ---D | M]
 
[2012.07.19 12:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sverige\AppData\Roaming\mozilla\Extensions
[2013.01.05 12:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sverige\AppData\Roaming\mozilla\Firefox\Profiles\mlvxc3pd.default\extensions
[2012.07.19 12:26:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sverige\AppData\Roaming\mozilla\Firefox\Profiles\mlvxc3pd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.28 12:58:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sverige\AppData\Roaming\mozilla\Firefox\Profiles\mlvxc3pd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.12 19:45:22 | 001,088,515 | ---- | M] () (No name found) -- C:\Users\Sverige\AppData\Roaming\mozilla\firefox\profiles\mlvxc3pd.default\extensions\readable@evernote.com.xpi
[2012.09.29 15:06:38 | 000,142,851 | ---- | M] () (No name found) -- C:\Users\Sverige\AppData\Roaming\mozilla\firefox\profiles\mlvxc3pd.default\extensions\unplug@compunach.xpi
[2011.05.08 13:44:13 | 000,741,844 | ---- | M] () (No name found) -- C:\Users\Sverige\AppData\Roaming\mozilla\firefox\profiles\mlvxc3pd.default\extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}.xpi
[2013.01.05 12:26:07 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Sverige\AppData\Roaming\mozilla\firefox\profiles\mlvxc3pd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.07.19 12:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.14 01:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 01:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [TVPro Control] C:\Program Files (x86)\TV IR\TV IR.EXE ()
O4 - HKLM..\Run: [TVPro Task] C:\Program Files (x86)\TV IR\shutTask.exe ()
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3699052161-2714556747-3613960282-1001..\Run: [svñhîst] C:\Users\Sverige\7747504.exe (Softspecialists)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sverige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sverige\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sverige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Sverige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70B3F7DF-247C-4210-9119-6973DA3FE5FE}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B80305C2-8099-4EE3-B85A-5821AA3846EF}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.06 01:06:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sverige\Desktop\OTL(1).exe
[2013.01.06 01:05:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sverige\Desktop\OTL.exe
[2013.01.05 14:28:01 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.01.05 12:46:31 | 000,035,328 | RHS- | C] (Softspecialists) -- C:\Users\Sverige\7747504.exe
[2013.01.01 23:55:12 | 000,000,000 | -H-D | C] -- C:\Users\Sverige\Documents\544521291248122807
[2012.12.26 00:44:08 | 000,000,000 | ---D | C] -- C:\Users\Sverige\AppData\Local\Zattoo
[2012.12.26 00:43:55 | 000,000,000 | ---D | C] -- C:\Users\Sverige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012.12.26 00:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012.12.26 00:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4
[2012.12.23 15:04:44 | 000,000,000 | ---D | C] -- C:\Users\Sverige\AppData\Local\Programs
[3 C:\Users\Sverige\Desktop\*.tmp files -> C:\Users\Sverige\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.06 01:06:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sverige\Desktop\OTL(1).exe
[2013.01.06 01:05:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sverige\Desktop\OTL.exe
[2013.01.06 01:04:58 | 000,000,349 | ---- | M] () -- C:\Users\Sverige\Desktop\_.htm
[2013.01.06 01:00:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.06 01:00:08 | 3147,198,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.05 13:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.05 13:04:15 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.05 13:04:15 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.05 12:46:31 | 000,035,328 | RHS- | M] (Softspecialists) -- C:\Users\Sverige\7747504.exe
[2013.01.02 19:56:01 | 000,000,350 | ---- | M] () -- C:\Users\Sverige\Desktop\Teilnehmen - Wohnen muss bezahlbar sein! - Campact.website
[2012.12.30 13:58:07 | 001,153,720 | ---- | M] () -- C:\Users\Sverige\Desktop\Philips HF3330-01 GoLite Blue Lichttherapiegerät günstig kaufen im Online-Shop von comtech_de.mht
[2012.12.29 17:30:15 | 000,001,057 | ---- | M] () -- C:\Users\Sverige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.29 17:30:08 | 000,001,029 | ---- | M] () -- C:\Users\Sverige\Desktop\Dropbox.lnk
[2012.12.29 13:48:12 | 002,749,873 | ---- | M] () -- C:\Users\Sverige\Desktop\handbuch-buergerbeteiligung.pdf
[2012.12.29 13:26:54 | 000,326,609 | ---- | M] () -- C:\Users\Sverige\Desktop\xcms_bst_dms_37165_37166_2.pdf
[2012.12.27 14:01:44 | 000,000,708 | ---- | M] () -- C:\Users\Sverige\Desktop\Charité - Universitätsmedizin Berlin Einwanderung – Bedrohung oder Zukunft.website
[2012.12.26 00:44:55 | 000,017,408 | ---- | M] () -- C:\Users\Sverige\AppData\Local\WebpageIcons.db
[2012.12.26 00:43:55 | 000,001,876 | ---- | M] () -- C:\Users\Sverige\Desktop\Zattoo.lnk
[2012.12.24 14:04:21 | 000,000,668 | ---- | M] () -- C:\Users\Sverige\Desktop\„Eine Frau Ihres Aussehens“ Eine Begegnung mit Thilo Sarrazin — Carta.website
[2012.12.23 01:10:27 | 001,622,172 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.23 01:10:27 | 000,700,646 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.23 01:10:27 | 000,655,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.23 01:10:27 | 000,149,410 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.23 01:10:27 | 000,122,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.21 21:49:04 | 000,518,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.19 01:05:54 | 000,000,416 | ---- | M] () -- C:\Users\Sverige\Desktop\Britische Feministin Laurie Penny im Interview - SPIEGEL ONLINE.website
[2012.12.16 12:47:26 | 000,000,629 | ---- | M] () -- C:\Users\Sverige\Desktop\Ströbele und Wieland Zwei Grüne, zwei Welten  Politik  ZEIT ONLINE.website
[2012.12.14 01:13:12 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.14 01:13:12 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.12 15:58:57 | 000,000,629 | ---- | M] () -- C:\Users\Sverige\Desktop\Mietexplosion Der neue Häuserkampf - Meinung - Tagesspiegel.website
[2012.12.10 21:11:56 | 000,000,721 | ---- | M] () -- C:\Users\Sverige\Desktop\Arbeitslosigkeit Das beschämende Gefühl, Hartz IV zu beziehen  Wirtschaft  ZEIT ONLINE.website
[2012.12.09 14:42:59 | 000,000,307 | ---- | M] () -- C:\Users\Sverige\Desktop\Willkommen im Crelle Kiez.website
[2012.12.09 14:19:21 | 000,000,413 | ---- | M] () -- C:\Users\Sverige\Desktop\Swampland.website
[3 C:\Users\Sverige\Desktop\*.tmp files -> C:\Users\Sverige\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.06 01:04:57 | 000,000,349 | ---- | C] () -- C:\Users\Sverige\Desktop\_.htm
[2013.01.02 19:56:01 | 000,000,350 | ---- | C] () -- C:\Users\Sverige\Desktop\Teilnehmen - Wohnen muss bezahlbar sein! - Campact.website
[2012.12.30 13:58:02 | 001,153,720 | ---- | C] () -- C:\Users\Sverige\Desktop\Philips HF3330-01 GoLite Blue Lichttherapiegerät günstig kaufen im Online-Shop von comtech_de.mht
[2012.12.29 13:48:12 | 002,749,873 | ---- | C] () -- C:\Users\Sverige\Desktop\handbuch-buergerbeteiligung.pdf
[2012.12.29 13:26:54 | 000,326,609 | ---- | C] () -- C:\Users\Sverige\Desktop\xcms_bst_dms_37165_37166_2.pdf
[2012.12.27 14:01:44 | 000,000,708 | ---- | C] () -- C:\Users\Sverige\Desktop\Charité - Universitätsmedizin Berlin Einwanderung – Bedrohung oder Zukunft.website
[2012.12.26 00:44:07 | 000,017,408 | ---- | C] () -- C:\Users\Sverige\AppData\Local\WebpageIcons.db
[2012.12.26 00:43:55 | 000,001,876 | ---- | C] () -- C:\Users\Sverige\Desktop\Zattoo.lnk
[2012.12.24 14:04:21 | 000,000,668 | ---- | C] () -- C:\Users\Sverige\Desktop\„Eine Frau Ihres Aussehens“ Eine Begegnung mit Thilo Sarrazin — Carta.website
[2012.12.19 01:05:54 | 000,000,416 | ---- | C] () -- C:\Users\Sverige\Desktop\Britische Feministin Laurie Penny im Interview - SPIEGEL ONLINE.website
[2012.12.16 12:47:26 | 000,000,629 | ---- | C] () -- C:\Users\Sverige\Desktop\Ströbele und Wieland Zwei Grüne, zwei Welten  Politik  ZEIT ONLINE.website
[2012.12.13 18:54:38 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.12 15:58:57 | 000,000,629 | ---- | C] () -- C:\Users\Sverige\Desktop\Mietexplosion Der neue Häuserkampf - Meinung - Tagesspiegel.website
[2012.12.10 21:11:56 | 000,000,721 | ---- | C] () -- C:\Users\Sverige\Desktop\Arbeitslosigkeit Das beschämende Gefühl, Hartz IV zu beziehen  Wirtschaft  ZEIT ONLINE.website
[2012.12.09 14:42:59 | 000,000,307 | ---- | C] () -- C:\Users\Sverige\Desktop\Willkommen im Crelle Kiez.website
[2012.12.09 14:19:21 | 000,000,413 | ---- | C] () -- C:\Users\Sverige\Desktop\Swampland.website
[2012.08.14 22:47:52 | 001,600,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.13 21:28:52 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.03.19 23:02:11 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.10.17 03:36:08 | 000,322,880 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.05 13:01:05 | 000,000,000 | ---D | M] -- C:\Users\Sverige\AppData\Roaming\Dropbox
[2012.09.30 19:06:14 | 000,000,000 | ---D | M] -- C:\Users\Sverige\AppData\Roaming\elsterformular
[2012.07.26 16:08:35 | 000,000,000 | ---D | M] -- C:\Users\Sverige\AppData\Roaming\FreePDF
[2012.07.19 13:05:31 | 000,000,000 | ---D | M] -- C:\Users\Sverige\AppData\Roaming\IrfanView
[2012.07.20 16:51:04 | 000,000,000 | ---D | M] -- C:\Users\Sverige\AppData\Roaming\pdfforge
[2012.07.25 13:37:48 | 000,000,000 | ---D | M] -- C:\Users\Sverige\AppData\Roaming\phonostar GmbH
[2012.08.14 23:03:35 | 000,000,000 | ---D | M] -- C:\Users\Sverige\AppData\Roaming\Sony
[2013.01.03 18:14:14 | 000,000,000 | ---D | M] -- C:\Users\Sverige\AppData\Roaming\Spotify
[2012.07.14 00:19:44 | 000,000,000 | ---D | M] -- C:\Users\Sverige\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.06.30 15:04:29 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.12.13 17:09:24 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2012.06.30 14:53:43 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.03.19 23:29:25 | 000,000,000 | ---D | M] -- C:\Intel
[2013.01.06 01:48:06 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.09 15:57:59 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.07.26 16:05:40 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.26 00:43:54 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.08 19:20:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.06.30 14:53:43 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.01.05 12:11:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.30 15:04:01 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.06 01:00:08 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,552 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.12.13 18:54:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.11.30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.11.30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.01.05 12:46:31 | 000,035,328 | RHS- | M] (Softspecialists) -- C:\Users\Sverige\7747504.exe
[2013.01.06 01:49:01 | 003,932,160 | -HS- | M] () -- C:\Users\Sverige\NTUSER.DAT
[2013.01.06 01:49:01 | 000,262,144 | -HS- | M] () -- C:\Users\Sverige\ntuser.dat.LOG1
[2012.06.30 15:04:02 | 000,000,000 | -HS- | M] () -- C:\Users\Sverige\ntuser.dat.LOG2
[2012.06.30 15:22:12 | 000,065,536 | -HS- | M] () -- C:\Users\Sverige\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.06.30 15:22:12 | 000,524,288 | -HS- | M] () -- C:\Users\Sverige\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.06.30 15:22:12 | 000,524,288 | -HS- | M] () -- C:\Users\Sverige\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.06.30 15:04:02 | 000,000,020 | -HS- | M] () -- C:\Users\Sverige\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---

[/CODE]

Eine Extra.txt wurde irgendwie nicht ausgegeben - oder ich habe sie möglicherweise nicht gefunden. Sicherheitshalber habe ich ein zweiten Scan gestartet, aber da gab es ebenfalls nur die OTL.txt.

Danke für Deine schnelle Hilfe!!!
__________________

Alt 06.01.2013, 17:47   #4
markusg
/// Malware-holic
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-3699052161-2714556747-3613960282-1001..\Run: [svñhîst] C:\Users\Sverige\7747504.exe (Softspecialists)
 :Files
C:\Users\Sverige\7747504.exe
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 19:07   #5
Sebas.Berlin
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Hi und danke für die weitere Hilfe!

Hier der OTL-Text:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3699052161-2714556747-3613960282-1001\Software\Microsoft\Windows\CurrentVersion\Run\\svñhîst deleted successfully.
C:\Users\Sverige\7747504.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 56475 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sverige
->Flash cache emptied: 57023 bytes
 
User: UpdatusUser
->Flash cache emptied: 56475 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sverige
->Temp folder emptied: 840756516 bytes
->Temporary Internet Files folder emptied: 25478879 bytes
->Java cache emptied: 4995772 bytes
->FireFox cache emptied: 61998525 bytes
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 323010390 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 2736914 bytes
 
Total Files Cleaned = 1.201,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01062013_185026

Files\Folders moved on Reboot...
C:\Users\Sverige\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Der Upload hat funktioniert. Beim Zippen ist Avira angesprungen. Ich habe Avira dann deaktiviert und dann hat es (logischerweise) geklappt.


Alt 06.01.2013, 19:44   #6
markusg
/// Malware-holic
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Danke.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> GVU Trojaner - Mich hat es auch erwischt!

Alt 06.01.2013, 19:59   #7
Sebas.Berlin
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Jupp, erledigt. Hier der Bericht:

Code:
ATTFilter
19:55:16.0727 3416  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:55:16.0852 3416  ============================================================
19:55:16.0852 3416  Current date / time: 2013/01/06 19:55:16.0852
19:55:16.0852 3416  SystemInfo:
19:55:16.0852 3416  
19:55:16.0852 3416  OS Version: 6.1.7601 ServicePack: 1.0
19:55:16.0852 3416  Product type: Workstation
19:55:16.0852 3416  ComputerName: SVERIGE-PC
19:55:16.0852 3416  UserName: Sverige
19:55:16.0852 3416  Windows directory: C:\Windows
19:55:16.0852 3416  System windows directory: C:\Windows
19:55:16.0852 3416  Running under WOW64
19:55:16.0852 3416  Processor architecture: Intel x64
19:55:16.0852 3416  Number of processors: 4
19:55:16.0852 3416  Page size: 0x1000
19:55:16.0852 3416  Boot type: Normal boot
19:55:16.0852 3416  ============================================================
19:55:17.0335 3416  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:55:17.0335 3416  ============================================================
19:55:17.0335 3416  \Device\Harddisk0\DR0:
19:55:17.0335 3416  MBR partitions:
19:55:17.0335 3416  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:55:17.0335 3416  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x50F12800
19:55:17.0335 3416  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x50F45000, BlocksNum 0x6400000
19:55:17.0335 3416  ============================================================
19:55:17.0366 3416  C: <-> \Device\Harddisk0\DR0\Partition2
19:55:17.0413 3416  D: <-> \Device\Harddisk0\DR0\Partition3
19:55:17.0413 3416  ============================================================
19:55:17.0413 3416  Initialize success
19:55:17.0413 3416  ============================================================
19:55:46.0788 3328  ============================================================
19:55:46.0788 3328  Scan started
19:55:46.0788 3328  Mode: Manual; SigCheck; TDLFS; 
19:55:46.0788 3328  ============================================================
19:55:47.0474 3328  ================ Scan system memory ========================
19:55:47.0474 3328  System memory - ok
19:55:47.0490 3328  ================ Scan services =============================
19:55:47.0677 3328  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:55:47.0818 3328  1394ohci - ok
19:55:47.0911 3328  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:55:47.0942 3328  ACDaemon - ok
19:55:48.0005 3328  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:55:48.0020 3328  ACPI - ok
19:55:48.0067 3328  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:55:48.0161 3328  AcpiPmi - ok
19:55:48.0239 3328  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:55:48.0254 3328  AdobeARMservice - ok
19:55:48.0395 3328  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:55:48.0426 3328  AdobeFlashPlayerUpdateSvc - ok
19:55:48.0488 3328  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:55:48.0535 3328  adp94xx - ok
19:55:48.0582 3328  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:55:48.0598 3328  adpahci - ok
19:55:48.0660 3328  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:55:48.0691 3328  adpu320 - ok
19:55:48.0722 3328  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:55:48.0910 3328  AeLookupSvc - ok
19:55:48.0972 3328  [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
19:55:49.0003 3328  Afc - ok
19:55:49.0050 3328  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:55:49.0128 3328  AFD - ok
19:55:49.0175 3328  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:55:49.0206 3328  agp440 - ok
19:55:49.0237 3328  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:55:49.0315 3328  ALG - ok
19:55:49.0362 3328  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:55:49.0393 3328  aliide - ok
19:55:49.0424 3328  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:55:49.0440 3328  amdide - ok
19:55:49.0487 3328  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:55:49.0534 3328  AmdK8 - ok
19:55:49.0549 3328  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:55:49.0596 3328  AmdPPM - ok
19:55:49.0627 3328  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:55:49.0658 3328  amdsata - ok
19:55:49.0690 3328  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:55:49.0721 3328  amdsbs - ok
19:55:49.0752 3328  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:55:49.0783 3328  amdxata - ok
19:55:49.0830 3328  [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
19:55:49.0908 3328  AMPPAL - ok
19:55:49.0924 3328  [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
19:55:49.0939 3328  AMPPALP - ok
19:55:50.0048 3328  [ 2CC0CBF2707BE4D5B6CE6B87D9DA2F97 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
19:55:50.0095 3328  AMPPALR3 - ok
19:55:50.0189 3328  [ 94B415DF65DFCE569216F8276E8E9CBD ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
19:55:50.0220 3328  AntiVirMailService - ok
19:55:50.0282 3328  [ C321528276C59058A261616F7D1EA496 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:55:50.0314 3328  AntiVirSchedulerService - ok
19:55:50.0360 3328  [ 66AD3485D0AB5F9FDEF67928FD624A80 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:55:50.0376 3328  AntiVirService - ok
19:55:50.0438 3328  [ EDD7AD5B5C003B7AB38C90508B055C25 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:55:50.0470 3328  AntiVirWebService - ok
19:55:50.0516 3328  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:55:50.0735 3328  AppID - ok
19:55:50.0766 3328  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:55:50.0860 3328  AppIDSvc - ok
19:55:50.0891 3328  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:55:51.0000 3328  Appinfo - ok
19:55:51.0031 3328  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:55:51.0062 3328  arc - ok
19:55:51.0094 3328  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:55:51.0125 3328  arcsas - ok
19:55:51.0250 3328  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:55:51.0265 3328  aspnet_state - ok
19:55:51.0312 3328  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:55:51.0406 3328  AsyncMac - ok
19:55:51.0452 3328  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:55:51.0484 3328  atapi - ok
19:55:51.0530 3328  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:55:51.0640 3328  AudioEndpointBuilder - ok
19:55:51.0671 3328  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:55:51.0718 3328  AudioSrv - ok
19:55:51.0796 3328  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:55:51.0827 3328  avgntflt - ok
19:55:51.0874 3328  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:55:51.0905 3328  avipbb - ok
19:55:51.0920 3328  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:55:51.0952 3328  avkmgr - ok
19:55:51.0998 3328  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:55:52.0092 3328  AxInstSV - ok
19:55:52.0139 3328  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:55:52.0201 3328  b06bdrv - ok
19:55:52.0264 3328  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:55:52.0295 3328  b57nd60a - ok
19:55:52.0326 3328  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:55:52.0388 3328  BDESVC - ok
19:55:52.0420 3328  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:55:52.0513 3328  Beep - ok
19:55:52.0576 3328  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:55:52.0700 3328  BFE - ok
19:55:52.0747 3328  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:55:52.0856 3328  BITS - ok
19:55:52.0888 3328  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
19:55:52.0950 3328  blbdrive - ok
19:55:53.0090 3328  [ 2E251B39ABEA79351E5633E5A7C36BE4 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
19:55:53.0137 3328  Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
19:55:53.0137 3328  Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
19:55:53.0200 3328  [ 1EC546F8B6222F1F984220C1324EA945 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
19:55:53.0278 3328  Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
19:55:53.0278 3328  Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
19:55:53.0324 3328  [ ADB9C79CCBEF779D56A9AC931F9C8DF0 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
19:55:53.0371 3328  Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
19:55:53.0371 3328  Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
19:55:53.0418 3328  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:55:53.0480 3328  bowser - ok
19:55:53.0527 3328  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:55:53.0574 3328  BrFiltLo - ok
19:55:53.0605 3328  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:55:53.0652 3328  BrFiltUp - ok
19:55:53.0683 3328  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:55:53.0746 3328  Browser - ok
19:55:53.0777 3328  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:55:53.0839 3328  Brserid - ok
19:55:53.0886 3328  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:55:53.0933 3328  BrSerWdm - ok
19:55:53.0964 3328  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:55:53.0995 3328  BrUsbMdm - ok
19:55:54.0042 3328  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:55:54.0073 3328  BrUsbSer - ok
19:55:54.0136 3328  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:55:54.0198 3328  BthEnum - ok
19:55:54.0245 3328  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:55:54.0307 3328  BTHMODEM - ok
19:55:54.0338 3328  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:55:54.0401 3328  BthPan - ok
19:55:54.0448 3328  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:55:54.0526 3328  BTHPORT - ok
19:55:54.0572 3328  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:55:54.0635 3328  bthserv - ok
19:55:54.0666 3328  [ D6CEEC2F878149E4DB9FE93FA5D8FE60 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
19:55:54.0697 3328  BTHSSecurityMgr - ok
19:55:54.0713 3328  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:55:54.0760 3328  BTHUSB - ok
19:55:54.0806 3328  [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio        C:\Windows\system32\drivers\btmaud.sys
19:55:54.0869 3328  btmaudio - ok
19:55:54.0916 3328  [ 76A1340ADB32798D18394AA424D584E2 ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
19:55:54.0962 3328  btmaux - ok
19:55:54.0994 3328  [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
19:55:55.0056 3328  btmhsf - ok
19:55:55.0103 3328  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:55:55.0196 3328  cdfs - ok
19:55:55.0243 3328  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
19:55:55.0306 3328  cdrom - ok
19:55:55.0337 3328  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:55:55.0430 3328  CertPropSvc - ok
19:55:55.0477 3328  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:55:55.0524 3328  circlass - ok
19:55:55.0571 3328  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:55:55.0618 3328  CLFS - ok
19:55:55.0680 3328  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:55.0696 3328  clr_optimization_v2.0.50727_32 - ok
19:55:55.0758 3328  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:55:55.0774 3328  clr_optimization_v2.0.50727_64 - ok
19:55:55.0852 3328  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:55:55.0867 3328  clr_optimization_v4.0.30319_32 - ok
19:55:55.0898 3328  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:55:55.0930 3328  clr_optimization_v4.0.30319_64 - ok
19:55:55.0961 3328  [ E13A438F9E51DD034730678E33B73290 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
19:55:55.0992 3328  clwvd - ok
19:55:56.0008 3328  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:55:56.0054 3328  CmBatt - ok
19:55:56.0086 3328  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:55:56.0101 3328  cmdide - ok
19:55:56.0148 3328  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:55:56.0210 3328  CNG - ok
19:55:56.0257 3328  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:55:56.0288 3328  Compbatt - ok
19:55:56.0320 3328  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:55:56.0366 3328  CompositeBus - ok
19:55:56.0382 3328  COMSysApp - ok
19:55:56.0522 3328  [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:55:56.0554 3328  cphs - ok
19:55:56.0585 3328  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:55:56.0616 3328  crcdisk - ok
19:55:56.0678 3328  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:55:56.0741 3328  CryptSvc - ok
19:55:56.0803 3328  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:55:56.0912 3328  DcomLaunch - ok
19:55:56.0959 3328  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:55:57.0053 3328  defragsvc - ok
19:55:57.0084 3328  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:55:57.0178 3328  DfsC - ok
19:55:57.0224 3328  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:55:57.0287 3328  Dhcp - ok
19:55:57.0334 3328  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:55:57.0443 3328  discache - ok
19:55:57.0490 3328  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:55:57.0505 3328  Disk - ok
19:55:57.0536 3328  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:55:57.0614 3328  Dnscache - ok
19:55:57.0646 3328  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:55:57.0755 3328  dot3svc - ok
19:55:57.0770 3328  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:55:57.0848 3328  DPS - ok
19:55:57.0895 3328  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:55:57.0942 3328  drmkaud - ok
19:55:57.0989 3328  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:55:58.0020 3328  DXGKrnl - ok
19:55:58.0082 3328  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:55:58.0176 3328  EapHost - ok
19:55:58.0285 3328  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:55:58.0426 3328  ebdrv - ok
19:55:58.0441 3328  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:55:58.0457 3328  EFS - ok
19:55:58.0519 3328  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:55:58.0597 3328  ehRecvr - ok
19:55:58.0628 3328  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:55:58.0691 3328  ehSched - ok
19:55:58.0753 3328  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:55:58.0800 3328  elxstor - ok
19:55:58.0816 3328  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:55:58.0862 3328  ErrDev - ok
19:55:58.0909 3328  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:55:59.0018 3328  EventSystem - ok
19:55:59.0112 3328  [ 532B8FF8E07F3772B086620377654F95 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:55:59.0174 3328  EvtEng - ok
19:55:59.0190 3328  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:55:59.0268 3328  exfat - ok
19:55:59.0284 3328  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:55:59.0377 3328  fastfat - ok
19:55:59.0424 3328  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:55:59.0502 3328  Fax - ok
19:55:59.0564 3328  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:55:59.0611 3328  fdc - ok
19:55:59.0642 3328  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:55:59.0736 3328  fdPHost - ok
19:55:59.0752 3328  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:55:59.0830 3328  FDResPub - ok
19:55:59.0861 3328  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:55:59.0861 3328  FileInfo - ok
19:55:59.0876 3328  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:55:59.0970 3328  Filetrace - ok
19:56:00.0017 3328  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:56:00.0048 3328  flpydisk - ok
19:56:00.0079 3328  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:56:00.0110 3328  FltMgr - ok
19:56:00.0157 3328  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
19:56:00.0235 3328  FontCache - ok
19:56:00.0298 3328  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:56:00.0313 3328  FontCache3.0.0.0 - ok
19:56:00.0344 3328  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:56:00.0360 3328  FsDepends - ok
19:56:00.0391 3328  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:56:00.0407 3328  Fs_Rec - ok
19:56:00.0438 3328  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:56:00.0485 3328  fvevol - ok
19:56:00.0516 3328  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:56:00.0547 3328  gagp30kx - ok
19:56:00.0578 3328  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
19:56:00.0594 3328  ggflt - ok
19:56:00.0610 3328  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
19:56:00.0625 3328  ggsemc - ok
19:56:00.0688 3328  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:56:00.0781 3328  gpsvc - ok
19:56:00.0812 3328  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:56:00.0859 3328  hcw85cir - ok
19:56:00.0906 3328  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:56:00.0968 3328  HdAudAddService - ok
19:56:01.0015 3328  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:56:01.0078 3328  HDAudBus - ok
19:56:01.0109 3328  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:56:01.0156 3328  HidBatt - ok
19:56:01.0187 3328  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:56:01.0249 3328  HidBth - ok
19:56:01.0280 3328  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:56:01.0312 3328  HidIr - ok
19:56:01.0343 3328  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:56:01.0421 3328  hidserv - ok
19:56:01.0483 3328  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:56:01.0514 3328  HidUsb - ok
19:56:01.0546 3328  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:56:01.0639 3328  hkmsvc - ok
19:56:01.0655 3328  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:56:01.0733 3328  HomeGroupListener - ok
19:56:01.0764 3328  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:56:01.0811 3328  HomeGroupProvider - ok
19:56:01.0858 3328  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:56:01.0889 3328  HpSAMD - ok
19:56:01.0936 3328  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:56:02.0029 3328  HTTP - ok
19:56:02.0060 3328  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:56:02.0076 3328  hwpolicy - ok
19:56:02.0123 3328  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:56:02.0154 3328  i8042prt - ok
19:56:02.0185 3328  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\drivers\iaStor.sys
19:56:02.0232 3328  iaStor - ok
19:56:02.0341 3328  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:56:02.0357 3328  IAStorDataMgrSvc - ok
19:56:02.0404 3328  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:56:02.0450 3328  iaStorV - ok
19:56:02.0482 3328  [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
19:56:02.0528 3328  iBtFltCoex - ok
19:56:02.0575 3328  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:56:02.0638 3328  idsvc - ok
19:56:02.0965 3328  [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:56:03.0464 3328  igfx - ok
19:56:03.0496 3328  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:56:03.0511 3328  iirsp - ok
19:56:03.0542 3328  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:56:03.0652 3328  IKEEXT - ok
19:56:03.0745 3328  [ A5F7CEF8A939EBE270462EDEFD629F20 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:56:03.0886 3328  IntcAzAudAddService - ok
19:56:03.0932 3328  [ AE594CC17C33AC146739494615E14851 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:56:03.0995 3328  IntcDAud - ok
19:56:04.0042 3328  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:56:04.0057 3328  intelide - ok
19:56:04.0104 3328  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:56:04.0151 3328  intelppm - ok
19:56:04.0198 3328  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:56:04.0291 3328  IPBusEnum - ok
19:56:04.0322 3328  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:56:04.0385 3328  IpFilterDriver - ok
19:56:04.0432 3328  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:56:04.0494 3328  iphlpsvc - ok
19:56:04.0525 3328  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:56:04.0588 3328  IPMIDRV - ok
19:56:04.0619 3328  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:56:04.0697 3328  IPNAT - ok
19:56:04.0728 3328  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:56:04.0775 3328  IRENUM - ok
19:56:04.0822 3328  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:56:04.0853 3328  isapnp - ok
19:56:04.0868 3328  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:56:04.0915 3328  iScsiPrt - ok
19:56:04.0962 3328  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:56:04.0993 3328  kbdclass - ok
19:56:05.0024 3328  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:56:05.0071 3328  kbdhid - ok
19:56:05.0102 3328  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:56:05.0118 3328  KeyIso - ok
19:56:05.0134 3328  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:56:05.0149 3328  KSecDD - ok
19:56:05.0165 3328  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:56:05.0196 3328  KSecPkg - ok
19:56:05.0227 3328  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:56:05.0321 3328  ksthunk - ok
19:56:05.0352 3328  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:56:05.0446 3328  KtmRm - ok
19:56:05.0492 3328  [ 6DD5383C9413AAE3113FAF89E345663D ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
19:56:05.0508 3328  L1C - ok
19:56:05.0555 3328  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:56:05.0648 3328  LanmanServer - ok
19:56:05.0680 3328  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:56:05.0758 3328  LanmanWorkstation - ok
19:56:05.0804 3328  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:56:05.0882 3328  lltdio - ok
19:56:05.0914 3328  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:56:05.0976 3328  lltdsvc - ok
19:56:05.0992 3328  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:56:06.0070 3328  lmhosts - ok
19:56:06.0148 3328  [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:56:06.0179 3328  LMS - ok
19:56:06.0226 3328  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:56:06.0257 3328  LSI_FC - ok
19:56:06.0272 3328  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:56:06.0288 3328  LSI_SAS - ok
19:56:06.0304 3328  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:56:06.0319 3328  LSI_SAS2 - ok
19:56:06.0350 3328  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:56:06.0366 3328  LSI_SCSI - ok
19:56:06.0397 3328  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:56:06.0475 3328  luafv - ok
19:56:06.0506 3328  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:56:06.0553 3328  Mcx2Svc - ok
19:56:06.0584 3328  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:56:06.0600 3328  megasas - ok
19:56:06.0647 3328  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:56:06.0678 3328  MegaSR - ok
19:56:06.0725 3328  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
19:56:06.0740 3328  MEIx64 - ok
19:56:06.0818 3328  [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
19:56:06.0834 3328  MemeoBackgroundService - ok
19:56:06.0881 3328  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:56:06.0990 3328  MMCSS - ok
19:56:07.0021 3328  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:56:07.0084 3328  Modem - ok
19:56:07.0099 3328  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:56:07.0146 3328  monitor - ok
19:56:07.0177 3328  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:56:07.0208 3328  mouclass - ok
19:56:07.0255 3328  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:56:07.0286 3328  mouhid - ok
19:56:07.0318 3328  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:56:07.0349 3328  mountmgr - ok
19:56:07.0427 3328  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:56:07.0442 3328  MozillaMaintenance - ok
19:56:07.0474 3328  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:56:07.0489 3328  mpio - ok
19:56:07.0505 3328  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:56:07.0583 3328  mpsdrv - ok
19:56:07.0614 3328  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:56:07.0708 3328  MpsSvc - ok
19:56:07.0723 3328  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:56:07.0770 3328  MRxDAV - ok
19:56:07.0801 3328  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:56:07.0864 3328  mrxsmb - ok
19:56:07.0895 3328  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:56:07.0942 3328  mrxsmb10 - ok
19:56:07.0957 3328  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:56:08.0020 3328  mrxsmb20 - ok
19:56:08.0051 3328  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:56:08.0066 3328  msahci - ok
19:56:08.0098 3328  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:56:08.0129 3328  msdsm - ok
19:56:08.0160 3328  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:56:08.0207 3328  MSDTC - ok
19:56:08.0238 3328  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:56:08.0316 3328  Msfs - ok
19:56:08.0347 3328  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:56:08.0378 3328  mshidkmdf - ok
19:56:08.0410 3328  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:56:08.0441 3328  msisadrv - ok
19:56:08.0472 3328  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:56:08.0566 3328  MSiSCSI - ok
19:56:08.0566 3328  msiserver - ok
19:56:08.0597 3328  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:56:08.0690 3328  MSKSSRV - ok
19:56:08.0706 3328  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:56:08.0768 3328  MSPCLOCK - ok
19:56:08.0784 3328  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:56:08.0831 3328  MSPQM - ok
19:56:08.0846 3328  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:56:08.0878 3328  MsRPC - ok
19:56:08.0893 3328  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:56:08.0909 3328  mssmbios - ok
19:56:08.0924 3328  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:56:08.0987 3328  MSTEE - ok
19:56:09.0002 3328  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:56:09.0034 3328  MTConfig - ok
19:56:09.0049 3328  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:56:09.0065 3328  Mup - ok
19:56:09.0096 3328  [ 265937BC59819DF1DAB65E27C60F94C0 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:56:09.0112 3328  MyWiFiDHCPDNS - ok
19:56:09.0158 3328  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:56:09.0221 3328  napagent - ok
19:56:09.0283 3328  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:56:09.0346 3328  NativeWifiP - ok
19:56:09.0392 3328  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:56:09.0439 3328  NDIS - ok
19:56:09.0486 3328  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:56:09.0564 3328  NdisCap - ok
19:56:09.0595 3328  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:56:09.0673 3328  NdisTapi - ok
19:56:09.0704 3328  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:56:09.0782 3328  Ndisuio - ok
19:56:09.0829 3328  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:56:09.0907 3328  NdisWan - ok
19:56:09.0923 3328  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:56:10.0016 3328  NDProxy - ok
19:56:10.0048 3328  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:56:10.0126 3328  NetBIOS - ok
19:56:10.0141 3328  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:56:10.0235 3328  NetBT - ok
19:56:10.0250 3328  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:56:10.0266 3328  Netlogon - ok
19:56:10.0297 3328  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:56:10.0375 3328  Netman - ok
19:56:10.0438 3328  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:56:10.0469 3328  NetMsmqActivator - ok
19:56:10.0469 3328  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:56:10.0484 3328  NetPipeActivator - ok
19:56:10.0531 3328  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:56:10.0625 3328  netprofm - ok
19:56:10.0640 3328  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:56:10.0656 3328  NetTcpActivator - ok
19:56:10.0656 3328  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:56:10.0672 3328  NetTcpPortSharing - ok
19:56:10.0859 3328  [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
19:56:11.0108 3328  NETwNs64 - ok
19:56:11.0171 3328  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:56:11.0186 3328  nfrd960 - ok
19:56:11.0233 3328  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:56:11.0296 3328  NlaSvc - ok
19:56:11.0327 3328  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:56:11.0405 3328  Npfs - ok
19:56:11.0420 3328  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:56:11.0483 3328  nsi - ok
19:56:11.0498 3328  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:56:11.0545 3328  nsiproxy - ok
19:56:11.0608 3328  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:56:11.0670 3328  Ntfs - ok
19:56:11.0686 3328  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:56:11.0779 3328  Null - ok
19:56:11.0826 3328  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
19:56:11.0857 3328  NVENETFD - ok
19:56:12.0138 3328  [ E97E8C80793EF12C994607CA5645799A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:56:12.0512 3328  nvlddmkm - ok
19:56:12.0590 3328  [ 50612BD6943B9CB20008E9E241DC8B7D ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:56:12.0606 3328  nvpciflt - ok
19:56:12.0653 3328  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:56:12.0684 3328  nvraid - ok
19:56:12.0700 3328  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:56:12.0731 3328  nvstor - ok
19:56:12.0809 3328  [ F355C26FDE46EDB911E3E3D749E985AE ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:56:12.0887 3328  nvsvc - ok
19:56:12.0980 3328  [ 03AA7307C0D92D38D7AF90E181736B8D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:56:13.0074 3328  nvUpdatusService - ok
19:56:13.0105 3328  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:56:13.0121 3328  nv_agp - ok
19:56:13.0152 3328  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:56:13.0199 3328  ohci1394 - ok
19:56:13.0277 3328  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:56:13.0292 3328  ose - ok
19:56:13.0480 3328  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:56:13.0667 3328  osppsvc - ok
19:56:13.0698 3328  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:56:13.0760 3328  p2pimsvc - ok
19:56:13.0792 3328  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:56:13.0838 3328  p2psvc - ok
19:56:13.0854 3328  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:56:13.0901 3328  Parport - ok
19:56:13.0932 3328  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:56:13.0963 3328  partmgr - ok
19:56:13.0994 3328  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:56:14.0041 3328  PcaSvc - ok
19:56:14.0088 3328  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:56:14.0119 3328  pci - ok
19:56:14.0135 3328  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:56:14.0150 3328  pciide - ok
19:56:14.0166 3328  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:56:14.0197 3328  pcmcia - ok
19:56:14.0213 3328  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:56:14.0244 3328  pcw - ok
19:56:14.0260 3328  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:56:14.0322 3328  PEAUTH - ok
19:56:14.0400 3328  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:56:14.0447 3328  PerfHost - ok
19:56:14.0525 3328  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:56:14.0618 3328  pla - ok
19:56:14.0665 3328  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:56:14.0728 3328  PlugPlay - ok
19:56:14.0759 3328  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:56:14.0806 3328  PNRPAutoReg - ok
19:56:14.0837 3328  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:56:14.0868 3328  PNRPsvc - ok
19:56:14.0884 3328  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:56:14.0962 3328  PolicyAgent - ok
19:56:14.0993 3328  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:56:15.0024 3328  Power - ok
19:56:15.0071 3328  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:56:15.0164 3328  PptpMiniport - ok
19:56:15.0196 3328  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:56:15.0227 3328  Processor - ok
19:56:15.0258 3328  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:56:15.0336 3328  ProfSvc - ok
19:56:15.0336 3328  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:56:15.0367 3328  ProtectedStorage - ok
19:56:15.0414 3328  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:56:15.0492 3328  Psched - ok
19:56:15.0539 3328  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
19:56:15.0570 3328  PSI_SVC_2 - ok
19:56:15.0617 3328  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:56:15.0695 3328  ql2300 - ok
19:56:15.0710 3328  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:56:15.0742 3328  ql40xx - ok
19:56:15.0757 3328  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:56:15.0820 3328  QWAVE - ok
19:56:15.0835 3328  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:56:15.0898 3328  QWAVEdrv - ok
19:56:15.0913 3328  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:56:16.0007 3328  RasAcd - ok
19:56:16.0038 3328  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:56:16.0132 3328  RasAgileVpn - ok
19:56:16.0163 3328  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:56:16.0225 3328  RasAuto - ok
19:56:16.0272 3328  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:56:16.0350 3328  Rasl2tp - ok
19:56:16.0366 3328  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:56:16.0428 3328  RasMan - ok
19:56:16.0444 3328  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:56:16.0537 3328  RasPppoe - ok
19:56:16.0553 3328  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:56:16.0662 3328  RasSstp - ok
19:56:16.0693 3328  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:56:16.0756 3328  rdbss - ok
19:56:16.0771 3328  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:56:16.0802 3328  rdpbus - ok
19:56:16.0834 3328  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:56:16.0927 3328  RDPCDD - ok
19:56:16.0958 3328  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:56:17.0021 3328  RDPENCDD - ok
19:56:17.0036 3328  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:56:17.0114 3328  RDPREFMP - ok
19:56:17.0146 3328  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:56:17.0208 3328  RDPWD - ok
19:56:17.0255 3328  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:56:17.0286 3328  rdyboost - ok
19:56:17.0364 3328  [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:56:17.0395 3328  RegSrvc - ok
19:56:17.0426 3328  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:56:17.0489 3328  RemoteAccess - ok
19:56:17.0520 3328  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:56:17.0567 3328  RemoteRegistry - ok
19:56:17.0598 3328  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:56:17.0614 3328  RFCOMM - ok
19:56:17.0629 3328  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:56:17.0676 3328  RpcEptMapper - ok
19:56:17.0707 3328  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:56:17.0754 3328  RpcLocator - ok
19:56:17.0785 3328  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:56:17.0879 3328  RpcSs - ok
19:56:17.0910 3328  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:56:18.0004 3328  rspndr - ok
19:56:18.0035 3328  [ CE0A1D8A59410E698140821E4E69DA0D ] RSUSBVSTOR      C:\Windows\System32\Drivers\RtsUVStor.sys
19:56:18.0066 3328  RSUSBVSTOR - ok
19:56:18.0113 3328  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:56:18.0160 3328  RTL8167 - ok
19:56:18.0222 3328  [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
19:56:18.0269 3328  RTL8192su - ok
19:56:18.0284 3328  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:56:18.0300 3328  SamSs - ok
19:56:18.0331 3328  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:56:18.0347 3328  sbp2port - ok
19:56:18.0378 3328  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:56:18.0425 3328  SCardSvr - ok
19:56:18.0440 3328  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:56:18.0518 3328  scfilter - ok
19:56:18.0581 3328  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:56:18.0674 3328  Schedule - ok
19:56:18.0706 3328  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:56:18.0737 3328  SCPolicySvc - ok
19:56:18.0768 3328  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:56:18.0815 3328  SDRSVC - ok
19:56:18.0877 3328  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:56:18.0986 3328  secdrv - ok
19:56:19.0018 3328  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:56:19.0096 3328  seclogon - ok
19:56:19.0111 3328  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:56:19.0205 3328  SENS - ok
19:56:19.0252 3328  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:56:19.0298 3328  SensrSvc - ok
19:56:19.0330 3328  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:56:19.0376 3328  Serenum - ok
19:56:19.0423 3328  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:56:19.0454 3328  Serial - ok
19:56:19.0486 3328  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:56:19.0532 3328  sermouse - ok
19:56:19.0564 3328  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:56:19.0642 3328  SessionEnv - ok
19:56:19.0657 3328  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:56:19.0688 3328  sffdisk - ok
19:56:19.0704 3328  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:56:19.0735 3328  sffp_mmc - ok
19:56:19.0751 3328  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:56:19.0798 3328  sffp_sd - ok
19:56:19.0813 3328  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:56:19.0844 3328  sfloppy - ok
19:56:19.0891 3328  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:56:20.0000 3328  SharedAccess - ok
19:56:20.0032 3328  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:56:20.0094 3328  ShellHWDetection - ok
19:56:20.0125 3328  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:56:20.0141 3328  SiSRaid2 - ok
19:56:20.0156 3328  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:56:20.0172 3328  SiSRaid4 - ok
19:56:20.0203 3328  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:56:20.0234 3328  SkypeUpdate - ok
19:56:20.0281 3328  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:56:20.0375 3328  Smb - ok
19:56:20.0406 3328  [ 20827C62FDB8874E6531DB2CEA7E7B33 ] smsbda          C:\Windows\system32\drivers\smsbda.sys
19:56:20.0422 3328  smsbda - ok
19:56:20.0453 3328  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:56:20.0484 3328  SNMPTRAP - ok
19:56:20.0562 3328  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
19:56:20.0593 3328  Sony PC Companion - ok
19:56:20.0624 3328  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:56:20.0640 3328  spldr - ok
19:56:20.0656 3328  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:56:20.0734 3328  Spooler - ok
19:56:20.0843 3328  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:56:21.0030 3328  sppsvc - ok
19:56:21.0046 3328  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:56:21.0124 3328  sppuinotify - ok
19:56:21.0155 3328  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:56:21.0202 3328  srv - ok
19:56:21.0248 3328  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:56:21.0311 3328  srv2 - ok
19:56:21.0326 3328  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:56:21.0373 3328  srvnet - ok
19:56:21.0420 3328  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:56:21.0498 3328  SSDPSRV - ok
19:56:21.0514 3328  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:56:21.0576 3328  SstpSvc - ok
19:56:21.0607 3328  [ B7368B1BF6C20922DFEDF0A35F69EEEF ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:56:21.0654 3328  Stereo Service - ok
19:56:21.0670 3328  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:56:21.0701 3328  stexstor - ok
19:56:21.0732 3328  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
19:56:21.0779 3328  StillCam - ok
19:56:21.0826 3328  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:56:21.0888 3328  stisvc - ok
19:56:21.0919 3328  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:56:21.0935 3328  swenum - ok
19:56:21.0966 3328  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:56:22.0060 3328  swprv - ok
19:56:22.0138 3328  [ B3AD15FA10EBEAFC1275F34050E4E230 ] SynTP           C:\Windows\system32\drivers\SynTP.sys
19:56:22.0216 3328  SynTP - ok
19:56:22.0294 3328  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:56:22.0387 3328  SysMain - ok
19:56:22.0403 3328  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:56:22.0450 3328  TabletInputService - ok
19:56:22.0481 3328  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:56:22.0559 3328  TapiSrv - ok
19:56:22.0574 3328  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:56:22.0637 3328  TBS - ok
19:56:22.0730 3328  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:56:22.0793 3328  Tcpip - ok
19:56:22.0855 3328  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:56:22.0918 3328  TCPIP6 - ok
19:56:22.0949 3328  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:56:22.0996 3328  tcpipreg - ok
19:56:23.0027 3328  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:56:23.0089 3328  TDPIPE - ok
19:56:23.0105 3328  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:56:23.0152 3328  TDTCP - ok
19:56:23.0198 3328  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:56:23.0292 3328  tdx - ok
19:56:23.0292 3328  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:56:23.0323 3328  TermDD - ok
19:56:23.0354 3328  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:56:23.0432 3328  TermService - ok
19:56:23.0448 3328  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:56:23.0495 3328  Themes - ok
19:56:23.0526 3328  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:56:23.0588 3328  THREADORDER - ok
19:56:23.0620 3328  [ DA632FAE7B5629032B2C24E1BE29168B ] tihub3          C:\Windows\system32\drivers\tihub3.sys
19:56:23.0651 3328  tihub3 - ok
19:56:23.0682 3328  [ 6AAD465F69632931B6D8D61B287E6DE9 ] tixhci          C:\Windows\system32\drivers\tixhci.sys
19:56:23.0713 3328  tixhci - ok
19:56:23.0760 3328  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:56:23.0854 3328  TrkWks - ok
19:56:23.0916 3328  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:56:23.0994 3328  TrustedInstaller - ok
19:56:24.0025 3328  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:56:24.0103 3328  tssecsrv - ok
19:56:24.0134 3328  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:56:24.0181 3328  TsUsbFlt - ok
19:56:24.0212 3328  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:56:24.0228 3328  TsUsbGD - ok
19:56:24.0259 3328  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:56:24.0337 3328  tunnel - ok
19:56:24.0368 3328  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:56:24.0384 3328  uagp35 - ok
19:56:24.0400 3328  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:56:24.0478 3328  udfs - ok
19:56:24.0509 3328  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:56:24.0556 3328  UI0Detect - ok
19:56:24.0602 3328  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:56:24.0634 3328  uliagpkx - ok
19:56:24.0665 3328  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:56:24.0712 3328  umbus - ok
19:56:24.0727 3328  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:56:24.0790 3328  UmPass - ok
19:56:24.0899 3328  [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:56:24.0977 3328  UNS - ok
19:56:24.0992 3328  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:56:25.0039 3328  upnphost - ok
19:56:25.0070 3328  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:56:25.0133 3328  usbccgp - ok
19:56:25.0148 3328  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:56:25.0180 3328  usbcir - ok
19:56:25.0226 3328  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:56:25.0273 3328  usbehci - ok
19:56:25.0320 3328  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
19:56:25.0367 3328  usbhub - ok
19:56:25.0382 3328  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:56:25.0398 3328  usbohci - ok
19:56:25.0414 3328  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:56:25.0445 3328  usbprint - ok
19:56:25.0476 3328  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:56:25.0538 3328  USBSTOR - ok
19:56:25.0554 3328  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:56:25.0601 3328  usbuhci - ok
19:56:25.0648 3328  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:56:25.0679 3328  usbvideo - ok
19:56:25.0694 3328  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:56:25.0757 3328  UxSms - ok
19:56:25.0772 3328  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:56:25.0788 3328  VaultSvc - ok
19:56:25.0819 3328  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:56:25.0850 3328  vdrvroot - ok
19:56:25.0882 3328  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:56:25.0975 3328  vds - ok
19:56:26.0006 3328  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:56:26.0038 3328  vga - ok
19:56:26.0069 3328  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:56:26.0131 3328  VgaSave - ok
19:56:26.0162 3328  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:56:26.0178 3328  vhdmp - ok
19:56:26.0194 3328  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:56:26.0225 3328  viaide - ok
19:56:26.0256 3328  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:56:26.0272 3328  volmgr - ok
19:56:26.0318 3328  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:56:26.0350 3328  volmgrx - ok
19:56:26.0381 3328  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:56:26.0396 3328  volsnap - ok
19:56:26.0428 3328  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:56:26.0443 3328  vsmraid - ok
19:56:26.0506 3328  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:56:26.0615 3328  VSS - ok
19:56:26.0630 3328  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:56:26.0693 3328  vwifibus - ok
19:56:26.0708 3328  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:56:26.0771 3328  vwififlt - ok
19:56:26.0802 3328  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:56:26.0864 3328  vwifimp - ok
19:56:26.0896 3328  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:56:26.0958 3328  W32Time - ok
19:56:26.0974 3328  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:56:27.0005 3328  WacomPen - ok
19:56:27.0052 3328  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:56:27.0145 3328  WANARP - ok
19:56:27.0161 3328  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:56:27.0208 3328  Wanarpv6 - ok
19:56:27.0254 3328  [ 63D7250ED2C2E3CD9B11139A608D6C39 ] watchmi         C:\Program Files (x86)\watchmi\TvdService.exe
19:56:27.0286 3328  watchmi ( UnsignedFile.Multi.Generic ) - warning
19:56:27.0286 3328  watchmi - detected UnsignedFile.Multi.Generic (1)
19:56:27.0364 3328  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:56:27.0457 3328  wbengine - ok
19:56:27.0488 3328  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:56:27.0520 3328  WbioSrvc - ok
19:56:27.0551 3328  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:56:27.0598 3328  wcncsvc - ok
19:56:27.0613 3328  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:56:27.0660 3328  WcsPlugInService - ok
19:56:27.0691 3328  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:56:27.0722 3328  Wd - ok
19:56:27.0769 3328  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:56:27.0832 3328  Wdf01000 - ok
19:56:27.0863 3328  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:56:27.0972 3328  WdiServiceHost - ok
19:56:27.0972 3328  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:56:28.0019 3328  WdiSystemHost - ok
19:56:28.0050 3328  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:56:28.0097 3328  WebClient - ok
19:56:28.0112 3328  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:56:28.0175 3328  Wecsvc - ok
19:56:28.0206 3328  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:56:28.0300 3328  wercplsupport - ok
19:56:28.0331 3328  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:56:28.0378 3328  WerSvc - ok
19:56:28.0409 3328  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:56:28.0487 3328  WfpLwf - ok
19:56:28.0502 3328  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:56:28.0518 3328  WIMMount - ok
19:56:28.0549 3328  WinDefend - ok
19:56:28.0565 3328  WinHttpAutoProxySvc - ok
19:56:28.0627 3328  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:56:28.0705 3328  Winmgmt - ok
19:56:28.0783 3328  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:56:28.0924 3328  WinRM - ok
19:56:28.0955 3328  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:56:28.0986 3328  WinUsb - ok
19:56:29.0033 3328  [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc        C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
19:56:29.0048 3328  WisLMSvc - ok
19:56:29.0095 3328  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:56:29.0189 3328  Wlansvc - ok
19:56:29.0236 3328  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:56:29.0267 3328  wlcrasvc - ok
19:56:29.0376 3328  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:56:29.0454 3328  wlidsvc - ok
19:56:29.0485 3328  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:56:29.0516 3328  WmiAcpi - ok
19:56:29.0563 3328  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:56:29.0610 3328  wmiApSrv - ok
19:56:29.0641 3328  WMPNetworkSvc - ok
19:56:29.0672 3328  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:56:29.0704 3328  WPCSvc - ok
19:56:29.0719 3328  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:56:29.0766 3328  WPDBusEnum - ok
19:56:29.0782 3328  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:56:29.0875 3328  ws2ifsl - ok
19:56:29.0922 3328  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:56:29.0969 3328  wscsvc - ok
19:56:29.0969 3328  WSearch - ok
19:56:30.0016 3328  [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
19:56:30.0047 3328  wsvd - ok
19:56:30.0140 3328  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:56:30.0203 3328  wuauserv - ok
19:56:30.0234 3328  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:56:30.0250 3328  WudfPf - ok
19:56:30.0296 3328  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:56:30.0343 3328  WUDFRd - ok
19:56:30.0359 3328  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:56:30.0390 3328  wudfsvc - ok
19:56:30.0421 3328  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:56:30.0484 3328  WwanSvc - ok
19:56:30.0515 3328  ================ Scan global ===============================
19:56:30.0546 3328  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:56:30.0577 3328  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:56:30.0593 3328  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:56:30.0608 3328  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:56:30.0640 3328  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:56:30.0655 3328  [Global] - ok
19:56:30.0655 3328  ================ Scan MBR ==================================
19:56:30.0671 3328  [ 9FE16FF95180A12A49CD2E9879C991E6 ] \Device\Harddisk0\DR0
19:56:33.0229 3328  \Device\Harddisk0\DR0 - ok
19:56:33.0229 3328  ================ Scan VBR ==================================
19:56:33.0229 3328  [ 34D1A5CFEAB5BAAF1F4E4AB826903497 ] \Device\Harddisk0\DR0\Partition1
19:56:33.0229 3328  \Device\Harddisk0\DR0\Partition1 - ok
19:56:33.0260 3328  [ 070416E3E85E981FFF882444597A7552 ] \Device\Harddisk0\DR0\Partition2
19:56:33.0276 3328  \Device\Harddisk0\DR0\Partition2 - ok
19:56:33.0292 3328  [ B6C57D72F34C8CFDB906EC05C0940179 ] \Device\Harddisk0\DR0\Partition3
19:56:33.0292 3328  \Device\Harddisk0\DR0\Partition3 - ok
19:56:33.0292 3328  ============================================================
19:56:33.0292 3328  Scan finished
19:56:33.0292 3328  ============================================================
19:56:33.0307 5176  Detected object count: 4
19:56:33.0307 5176  Actual detected object count: 4
19:56:49.0640 5176  Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:49.0640 5176  Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:56:49.0640 5176  Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:49.0640 5176  Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:56:49.0640 5176  Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:49.0640 5176  Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:56:49.0640 5176  watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
19:56:49.0640 5176  watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 07.01.2013, 18:19   #8
markusg
/// Malware-holic
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.01.2013, 23:39   #9
Sebas.Berlin
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Hallo, danke für den weiteren Support!
Hier die Logfile von Combofix:


Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-06.01 - Sverige 07.01.2013  23:16:31.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4002.2425 [GMT 1:00]
ausgeführt von:: c:\users\Sverige\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-07 bis 2013-01-07  ))))))))))))))))))))))))))))))
.
.
2013-01-07 22:24 . 2013-01-07 22:24	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-01-07 22:24 . 2013-01-07 22:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-06 17:50 . 2013-01-06 18:02	--------	d-----w-	C:\_OTL
2013-01-05 13:28 . 2013-01-06 00:48	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2013-01-05 11:11 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4E0417A-4325-4E2C-BFE4-CD5178B070A7}\mpengine.dll
2012-12-25 23:44 . 2012-12-25 23:44	--------	d-----w-	c:\users\Sverige\AppData\Local\Zattoo
2012-12-25 23:43 . 2012-12-25 23:43	--------	d-----w-	c:\program files (x86)\Zattoo4
2012-12-23 14:04 . 2012-12-23 14:04	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Startmenü
2012-12-23 14:04 . 2012-12-23 14:04	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Lokale Einstellungen
2012-12-23 14:04 . 2012-12-23 14:04	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Anwendungsdaten
2012-12-23 14:04 . 2012-12-23 14:04	--------	d-----w-	c:\users\Sverige\AppData\Local\Programs
2012-12-21 00:28 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 00:28 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 00:28 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 00:28 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-12 22:55 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-25 23:33 . 2012-07-22 17:54	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-25 23:33 . 2011-12-01 21:26	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-14 00:13 . 2012-10-09 22:17	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-14 00:13 . 2012-10-09 22:17	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-13 16:06 . 2011-07-18 20:31	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-27 22:39	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 22:39	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 22:39	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Sverige\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Sverige\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Sverige\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2011-08-06 207400]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2011-08-06 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2011-08-13 447016]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-08-01 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-14 384800]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"TVPro Control"="c:\program files (x86)\TV IR\TV IR.EXE" [2012-04-26 1454592]
"TVPro Task"="c:\program files (x86)\TV IR\shutTask.exe" [2012-04-16 221696]
.
c:\users\Sverige\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sverige\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-12-3 1044320]
EvernoteTray.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteTray.exe [2012-12-3 395104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-11-8 268864]
watchmi tray.lnk - c:\windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2012-6-30 300928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-11-15 995392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-11-15 1355840]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-14 14448]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 smsbda;DVB-T TV Stick;c:\windows\system32\drivers\smsbda.sys [2011-03-06 56960]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-17 28992]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-10-09 27800]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-12-14 400160]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-14 85280]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-12-14 565024]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-11-15 921664]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-17 381248]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-28 2656280]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2012-01-31 70144]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-11-15 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-11-15 84480]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31216]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-22 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-03-15 311400]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-09-08 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-09-08 409408]
S3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe [2011-08-06 118560]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 72598880
*Deregistered* - 72598880
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 23:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Sverige\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Sverige\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Sverige\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Sverige\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-11-15 10358784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/calendar/render?tab=wc
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sverige\AppData\Roaming\Mozilla\Firefox\Profiles\mlvxc3pd.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/calendar/render?gsessionid=OK
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-LMgrOSD - c:\program files (x86)\Launch Manager\OSDCtrl.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:61,dc,eb,a7,6b,a6,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,23,55,87,7b,4a,59,47,91,72,63,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,23,55,87,7b,4a,59,47,91,72,63,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-07  23:27:37
ComboFix-quarantined-files.txt  2013-01-07 22:27
.
Vor Suchlauf: 9 Verzeichnis(se), 575.459.209.216 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 575.306.084.352 Bytes frei
.
- - End Of File - - BED1F6488EC1FC0441C40D300F3F854C
         
--- --- ---

Alt 08.01.2013, 17:10   #10
markusg
/// Malware-holic
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 13:25   #11
Sebas.Berlin
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Super - und weiter geht's.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.08.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sverige :: SVERIGE-PC [Administrator]

09.01.2013 00:40:59
mbam-log-2013-01-09 (00-40-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 504961
Laufzeit: 1 Stunde(n), 9 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 09.01.2013, 13:59   #12
markusg
/// Malware-holic
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Hi

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 17:36   #13
Sebas.Berlin
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Bitteschön:

Code:
ATTFilter
Adobe AIR	Adobe Systems Incorporated	14.03.2012		3.1.0.4880	UNBEKANNT
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	09.01.2013	6,00MB	11.5.502.146	NOTWENDIG
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.01.2013	6,00MB	11.5.502.146	NOTWENDIG
Adobe Reader X (10.1.4) MUI	Adobe Systems Incorporated	19.08.2012	479MB	10.1.4	NOTWENDIG
Apple Application Support	Apple Inc.	09.09.2012	61,0MB	2.1.7	UNNÖTIG
Apple Software Update	Apple Inc.	09.09.2012	2,38MB	2.1.3.127	UNNÖTIG
ArcSoft TotalMedia 3.5	ArcSoft	08.11.2012		3.5.7.377		UNNÖTIG
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	19.03.2012	UNBEKANNT		1.0.0.39
Avira Antivirus Premium	Avira	14.12.2012	147MB	13.0.0.2890	NOTWENDIG
CCleaner	Piriform	19.12.2012		3.26
Control ActiveX de Windows Live Mesh para conexiones remotas	Microsoft Corporation	18.07.2011	5,57MB	15.4.5722.2	UNBEKANNT
Controlo ActiveX do Windows Live Mesh para Ligações Remotas	Microsoft Corporation	18.07.2011	5,57MB	15.4.5722.2	UNBEKANNT
Contrôle ActiveX Windows Live Mesh pour connexions à distance	Microsoft Corporation	18.07.2011	5,57MB	15.4.5722.2	UNBEKANNT
Corel Graphics - Windows Shell Extension	Corel Corporation	30.06.2012	2,93MB	15.2.0.686	NOTWENDIG
CorelDRAW Essentials X5	Corel Corporation	30.06.2012	3,56GB	15.2.0.686	NOTWENDIG
CorelDRAW Essentials X5 - Extra Content	Corel Corporation	30.06.2012		NOTWENDIG	
CyberLink LabelPrint	CyberLink Corp.	20.03.2012	57,4MB	2.5.3624	UNBEKANNT
CyberLink Power2Go	CyberLink Corp.	20.03.2012	233MB	7.0.0.1327	UNBEKANNT
CyberLink PowerDVD Copy	CyberLink Corp.	20.03.2012	30,9MB	1.5.1306	NOTWENDIG
CyberLink PowerRecover	CyberLink Corp.	18.07.2011	246MB	5.5.4125	UNBEKANNT
CyberLink WaveEditor	CyberLink Corp.	20.03.2012	22,7MB	1.0.1.3320	UNBEKANNT
CyberLink YouCam 5	CyberLink Corp.	20.03.2012	326MB	5.0.1223	UNBEKANNT
Dolby Advanced Audio v2	Dolby Laboratories Inc	20.03.2012	12,9MB	7.2.7000.11	NOTWENDIG
Dropbox	Dropbox, Inc.	29.12.2012		1.6.11		NOTWENDIG
ElsterFormular	Landesfinanzdirektion Thüringen	30.09.2012	160MB	13.3.0.9066	NOTWENDIG
Evernote v. 4.6	Evernote Corp.	05.12.2012	131MB	4.6.0.7670	NOTWENDIG
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych	Microsoft Corporation	18.07.2011	5,57MB	15.4.5722.2 UNBEKANNT
FreePDF (Remove only)		26.07.2012		NOTWENDIG
GPL Ghostscript	Artifex Software Inc.	26.07.2012		9.04	NOTWENDIG
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät	Hewlett-Packard Co.	13.07.2012	180MB	22.50.231.0 NOTWENDIG
HP Officejet Pro 8500 A910 Hilfe	Hewlett Packard	13.07.2012	24,2MB	140.0.2.2	NOTWENDIG
HP Update	Hewlett-Packard	13.07.2012	2,97MB	5.002.006.003	NOTWENDIG
I.R.I.S. OCR	HP	13.07.2012	68,9MB	12.3.4.0	NOTWENDIG
Intel(R) Management Engine Components	Intel Corporation	19.03.2012		7.0.0.1144	UNBEKANNT
Intel(R) Processor Graphics	Intel Corporation	19.03.2012		8.15.10.2622	UNBEKANNT
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology	Intel Corporation	19.03.2012	90,1MB	1.3.0.0621	UNBEKANNT
Intel(R) PROSet/Wireless WiFi Software	Intel Corporation	19.03.2012	136MB	14.03.0000	UNBEKANNT
Intel(R) Rapid Storage Technology	Intel Corporation	19.03.2012		11.0.0.1032	UNBEKANNT
IrfanView (remove only)	Irfan Skiljan	19.07.2012	1,50MB	4.32	NOTWENDIG
Java(TM) 7 Update 3	Oracle	14.03.2012	99,2MB	7.0.30	UNBEKANNT
Java(TM) 7 Update 3 (64-bit)	Oracle	14.03.2012	93,6MB	7.0.30	UNBEKANNT
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave	Microsoft Corporation	18.07.2011	5,57MB	15.4.5722.2	UNBEKANNT
Launch Manager	Wistron Corp.	19.03.2012		1.5.1.4	UNBEKANNT
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	09.01.2013	18,4MB	1.70.0.1100
MD86351 driver install	MEDION AG	08.11.2012	264KB	6.3.6.1	UNBEKANNT
Media Go	Sony	14.08.2012	101MB	2.1.392	NOTWENDIG
Media Go Video Playback Engine 1.92.161.06140	Sony	14.08.2012	20,0MB	1.92.161.06140	UNBEKANNT
Medion Home Cinema	CyberLink Corp.	20.03.2012	37,2MB	8.0.3216	NOTWENDIG
Memeo Instant Backup	Memeo Inc.	30.06.2012		4.60.0.7943	UNBEKANNT
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	18.07.2011	38,8MB	4.0.30319	UNBEKANNT
Microsoft .NET Framework 4 Extended	Microsoft Corporation	23.08.2012	51,9MB	4.0.30319	UNBEKANNT
Microsoft Office Professional 2010	Microsoft Corporation	09.07.2012		14.0.6029.1000	NOTWENDIG
Microsoft Silverlight	Microsoft Corporation	09.07.2012	100MB	4.1.10329.0	NOTWENDIG
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	18.07.2011	1,69MB	3.1.0000	UNBEKANNT
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	09.07.2012	300KB	8.0.59193	UNBEKANNT
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	25.01.2012	572KB	8.0.61000	UNBEKANNT
Microsoft Visual C++ 2005 Redistributable - KB2467175	Microsoft Corporation	14.08.2012	2,64MB	8.0.51011	UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	25.01.2012	788KB	9.0.30729.6161	UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	20.03.2012	596KB	9.0.30729	UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	14.08.2012	222KB	9.0.30729.4148	UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	09.07.2012	600KB	9.0.30729.6161	UNBEKANNT
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	18.07.2011	13,7MB	10.0.30319	UNBEKANNT
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	17.07.2012	16,5MB	10.0.40219	UNBEKANNT
Mozilla Firefox 14.0.1 (x86 de)	Mozilla	19.07.2012	36,2MB	14.0.1	NOTWENDIG
Mozilla Maintenance Service	Mozilla	19.07.2012	199KB	14.0.1	NOTWENDIG
NVIDIA 3D Vision Driver 285.64	NVIDIA Corporation	19.03.2012		285.64	NOTWENDIG
NVIDIA Graphics Driver 285.64	NVIDIA Corporation	19.03.2012		285.64	NOTWENDIG
PDFCreator	Frank Heindörfer, Philip Chinery	20.07.2012		1.4.2	UNNÖTIG
PlayReady PC Runtime amd64	Microsoft Corporation	30.06.2012	2,05MB	1.3.0	UNBEKANNT
PlayStation(R)Network Downloader	Sony Computer Entertainment Inc.	14.08.2012	827KB	2.07.00849	UNBEKANNT
PlayStation(R)Store	Sony Computer Entertainment Inc.	14.08.2012	5,63MB	4.9.4.14625	UNBEKANNT
QuickTime	Apple Inc.	09.09.2012	73,2MB	7.72.80.56	NOTWENDIG
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	19.03.2012		6.0.1.6449	UNBEKANNT
Realtek USB 2.0 Reader Driver	Realtek Semiconductor Corp.	19.03.2012		6.1.7600.10010	UNBEKANNT
RedMon - Redirection Port Monitor		26.07.2012		UNBEKANNT
Skype™ 5.10	Skype Technologies S.A.	19.07.2012	19,4MB	5.10.116	UNNÖTIG
Sony Ericsson Update Engine	Sony Ericsson Communications AB	01.12.2012		2.12.14.20	UNBEKANNT
Sony PC Companion 2.10.108	Sony	01.12.2012	19,2MB	2.10.108	NOTWENDIG
Spelling Dictionaries Support For Adobe Reader X	Adobe Systems Incorporated	18.07.2011	65,5MB	10.0.0	UNBEKANNT
Spotify	Spotify AB	28.10.2012		0.8.5.1333.g822e0de8	NOTWENDIG
Synaptics Pointing Device Driver	Synaptics Incorporated	19.03.2012	46,4MB	15.1.12.0	UNBEKANNT
TI USB 3.0 Host Controller Driver	Texas Instruments Inc.	19.03.2012	1,04MB	1.12.16	UNBEKANNT
TV IR	MEDION AG	08.11.2012		2.4	UNNÖTIG
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi	Microsoft Corporation	18.07.2011	5,57MB	15.4.5722.2	UNBEKANNT
watchmi	Axel Springer Digital TV Guide GmbH	30.06.2012	1,76MB	3.0.0	UNNÖTIG
Winamp	Nullsoft, Inc	26.07.2012		5.63 	NOTWENDIG
Winamp Erkennungs-Plug-in	Nullsoft, Inc	26.07.2012	75,0KB	1.0.0.1	NOTWENDIG
Windows Live Essentials	Microsoft Corporation	18.07.2011		15.4.3555.0308	UNBEKANNT
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen	Microsoft Corporation	18.07.2011	5,57MB	15.4.5722.2	UNBEKANNT
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	18.07.2011	5,57MB	15.4.5722.2	UNBEKANNT
Windows Live Mesh ActiveX Control for Remote Connections	Microsoft Corporation	18.07.2011	5,37MB	15.4.5722.2	UNBEKANNT
Windows Live Mesh ActiveX-objekt til fjernforbindelser	Microsoft Corporation	18.07.2011	5,57MB	15.4.5722.2	UNBEKANNT
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz	Microsoft Corporation	18.07.2011	5,57MB	15.4.5722.2
Zattoo4 4.0.5	Zattoo Inc.	26.12.2012		4.0.5	UNNÖTIG
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις	Microsoft Corporation	18.07.2011	5,38MB	15.4.5722.2	UNBEKANNT
         

Alt 09.01.2013, 17:40   #14
markusg
/// Malware-holic
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
ArcSoft
Control
Controlo
Contrôle
Formant
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Kontrolnik
PDFCreator
PlayStation: beide
Skype™
Spelling
TV
Uzak
watchmi
Windows Live : alle von dir nicht genutzten.
Zattoo4

Öffne CCleaner, analysieren, starten, PC neustarten.

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.01.2013, 01:29   #15
Sebas.Berlin
 
GVU Trojaner - Mich hat es auch erwischt! - Standard

GVU Trojaner - Mich hat es auch erwischt!



Danke - und weiter geht's:

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 10/01/2013 um 01:26:48 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Sverige - SVERIGE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sverige\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Sverige\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Datei : C:\Users\Sverige\AppData\Roaming\Mozilla\Firefox\Profiles\mlvxc3pd.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [952 octets] - [10/01/2013 01:26:49]

########## EOF - C:\AdwCleaner[R1].txt - [1011 octets] ##########
         

Antwort

Themen zu GVU Trojaner - Mich hat es auch erwischt!
bereits, beseitigt, board, desktop, erwischt, forum, heute, kaspersky, laptop, lösung, nachricht, neustart, plötzlich, rechner, schließe, troja, trojaner, unsicher, unterstützung, verseucht, verseucht?, weiterhelfen, windows, windows 7, wirklich



Ähnliche Themen: GVU Trojaner - Mich hat es auch erwischt!


  1. BKA Trojaner hat auch mich erwischt .
    Log-Analyse und Auswertung - 25.10.2014 (5)
  2. Interpol Trojaner, jetzt hat es mich auch erwischt
    Log-Analyse und Auswertung - 05.02.2014 (5)
  3. Interpol Trojaner - nun hats mich auch erwischt
    Log-Analyse und Auswertung - 03.10.2013 (3)
  4. GVU Trojaner.. auch mich eiskalt erwischt.
    Log-Analyse und Auswertung - 02.03.2013 (8)
  5. DVU-Trojaner hat auch mich erwischt - ist alles weg ?
    Log-Analyse und Auswertung - 21.01.2013 (19)
  6. Auch mich aht der GVU Trojaner erwischt
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (2)
  7. GVU-Trojaner ... hat mich auch erwischt :(
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (9)
  8. GVU-Trojaner hat mich auch erwischt
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (7)
  9. Verschlüsselungs-Trojaner hat auch mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (5)
  10. Ja hmm.. mich hatts auch erwischt mit dem Wiondows Trojaner :-( ich bekomm den bloss nicht weg.
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (1)
  11. BKA-Trojaner hat auch mich erwischt-OTL-Logfile anbei!
    Log-Analyse und Auswertung - 02.05.2012 (4)
  12. UKash-Trojaner hat mich auch erwischt-.-
    Mülltonne - 17.03.2012 (0)
  13. 50€-Trojaner: auch mich hat es erwischt.
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (52)
  14. 50€ Trojaner - mich hat es dann auch mal erwischt -.-
    Plagegeister aller Art und deren Bekämpfung - 25.01.2012 (10)
  15. Facebook Trojaner JPG.SCR - Auch mich hat´s erwischt :(
    Log-Analyse und Auswertung - 19.10.2011 (9)
  16. Jetzt hats mich auch erwischt...Trojaner und sonstiger Besuch :-(
    Plagegeister aller Art und deren Bekämpfung - 24.03.2008 (5)
  17. Nu hat es mich auch erwischt! trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.09.2005 (6)

Zum Thema GVU Trojaner - Mich hat es auch erwischt! - Liebes Board, meinen Laptop mit Windows 7 hat es heute auch erwischt und plötzlich war der Desktop mit der entsprechenden Nachricht gesperrt. In meiner Ratlosigkeit habe ich nach einem Neustart - GVU Trojaner - Mich hat es auch erwischt!...
Archiv
Du betrachtest: GVU Trojaner - Mich hat es auch erwischt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.