Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Exploit.Drop.GSA

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.01.2013, 19:20   #1
Amy0407
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Hallo und guten Abend, ich bin neu hier und hoffe mit meinem ersten Posting jetzt nicht gleich Fehler zu machen. Kurze Problemerläuterung: Ich habe vor mehreren Tagen das Pech gehabt mir den sogenannten BKA Virus einzufangen. PC wurde gesperrt mit der Aufforderung 100 Euro zu zahlen. Daraufhin bootete ich mit der GData DVD und führte einen Virenscan durch. Der Virus wurde gefunden und auch entfernt. Dachte ich zumindestens. Nach dem Neustart stellte ich fest das der Virus noch im Autostart hängt und konnte ihn dort ebenfalls entfernen. Nochmaliges Scannen verlief ohne weiteren Befund. Jetzt habe ich aber erneut 2 Virenfunde in den letzten beiden Tagen. Erst heute über Malwarebyte den im Titel genannten. Der Fund wurde in Quarantäne verschoben. Ich habe die genannten Scans durchgeführt und als Anlage beigefügt. Den GMER-Scan musste ich leider abbrechen, da er viel zu lange ging. Ich habe den Abbruch gesichert und einen Quickscan zusätzlich. Ich hoffe, das dies hilft. Weiterhin habe ich die Logs der letzten Virenscans beigefügt, welche Viren gefunden haben, sowie den Screen der Quarantäne und Virenfunde. Ich weiss noch immer nicht, ob der Virus per heute nun entfernt ist. Ich denke, dass er noch immer im Hintergrund hängt. Ich bitte euch um Hilfe! Leider habe ich mit Viren und Trojanern nicht so die Erfahrung und stehe hier als Virenazubi. Ich bedanke mich schon im voraus für Eure Hilfe und Unterstützung. Morgen abend schau ich dann mal rein...und hoffe auf gute Nachrichten Liebe Grüße
Miniaturansicht angehängter Grafiken
Exploit.Drop.GSA-737127_203828599741854_242283064_o.jpg   Exploit.Drop.GSA-quarantaene.jpg  
Angehängte Dateien
Dateityp: log gmr.log (56,5 KB, 131x aufgerufen)
Dateityp: log gmrQuickScan.log (56,5 KB, 136x aufgerufen)
Dateityp: log defogger_disable.log (472 Bytes, 135x aufgerufen)
Dateityp: txt OTL.Txt (82,3 KB, 147x aufgerufen)
Dateityp: txt mbam-log-2013-01-06 (15-01-40).txt (2,3 KB, 143x aufgerufen)
Dateityp: txt Log291212.txt (83,9 KB, 161x aufgerufen)
Dateityp: txt Log060113.txt (1,2 KB, 139x aufgerufen)

Alt 07.01.2013, 21:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Hallo und

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 08.01.2013, 04:33   #3
Amy0407
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Guten Morgen, entschuldige bitte, aber das war mein Fehler.
Ich bin es wahrscheinlich gewohnt alles in den Anhang zu geben, um Platz im eigentlich Posting zu sparen bzw. die Übersichtlichkeit zu bewahren. Ich hol das jetzt gleich nach und poste es richtig:

OTL (die OTL.txt vom Wochenende hab ich leider gelöscht. Hab sie nochmal erstellt. Leider kam hier keine Extra.txt mit raus. Daher konnte ich keine beifügen):
Code:
ATTFilter
OTL logfile created on: 08.01.2013 05:04:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chaos\Downloads\Viren
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 76,53% Memory free
15,95 Gb Paging File | 13,55 Gb Available in Paging File | 84,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1346,17 Gb Total Space | 1289,24 Gb Free Space | 95,77% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 21,25 Gb Free Space | 42,50% Space Free | Partition Type: NTFS
 
Computer Name: CHAOS-PC | User Name: Chaos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.06 18:29:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chaos\Downloads\Viren\OTL.exe
PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
PRC - [2012.09.11 04:04:03 | 001,617,432 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.24 11:19:14 | 000,306,216 | ---- | M] (G Data Software) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe
PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.01.27 04:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 03:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.07.14 03:24:08 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.07.14 03:23:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.04.26 16:47:28 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2008.02.19 08:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device)
SRV - [2012.12.12 05:27:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.11 04:04:03 | 001,617,432 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2012.08.30 04:06:18 | 002,011,568 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.04 10:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.05.24 11:19:14 | 000,306,216 | ---- | M] (G Data Software) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService)
SRV - [2012.05.14 04:26:47 | 001,218,552 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.27 03:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.10.07 10:23:08 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2011.09.28 01:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.19 08:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.09 12:36:46 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.12.09 12:36:46 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.10.30 11:50:14 | 000,060,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.10.30 11:48:57 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.10.30 11:48:57 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.10.30 11:48:57 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.08.05 11:46:17 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.07.12 10:49:04 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT)
DRV:64bit: - [2012.07.12 10:48:53 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.17 08:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 08:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 08:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 08:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.08.02 01:47:30 | 000,391,144 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.08.02 01:47:30 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.24 15:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011.06.10 13:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.15 19:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.04.15 19:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.25 14:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 21:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.02.18 18:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.09.10 08:50:16 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {9C31B4E0-C196-4E7D-B735-D3A4DC9080BA}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9C31B4E0-C196-4E7D-B735-D3A4DC9080BA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_deDE483
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_9C355F266C25602F9C5EB5F430276502] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.33 83.169.186.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB084D1-3687-469C-A0FE-6D48E932050D}: DhcpNameServer = 83.169.186.33 83.169.186.97
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{13ef84bd-41e0-11e2-8d63-8c89a5a001e9}\Shell - "" = AutoRun
O33 - MountPoints2\{13ef84bd-41e0-11e2-8d63-8c89a5a001e9}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{a8772375-4ba4-11e2-a718-8c89a5a001e9}\Shell - "" = AutoRun
O33 - MountPoints2\{a8772375-4ba4-11e2-a718-8c89a5a001e9}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.06 18:22:14 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\{33C93089-642B-43E0-8842-BC3D78053B32}
[2013.01.06 18:21:50 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Roaming\Windows Live Writer
[2013.01.06 18:21:50 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\Windows Live Writer
[2013.01.06 16:17:10 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.06 16:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.06 14:59:59 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Roaming\Malwarebytes
[2013.01.06 14:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.06 14:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.06 14:59:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.06 14:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.06 14:59:05 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\Programs
[2012.12.29 05:38:27 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.12.28 21:04:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.12.15 07:33:39 | 000,000,000 | ---D | C] -- C:\Users\Chaos\Podcasts
[2012.12.15 07:33:39 | 000,000,000 | ---D | C] -- C:\Users\Chaos\Documents\Media Go
[2012.12.15 07:31:24 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\Sony
[2012.12.15 07:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2012.12.15 07:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2012.12.15 07:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install
[2012.12.15 07:29:06 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Roaming\Sony
[2012.12.09 12:36:46 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2012.12.09 12:36:46 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2012.12.09 12:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2012.12.09 12:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2012.12.09 12:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012.12.09 12:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.12.09 12:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.12.09 11:59:36 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\{BADA8E17-556E-46A8-930C-8424DD7B818E}
[2012.12.09 11:59:19 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\{13DE547A-B68E-4071-AEF4-47805C10AF03}
[2012.12.09 11:58:41 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\{5FFA9DF3-1D61-41DB-9286-B460C251DF1F}
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.08 04:44:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.08 04:37:23 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 04:37:23 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.08 04:35:21 | 000,939,455 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.01.08 04:35:21 | 000,050,827 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.01.08 04:30:18 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.08 04:30:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.08 04:30:08 | 2129,477,631 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.07 19:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.06 18:28:11 | 000,000,000 | ---- | M] () -- C:\Users\Chaos\defogger_reenable
[2013.01.06 16:17:10 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013.01.06 14:59:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.31 07:44:52 | 000,002,275 | ---- | M] () -- C:\Users\Chaos\Desktop\Free MP4 Video Converter.lnk
[2012.12.29 05:38:27 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2012.12.28 06:37:55 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.21 18:58:12 | 000,309,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.15 07:31:32 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.13 15:45:51 | 000,002,712 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.10 17:51:53 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.12.09 12:43:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2012.12.09 12:43:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.12.09 12:36:46 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2012.12.09 12:36:46 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2012.12.09 12:32:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.09 12:32:30 | 000,654,006 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.09 12:32:30 | 000,615,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.09 12:32:30 | 000,129,878 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.09 12:32:30 | 000,106,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2013.01.06 18:28:11 | 000,000,000 | ---- | C] () -- C:\Users\Chaos\defogger_reenable
[2013.01.06 16:17:10 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2013.01.06 14:59:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.31 07:44:52 | 000,002,275 | ---- | C] () -- C:\Users\Chaos\Desktop\Free MP4 Video Converter.lnk
[2012.12.28 06:37:55 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.15 07:31:32 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2012.12.09 12:43:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2012.12.09 12:43:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.12.09 12:34:06 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.05.13 06:19:54 | 011,563,008 | ---- | C] () -- C:\Users\Chaos\AppData\Roaming\Sandra.mdb
[2012.05.13 05:04:23 | 000,939,455 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.05.12 14:51:28 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2012.05.12 14:51:28 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2012.05.12 14:51:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2012.05.12 14:51:28 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2012.05.12 14:51:28 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2012.05.12 14:51:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2012.05.12 14:51:28 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2012.05.12 14:51:28 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2012.05.12 14:51:28 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2012.05.12 14:51:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2012.05.12 14:51:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2012.05.12 14:51:27 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2012.05.12 14:51:27 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2012.05.12 14:51:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2012.05.12 14:51:27 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2012.05.12 14:51:27 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[2012.05.12 14:51:27 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2012.05.12 14:39:30 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.05.12 14:14:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.14 03:55:06 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.25 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\Amazon
[2012.12.31 07:44:52 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\DVDVideoSoft
[2012.11.18 15:47:09 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.15 07:33:37 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\Sony
[2013.01.06 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
defogger.disable:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:28 on 06/01/2013 (Chaos)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
gmr Quickscan:
Code:
ATTFilter
GMER 2.0.18437 - hxxp://www.gmer.net
Rootkit scan 2013-01-06 20:07:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 ST1500DL rev.CC4A 1397,27GB
Running: q51xvcbb.exe; Driver: C:\Users\Chaos\AppData\Local\Temp\fwdoqpog.sys


---- User code sections - GMER 2.0 ----

.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000077b71401 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000077b71419 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000077b71431 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    0000000077b7144a 2 bytes [B7, 77]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                       0000000077b714dd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                0000000077b714f5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                       0000000077b7150d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000077b71525 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      0000000077b7153d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                           0000000077b71555 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    0000000077b7156d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000077b71585 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                         0000000077b7159d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      0000000077b715b5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    0000000077b715cd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                0000000077b716b2 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                0000000077b716bd 2 bytes [B7, 77]
?        C:\Windows\system32\mssprxy.dll [3804] entry point in ".rdata" section                                                                                                                       0000000074ec71e6
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                      0000000077b71401 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                        0000000077b71419 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                      0000000077b71431 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                      0000000077b7144a 2 bytes [B7, 77]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                         0000000077b714dd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                  0000000077b714f5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                         0000000077b7150d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                  0000000077b71525 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                        0000000077b7153d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                             0000000077b71555 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                      0000000077b7156d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                        0000000077b71585 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                           0000000077b7159d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                        0000000077b715b5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                      0000000077b715cd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                  0000000077b716b2 2 bytes [B7, 77]
.text    C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                  0000000077b716bd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                   0000000077bbf991 7 bytes {MOV EDX, 0x5bb228; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                        0000000077bbfbd5 7 bytes {MOV EDX, 0x5bb268; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                            0000000077bbfc05 7 bytes {MOV EDX, 0x5bb1a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                     0000000077bbfc1d 7 bytes {MOV EDX, 0x5bb128; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                       0000000077bbfc35 7 bytes {MOV EDX, 0x5bb328; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                     0000000077bbfc65 7 bytes {MOV EDX, 0x5bb368; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                      0000000077bbfce5 7 bytes {MOV EDX, 0x5bb2e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                     0000000077bbfcfd 7 bytes {MOV EDX, 0x5bb2a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                               0000000077bbfd49 7 bytes {MOV EDX, 0x5bb068; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                    0000000077bbfe41 7 bytes {MOV EDX, 0x5bb0a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                             0000000077bc0099 7 bytes {MOV EDX, 0x5bb028; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                       0000000077bc10a5 7 bytes {MOV EDX, 0x5bb1e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                             0000000077bc111d 7 bytes {MOV EDX, 0x5bb168; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                0000000077bc1321 7 bytes {MOV EDX, 0x5bb0e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000077b71401 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000077b71419 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000077b71431 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    0000000077b7144a 2 bytes [B7, 77]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                       0000000077b714dd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                0000000077b714f5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                       0000000077b7150d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000077b71525 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      0000000077b7153d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                           0000000077b71555 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    0000000077b7156d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000077b71585 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                         0000000077b7159d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      0000000077b715b5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    0000000077b715cd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                0000000077b716b2 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                0000000077b716bd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                   0000000077bbf991 7 bytes {MOV EDX, 0x661628; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                        0000000077bbfbd5 7 bytes {MOV EDX, 0x661668; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                            0000000077bbfc05 7 bytes {MOV EDX, 0x6615a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                     0000000077bbfc1d 7 bytes {MOV EDX, 0x661528; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                       0000000077bbfc35 7 bytes {MOV EDX, 0x661728; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                     0000000077bbfc65 7 bytes {MOV EDX, 0x661768; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                      0000000077bbfce5 7 bytes {MOV EDX, 0x6616e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                     0000000077bbfcfd 7 bytes {MOV EDX, 0x6616a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                               0000000077bbfd49 7 bytes {MOV EDX, 0x661468; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                    0000000077bbfe41 7 bytes {MOV EDX, 0x6614a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                             0000000077bc0099 7 bytes {MOV EDX, 0x661428; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                       0000000077bc10a5 7 bytes {MOV EDX, 0x6615e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                             0000000077bc111d 7 bytes {MOV EDX, 0x661568; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                0000000077bc1321 7 bytes {MOV EDX, 0x6614e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000077b71401 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000077b71419 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000077b71431 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    0000000077b7144a 2 bytes [B7, 77]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                       0000000077b714dd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                0000000077b714f5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                       0000000077b7150d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000077b71525 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      0000000077b7153d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                           0000000077b71555 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    0000000077b7156d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000077b71585 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                         0000000077b7159d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      0000000077b715b5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    0000000077b715cd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                0000000077b716b2 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                0000000077b716bd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000077b71401 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000077b71419 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000077b71431 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    0000000077b7144a 2 bytes [B7, 77]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                       0000000077b714dd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                0000000077b714f5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                       0000000077b7150d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000077b71525 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      0000000077b7153d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                           0000000077b71555 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    0000000077b7156d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000077b71585 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                         0000000077b7159d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      0000000077b715b5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    0000000077b715cd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                0000000077b716b2 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                0000000077b716bd 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                0000000077b71401 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                  0000000077b71419 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                0000000077b71431 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                0000000077b7144a 2 bytes [B7, 77]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                   0000000077b714dd 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                            0000000077b714f5 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                   0000000077b7150d 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                            0000000077b71525 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                  0000000077b7153d 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                       0000000077b71555 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                0000000077b7156d 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                  0000000077b71585 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                     0000000077b7159d 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                  0000000077b715b5 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                0000000077b715cd 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                            0000000077b716b2 2 bytes [B7, 77]
.text    C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                            0000000077b716bd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                           0000000077b71401 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                             0000000077b71419 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                           0000000077b71431 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                           0000000077b7144a 2 bytes [B7, 77]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                              0000000077b714dd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                       0000000077b714f5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                              0000000077b7150d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                       0000000077b71525 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                             0000000077b7153d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                  0000000077b71555 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                           0000000077b7156d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                             0000000077b71585 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                0000000077b7159d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                             0000000077b715b5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                           0000000077b715cd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                       0000000077b716b2 2 bytes [B7, 77]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                       0000000077b716bd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                                                   0000000077bbf991 7 bytes {MOV EDX, 0x436228; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                                                        0000000077bbfbd5 7 bytes {MOV EDX, 0x436268; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                                                            0000000077bbfc05 7 bytes {MOV EDX, 0x4361a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                                                     0000000077bbfc1d 7 bytes {MOV EDX, 0x436128; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                                                       0000000077bbfc35 7 bytes {MOV EDX, 0x436328; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                                                     0000000077bbfc65 7 bytes {MOV EDX, 0x436368; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                                                      0000000077bbfce5 7 bytes {MOV EDX, 0x4362e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                                                     0000000077bbfcfd 7 bytes {MOV EDX, 0x4362a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                                                               0000000077bbfd49 7 bytes {MOV EDX, 0x436068; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                                                    0000000077bbfe41 7 bytes {MOV EDX, 0x4360a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                                                             0000000077bc0099 7 bytes {MOV EDX, 0x436028; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                                                       0000000077bc10a5 7 bytes {MOV EDX, 0x4361e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                                                             0000000077bc111d 7 bytes {MOV EDX, 0x436168; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                                                                0000000077bc1321 7 bytes {MOV EDX, 0x4360e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000077b71401 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000077b71419 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000077b71431 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    0000000077b7144a 2 bytes [B7, 77]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                       0000000077b714dd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                0000000077b714f5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                       0000000077b7150d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000077b71525 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      0000000077b7153d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                           0000000077b71555 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    0000000077b7156d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000077b71585 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                         0000000077b7159d 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      0000000077b715b5 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    0000000077b715cd 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                0000000077b716b2 2 bytes [B7, 77]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                0000000077b716bd 2 bytes [B7, 77]

---- User IAT/EAT - GMER 2.0 ----

IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId]              [7fef3742750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId]          [7fef3742b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId]  [7fef3747de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId]           [7fef3748130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId]   [7fef3741908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession]            [7fef3741c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload]           [7fef37481d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet]                   [7fef3742878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString]     [7fef3747a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement]             [7fef3746c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord]      [7fef37477bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion]         [7fef3747064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession]          [7fef3746544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession]            [7fef3745e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Threads - GMER 2.0 ----

Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:2124]                                                                                                                      000000001004aa30
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:4696]                                                                                                                      000000001004a8f0
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5128]                                                                                                                      000000001005cfb2
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5136]                                                                                                                      0000000073b6345e
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5140]                                                                                                                      0000000073b6345e
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5144]                                                                                                                      0000000073b6345e
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5148]                                                                                                                      0000000073b6345e
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5152]                                                                                                                      0000000073b6345e
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5156]                                                                                                                      0000000073b6345e
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5160]                                                                                                                      0000000073b6345e
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5184]                                                                                                                      0000000073b6345e
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5360]                                                                                                                      000000001005cfb2
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5196]                                                                                                                      0000000010059710
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5280]                                                                                                                      0000000010059710
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5576]                                                                                                                      0000000010059710
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5584]                                                                                                                      0000000010059710
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:2964]                                                                                                                      0000000010059710
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:196]                                                                                                                       000000001005cfb2
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:3144]                                                                                                                      0000000010059710
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5408]                                                                                                                      0000000010059710
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:6668]                                                                                                                      0000000010059710
Thread   C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:456]                                                                                                                       0000000010059710
Thread   C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1908:3688]                                                                                                                 0000000072b61a8f
Thread   C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2216]                                                                                                     0000000077bf2e25
Thread   C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2224]                                                                                                     0000000072fff704
Thread   C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2228]                                                                                                     0000000072eea356
Thread   C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2232]                                                                                                     0000000072eea356
Thread   C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2236]                                                                                                     0000000072eea356
Thread   C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2244]                                                                                                     0000000076e47587
Thread   C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:8432]                                                                                                     0000000077bf3e45
Thread   C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3788:3876]                                                                                                    000000007271b0dd
Thread   C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3788:136]                                                                                                     0000000072715822
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4632:5108]                                                                                                              000007fefc692a7c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4632:3048]                                                                                                              000000006b7d6c88
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964]                                                                                                  0000000076860000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1908]                                                                                             0000000004520000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [1956]                                                                                             0000000076860000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3788]                                                                                0000000072810000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3912]                                                                                          0000000074ea0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe [4004]                                                                                            00000000752e0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4632]                                                                                          0000000074a20000
Library  ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1576]                                                                                                                             000007fefe4e0000

---- Disk sectors - GMER 2.0 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                        unknown MBR code

---- EOF - GMER 2.0 ----
         

Log GData VirenScan 06.01.13
Code:
ATTFilter
Virenprüfung mit G Data TotalProtection 2013
Version 23.0.5.9 (17.09.2012)
Virensignaturen vom 06.01.2013
Startzeit: 06.01.2013 14:22:45
Engine(s): Engine A (AVA 22.7327), Engine B (AVL 22.1443)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein

Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Analyse vorzeitig abgebrochen: 06.01.2013 14:35:37
    855 Dateien überprüft
    1 infizierte Dateien gefunden
    0 verdächtige Dateien gefunden


Archiv: 7a59efdb-510ba4e8
	Pfad: C:\Users\Chaos\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27
	Status: Datei in Quarantäne. Es ist ein Neustart erforderlich.
	Virus: Exploit.Java.CVE.Z (2x) (Engine A)
Objekt: ewjvaiwebvhtuai124a.class
	In Archiv: C:\Users\Chaos\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a59efdb-510ba4e8
	Status: Virus gefunden
	Virus: Exploit.Java.CVE.Z (Engine A)
Objekt: test.class
	In Archiv: C:\Users\Chaos\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a59efdb-510ba4e8
	Status: Virus gefunden
	Virus: Exploit.Java.CVE.Z (Engine A)

Der Zugriff auf die folgenden Dateien wurde verweigert:
C:\Windows\system32\Drivers\SSPORT.sys
         
Log Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chaos :: CHAOS-PC [limitiert]

06.01.2013 15:01:40
mbam-log-2013-01-06 (15-01-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 727839
Laufzeit: 2 Stunde(n), 8 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Bye und nochmals ein Entschuldigung...
Die Log vom Virenscan 291212 und den Code vom GMR Scan (mit Abbruch) konnte ich hier nicht einfügen. Hier bekam ich die Meldung, dass die Datei zu groß ist. Im Startthread hängen sie im Angang. Vielen Dank für die Antwort und bis heute Abend. Liebe Grüße
__________________

Alt 08.01.2013, 18:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.01.2013, 03:36   #5
Amy0407
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Guten Morgen,
Ich danke dir für deine Antwort.! Weitere Logs hab ich nicht. Die Logs vom OTL hatte ich versehentlich gelöscht. Ich war eigentlich der Ansicht sie gesichert zu haben... das war ein Irrtum.

Aber sonst liegt mir nichts weiter vor, als schon gepostet.
Bye


Alt 09.01.2013, 09:57   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Exploit.Drop.GSA

Alt 09.01.2013, 18:03   #7
Amy0407
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Hallo und einen schönen guten Abend,
ich habe die Anweisungen ausgeführt. Ich bekam die Meldung, dass keine Malware gefunden wurde, daher erfolgte auch kein Neustart. (Der letzte Fund war von Malwarebytes am 06.01.13 und wurde in Quarantäne verschoben. Protokoll hier im Thread) Hier ist der Log von heute:
Code:
ATTFilter
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chaos :: CHAOS-PC [administrator]

09.01.2013 18:47:34
mbar-log-2013-01-09 (18-47-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29282
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Ist schon seltsam, oder? Zumindestens für mich Werd schon ganz wirr !

Ich habe mir die Log vom OTL nochmals angesehen und habe in den ganzen Zeilen folgendes entdeckt:

[2012.12.28 06:37:55 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js

Wenn ich jetzt richtig liege, ist das die Bezeichnung der Datei/Virus. Heisst das, ich sollte von weiteren Internetaktivitäten erstmal die Finger lassen, da der Virus vielleicht noch mehr Schaden anrichtet?

Ich möchte mich auch gleich nochmal für deine Mühe bedanken! Es ist wirklich sehr beeindruckend, was du/ihr aus den Logs so rauslesen könnt. Für viele (auch für mich) ist das meistens nur ein Zahlenchaos. Machs gut. Bis morgen

Geändert von Amy0407 (09.01.2013 um 18:15 Uhr)

Alt 09.01.2013, 22:49   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.01.2013, 04:13   #9
Amy0407
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Guten Morgen,

anbei die Logs der ausgeführten Programme. TDSS hat 2 gefunden

TDSS.txt
Code:
ATTFilter
05:05:21.0304 2688  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
05:05:22.0773 2688  ============================================================
05:05:22.0774 2688  Current date / time: 2013/01/10 05:05:22.0773
05:05:22.0774 2688  SystemInfo:
05:05:22.0774 2688  
05:05:22.0774 2688  OS Version: 6.1.7601 ServicePack: 1.0
05:05:22.0774 2688  Product type: Workstation
05:05:22.0774 2688  ComputerName: CHAOS-PC
05:05:22.0775 2688  UserName: Chaos
05:05:22.0775 2688  Windows directory: C:\Windows
05:05:22.0775 2688  System windows directory: C:\Windows
05:05:22.0775 2688  Running under WOW64
05:05:22.0775 2688  Processor architecture: Intel x64
05:05:22.0775 2688  Number of processors: 8
05:05:22.0775 2688  Page size: 0x1000
05:05:22.0775 2688  Boot type: Normal boot
05:05:22.0775 2688  ============================================================
05:05:23.0207 2688  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
05:05:23.0230 2688  ============================================================
05:05:23.0230 2688  \Device\Harddisk0\DR0:
05:05:23.0230 2688  MBR partitions:
05:05:23.0230 2688  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
05:05:23.0230 2688  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA8454800
05:05:23.0230 2688  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA8487000, BlocksNum 0x6400000
05:05:23.0230 2688  ============================================================
05:05:23.0250 2688  C: <-> \Device\Harddisk0\DR0\Partition2
05:05:23.0305 2688  D: <-> \Device\Harddisk0\DR0\Partition3
05:05:23.0305 2688  ============================================================
05:05:23.0306 2688  Initialize success
05:05:23.0306 2688  ============================================================
05:05:41.0981 2852  ============================================================
05:05:41.0981 2852  Scan started
05:05:41.0981 2852  Mode: Manual; SigCheck; TDLFS; 
05:05:41.0981 2852  ============================================================
05:05:42.0610 2852  ================ Scan system memory ========================
05:05:42.0610 2852  System memory - ok
05:05:42.0610 2852  ================ Scan services =============================
05:05:42.0736 2852  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
05:05:42.0849 2852  1394ohci - ok
05:05:42.0880 2852  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
05:05:42.0900 2852  ACPI - ok
05:05:42.0922 2852  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
05:05:42.0957 2852  AcpiPmi - ok
05:05:43.0023 2852  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
05:05:43.0047 2852  AdobeARMservice - ok
05:05:43.0146 2852  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
05:05:43.0183 2852  AdobeFlashPlayerUpdateSvc - ok
05:05:43.0234 2852  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
05:05:43.0268 2852  adp94xx - ok
05:05:43.0316 2852  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
05:05:43.0349 2852  adpahci - ok
05:05:43.0372 2852  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
05:05:43.0387 2852  adpu320 - ok
05:05:43.0407 2852  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
05:05:43.0482 2852  AeLookupSvc - ok
05:05:43.0521 2852  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
05:05:43.0588 2852  AFD - ok
05:05:43.0610 2852  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
05:05:43.0634 2852  agp440 - ok
05:05:43.0654 2852  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
05:05:43.0678 2852  ALG - ok
05:05:43.0695 2852  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
05:05:43.0708 2852  aliide - ok
05:05:43.0774 2852  AMD FUEL Service - ok
05:05:43.0798 2852  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
05:05:43.0825 2852  amdide - ok
05:05:43.0880 2852  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\drivers\amdiox64.sys
05:05:43.0917 2852  amdiox64 - ok
05:05:43.0934 2852  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
05:05:43.0958 2852  AmdK8 - ok
05:05:43.0984 2852  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
05:05:44.0006 2852  AmdPPM - ok
05:05:44.0024 2852  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
05:05:44.0039 2852  amdsata - ok
05:05:44.0067 2852  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
05:05:44.0083 2852  amdsbs - ok
05:05:44.0102 2852  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
05:05:44.0114 2852  amdxata - ok
05:05:44.0130 2852  [ F9D46B6B322708BD5AFCC8767EBDC901 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
05:05:44.0142 2852  amd_sata - ok
05:05:44.0161 2852  [ 329CC9C7E20DEEBCD4CD10816193EF14 ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
05:05:44.0173 2852  amd_xata - ok
05:05:44.0186 2852  [ F312FAD7DBD49ED21A194AC71B497832 ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
05:05:44.0196 2852  AODDriver4.01 - ok
05:05:44.0230 2852  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
05:05:44.0307 2852  AppID - ok
05:05:44.0353 2852  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
05:05:44.0405 2852  AppIDSvc - ok
05:05:44.0414 2852  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
05:05:44.0451 2852  Appinfo - ok
05:05:44.0471 2852  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
05:05:44.0485 2852  arc - ok
05:05:44.0494 2852  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
05:05:44.0509 2852  arcsas - ok
05:05:44.0523 2852  [ D6D2BB2F4F5868549DDE75F3146BC84E ] asmthub3        C:\Windows\system32\drivers\asmthub3.sys
05:05:44.0565 2852  asmthub3 - ok
05:05:44.0584 2852  [ 1E758172367DC2A3653F16586D62A3F0 ] asmtxhci        C:\Windows\system32\drivers\asmtxhci.sys
05:05:44.0610 2852  asmtxhci - ok
05:05:44.0628 2852  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
05:05:44.0674 2852  AsyncMac - ok
05:05:44.0697 2852  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
05:05:44.0709 2852  atapi - ok
05:05:44.0724 2852  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
05:05:44.0780 2852  AudioEndpointBuilder - ok
05:05:44.0787 2852  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
05:05:44.0826 2852  AudioSrv - ok
05:05:44.0958 2852  [ C48176DA44D0298A7075D3C5CF8C3D8D ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
05:05:45.0003 2852  AVKProxy - ok
05:05:45.0041 2852  [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService      C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
05:05:45.0062 2852  AVKService - ok
05:05:45.0129 2852  [ 22F1444896844B0462359825EF628507 ] AVKWCtl         C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe
05:05:45.0179 2852  AVKWCtl - ok
05:05:45.0243 2852  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
05:05:45.0300 2852  AxInstSV - ok
05:05:45.0321 2852  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
05:05:45.0350 2852  b06bdrv - ok
05:05:45.0386 2852  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
05:05:45.0440 2852  b57nd60a - ok
05:05:45.0465 2852  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
05:05:45.0489 2852  BDESVC - ok
05:05:45.0507 2852  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
05:05:45.0578 2852  Beep - ok
05:05:45.0610 2852  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
05:05:45.0658 2852  BFE - ok
05:05:45.0681 2852  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
05:05:45.0730 2852  BITS - ok
05:05:45.0750 2852  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
05:05:45.0781 2852  blbdrive - ok
05:05:45.0805 2852  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
05:05:45.0855 2852  bowser - ok
05:05:45.0872 2852  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
05:05:45.0899 2852  BrFiltLo - ok
05:05:45.0924 2852  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
05:05:45.0943 2852  BrFiltUp - ok
05:05:45.0965 2852  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
05:05:45.0983 2852  Browser - ok
05:05:46.0005 2852  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
05:05:46.0027 2852  Brserid - ok
05:05:46.0042 2852  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
05:05:46.0067 2852  BrSerWdm - ok
05:05:46.0089 2852  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
05:05:46.0132 2852  BrUsbMdm - ok
05:05:46.0148 2852  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
05:05:46.0164 2852  BrUsbSer - ok
05:05:46.0186 2852  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
05:05:46.0211 2852  BTHMODEM - ok
05:05:46.0240 2852  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
05:05:46.0283 2852  bthserv - ok
05:05:46.0314 2852  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
05:05:46.0384 2852  cdfs - ok
05:05:46.0406 2852  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
05:05:46.0430 2852  cdrom - ok
05:05:46.0439 2852  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
05:05:46.0475 2852  CertPropSvc - ok
05:05:46.0487 2852  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
05:05:46.0512 2852  circlass - ok
05:05:46.0527 2852  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
05:05:46.0547 2852  CLFS - ok
05:05:46.0602 2852  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:05:46.0626 2852  clr_optimization_v2.0.50727_32 - ok
05:05:46.0667 2852  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
05:05:46.0690 2852  clr_optimization_v2.0.50727_64 - ok
05:05:46.0720 2852  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:05:46.0736 2852  clr_optimization_v4.0.30319_32 - ok
05:05:46.0759 2852  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
05:05:46.0774 2852  clr_optimization_v4.0.30319_64 - ok
05:05:46.0792 2852  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
05:05:46.0815 2852  CmBatt - ok
05:05:46.0837 2852  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
05:05:46.0852 2852  cmdide - ok
05:05:46.0876 2852  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
05:05:46.0910 2852  CNG - ok
05:05:46.0925 2852  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
05:05:46.0938 2852  Compbatt - ok
05:05:46.0949 2852  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
05:05:46.0977 2852  CompositeBus - ok
05:05:46.0981 2852  COMSysApp - ok
05:05:46.0996 2852  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
05:05:47.0009 2852  crcdisk - ok
05:05:47.0036 2852  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
05:05:47.0067 2852  CryptSvc - ok
05:05:47.0092 2852  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
05:05:47.0141 2852  DcomLaunch - ok
05:05:47.0167 2852  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
05:05:47.0208 2852  defragsvc - ok
05:05:47.0226 2852  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
05:05:47.0267 2852  DfsC - ok
05:05:47.0283 2852  DgiVecp - ok
05:05:47.0300 2852  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
05:05:47.0322 2852  Dhcp - ok
05:05:47.0330 2852  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
05:05:47.0377 2852  discache - ok
05:05:47.0399 2852  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
05:05:47.0412 2852  Disk - ok
05:05:47.0433 2852  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
05:05:47.0454 2852  Dnscache - ok
05:05:47.0475 2852  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
05:05:47.0525 2852  dot3svc - ok
05:05:47.0534 2852  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
05:05:47.0577 2852  DPS - ok
05:05:47.0598 2852  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
05:05:47.0623 2852  drmkaud - ok
05:05:47.0645 2852  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
05:05:47.0676 2852  DXGKrnl - ok
05:05:47.0707 2852  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
05:05:47.0743 2852  EapHost - ok
05:05:47.0819 2852  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
05:05:47.0918 2852  ebdrv - ok
05:05:47.0932 2852  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
05:05:47.0946 2852  EFS - ok
05:05:47.0986 2852  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
05:05:48.0025 2852  ehRecvr - ok
05:05:48.0034 2852  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
05:05:48.0050 2852  ehSched - ok
05:05:48.0064 2852  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
05:05:48.0086 2852  elxstor - ok
05:05:48.0108 2852  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
05:05:48.0134 2852  ErrDev - ok
05:05:48.0156 2852  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
05:05:48.0205 2852  EventSystem - ok
05:05:48.0222 2852  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
05:05:48.0264 2852  exfat - ok
05:05:48.0285 2852  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
05:05:48.0324 2852  fastfat - ok
05:05:48.0364 2852  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
05:05:48.0409 2852  Fax - ok
05:05:48.0429 2852  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
05:05:48.0477 2852  fdc - ok
05:05:48.0492 2852  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
05:05:48.0536 2852  fdPHost - ok
05:05:48.0549 2852  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
05:05:48.0594 2852  FDResPub - ok
05:05:48.0605 2852  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
05:05:48.0618 2852  FileInfo - ok
05:05:48.0632 2852  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
05:05:48.0699 2852  Filetrace - ok
05:05:48.0725 2852  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
05:05:48.0762 2852  flpydisk - ok
05:05:48.0787 2852  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
05:05:48.0819 2852  FltMgr - ok
05:05:48.0857 2852  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
05:05:48.0895 2852  FontCache - ok
05:05:48.0919 2852  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
05:05:48.0930 2852  FontCache3.0.0.0 - ok
05:05:48.0938 2852  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
05:05:48.0951 2852  FsDepends - ok
05:05:48.0970 2852  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
05:05:48.0983 2852  Fs_Rec - ok
05:05:49.0000 2852  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
05:05:49.0018 2852  fvevol - ok
05:05:49.0037 2852  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
05:05:49.0050 2852  gagp30kx - ok
05:05:49.0120 2852  [ C85543022E99762B5DF58109152E48D5 ] GDBackupSvc     C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
05:05:49.0183 2852  GDBackupSvc - ok
05:05:49.0224 2852  [ D201C1F6B0F5E4F202CBCB75D6352E63 ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
05:05:49.0252 2852  GDBehave - ok
05:05:49.0309 2852  [ 2922B4D0AA4095797E66D87F08CA4D72 ] GDFwSvc         C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe
05:05:49.0361 2852  GDFwSvc - ok
05:05:49.0380 2852  [ E1558301938B6CF92F7677224D3FB6F7 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
05:05:49.0394 2852  GDMnIcpt - ok
05:05:49.0409 2852  [ 5F1E5EAE8F08B6E2FABE8345E0BDFE48 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
05:05:49.0421 2852  GDPkIcpt - ok
05:05:49.0473 2852  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
05:05:49.0503 2852  GDScan - ok
05:05:49.0536 2852  [ 0567B5641DF3C52FB4E6B623726669ED ] GDTunerSvc      C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe
05:05:49.0565 2852  GDTunerSvc - ok
05:05:49.0578 2852  [ 4ECBCAD43B7FED6F135BF108BB71434D ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd64.sys
05:05:49.0591 2852  gdwfpcd - ok
05:05:49.0616 2852  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
05:05:49.0627 2852  ggflt - ok
05:05:49.0654 2852  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
05:05:49.0666 2852  ggsemc - ok
05:05:49.0679 2852  GLogin - ok
05:05:49.0704 2852  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
05:05:49.0752 2852  gpsvc - ok
05:05:49.0782 2852  [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD             C:\Windows\system32\drivers\GRD.sys
05:05:49.0795 2852  GRD - ok
05:05:49.0838 2852  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
05:05:49.0851 2852  gupdate - ok
05:05:49.0874 2852  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
05:05:49.0886 2852  gupdatem - ok
05:05:49.0915 2852  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
05:05:49.0945 2852  gusvc - ok
05:05:49.0956 2852  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
05:05:49.0969 2852  hcw85cir - ok
05:05:49.0989 2852  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
05:05:50.0016 2852  HdAudAddService - ok
05:05:50.0043 2852  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
05:05:50.0066 2852  HDAudBus - ok
05:05:50.0089 2852  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
05:05:50.0116 2852  HidBatt - ok
05:05:50.0144 2852  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
05:05:50.0192 2852  HidBth - ok
05:05:50.0203 2852  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
05:05:50.0225 2852  HidIr - ok
05:05:50.0243 2852  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
05:05:50.0321 2852  hidserv - ok
05:05:50.0344 2852  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
05:05:50.0357 2852  HidUsb - ok
05:05:50.0373 2852  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
05:05:50.0416 2852  hkmsvc - ok
05:05:50.0437 2852  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
05:05:50.0461 2852  HomeGroupListener - ok
05:05:50.0488 2852  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
05:05:50.0503 2852  HomeGroupProvider - ok
05:05:50.0529 2852  [ 3CD18F0B3681FB267E67763CC3152D4E ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
05:05:50.0542 2852  HookCentre - ok
05:05:50.0561 2852  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
05:05:50.0575 2852  HpSAMD - ok
05:05:50.0606 2852  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
05:05:50.0677 2852  HTTP - ok
05:05:50.0691 2852  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
05:05:50.0703 2852  hwpolicy - ok
05:05:50.0728 2852  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
05:05:50.0743 2852  i8042prt - ok
05:05:50.0759 2852  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
05:05:50.0779 2852  iaStorV - ok
05:05:50.0813 2852  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
05:05:50.0856 2852  idsvc - ok
05:05:50.0968 2852  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
05:05:51.0141 2852  igfx - ok
05:05:51.0154 2852  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
05:05:51.0167 2852  iirsp - ok
05:05:51.0194 2852  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
05:05:51.0246 2852  IKEEXT - ok
05:05:51.0335 2852  [ CB7DADEF3D83FE2C12655A0BDCBA99F2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
05:05:51.0420 2852  IntcAzAudAddService - ok
05:05:51.0443 2852  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
05:05:51.0457 2852  intelide - ok
05:05:51.0471 2852  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
05:05:51.0493 2852  intelppm - ok
05:05:51.0504 2852  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
05:05:51.0551 2852  IPBusEnum - ok
05:05:51.0567 2852  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:05:51.0607 2852  IpFilterDriver - ok
05:05:51.0636 2852  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
05:05:51.0667 2852  iphlpsvc - ok
05:05:51.0684 2852  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
05:05:51.0704 2852  IPMIDRV - ok
05:05:51.0708 2852  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
05:05:51.0743 2852  IPNAT - ok
05:05:51.0761 2852  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
05:05:51.0784 2852  IRENUM - ok
05:05:51.0805 2852  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
05:05:51.0819 2852  isapnp - ok
05:05:51.0836 2852  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
05:05:51.0853 2852  iScsiPrt - ok
05:05:51.0874 2852  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
05:05:51.0886 2852  kbdclass - ok
05:05:51.0904 2852  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
05:05:51.0930 2852  kbdhid - ok
05:05:51.0942 2852  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
05:05:51.0955 2852  KeyIso - ok
05:05:51.0977 2852  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
05:05:51.0991 2852  KSecDD - ok
05:05:52.0004 2852  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
05:05:52.0020 2852  KSecPkg - ok
05:05:52.0035 2852  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
05:05:52.0069 2852  ksthunk - ok
05:05:52.0103 2852  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
05:05:52.0181 2852  KtmRm - ok
05:05:52.0223 2852  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
05:05:52.0285 2852  LanmanServer - ok
05:05:52.0310 2852  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
05:05:52.0350 2852  LanmanWorkstation - ok
05:05:52.0370 2852  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
05:05:52.0404 2852  lltdio - ok
05:05:52.0417 2852  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
05:05:52.0460 2852  lltdsvc - ok
05:05:52.0483 2852  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
05:05:52.0545 2852  lmhosts - ok
05:05:52.0572 2852  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
05:05:52.0587 2852  LSI_FC - ok
05:05:52.0607 2852  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
05:05:52.0621 2852  LSI_SAS - ok
05:05:52.0637 2852  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
05:05:52.0651 2852  LSI_SAS2 - ok
05:05:52.0661 2852  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
05:05:52.0676 2852  LSI_SCSI - ok
05:05:52.0689 2852  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
05:05:52.0731 2852  luafv - ok
05:05:52.0741 2852  lxbk_device - ok
05:05:52.0757 2852  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
05:05:52.0785 2852  Mcx2Svc - ok
05:05:52.0799 2852  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
05:05:52.0812 2852  megasas - ok
05:05:52.0822 2852  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
05:05:52.0840 2852  MegaSR - ok
05:05:52.0873 2852  [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
05:05:52.0884 2852  MemeoBackgroundService - ok
05:05:52.0893 2852  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
05:05:52.0947 2852  MMCSS - ok
05:05:52.0961 2852  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
05:05:53.0001 2852  Modem - ok
05:05:53.0014 2852  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
05:05:53.0037 2852  monitor - ok
05:05:53.0045 2852  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
05:05:53.0058 2852  mouclass - ok
05:05:53.0085 2852  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
05:05:53.0120 2852  mouhid - ok
05:05:53.0142 2852  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
05:05:53.0168 2852  mountmgr - ok
05:05:53.0186 2852  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
05:05:53.0211 2852  mpio - ok
05:05:53.0224 2852  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
05:05:53.0271 2852  mpsdrv - ok
05:05:53.0290 2852  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
05:05:53.0339 2852  MpsSvc - ok
05:05:53.0356 2852  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
05:05:53.0392 2852  MRxDAV - ok
05:05:53.0412 2852  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
05:05:53.0453 2852  mrxsmb - ok
05:05:53.0469 2852  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:05:53.0497 2852  mrxsmb10 - ok
05:05:53.0511 2852  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:05:53.0532 2852  mrxsmb20 - ok
05:05:53.0555 2852  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
05:05:53.0568 2852  msahci - ok
05:05:53.0581 2852  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
05:05:53.0596 2852  msdsm - ok
05:05:53.0607 2852  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
05:05:53.0634 2852  MSDTC - ok
05:05:53.0646 2852  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
05:05:53.0688 2852  Msfs - ok
05:05:53.0712 2852  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
05:05:53.0772 2852  mshidkmdf - ok
05:05:53.0800 2852  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
05:05:53.0814 2852  msisadrv - ok
05:05:53.0832 2852  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
05:05:53.0879 2852  MSiSCSI - ok
05:05:53.0883 2852  msiserver - ok
05:05:53.0905 2852  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
05:05:53.0949 2852  MSKSSRV - ok
05:05:53.0966 2852  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
05:05:54.0009 2852  MSPCLOCK - ok
05:05:54.0022 2852  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
05:05:54.0055 2852  MSPQM - ok
05:05:54.0073 2852  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
05:05:54.0092 2852  MsRPC - ok
05:05:54.0118 2852  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
05:05:54.0130 2852  mssmbios - ok
05:05:54.0140 2852  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
05:05:54.0182 2852  MSTEE - ok
05:05:54.0203 2852  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
05:05:54.0238 2852  MTConfig - ok
05:05:54.0255 2852  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
05:05:54.0269 2852  Mup - ok
05:05:54.0287 2852  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
05:05:54.0326 2852  napagent - ok
05:05:54.0352 2852  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
05:05:54.0387 2852  NativeWifiP - ok
05:05:54.0435 2852  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
05:05:54.0485 2852  NDIS - ok
05:05:54.0496 2852  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
05:05:54.0541 2852  NdisCap - ok
05:05:54.0556 2852  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
05:05:54.0601 2852  NdisTapi - ok
05:05:54.0614 2852  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
05:05:54.0663 2852  Ndisuio - ok
05:05:54.0675 2852  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
05:05:54.0717 2852  NdisWan - ok
05:05:54.0726 2852  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
05:05:54.0770 2852  NDProxy - ok
05:05:54.0778 2852  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
05:05:54.0851 2852  NetBIOS - ok
05:05:54.0866 2852  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
05:05:54.0915 2852  NetBT - ok
05:05:54.0932 2852  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
05:05:54.0945 2852  Netlogon - ok
05:05:54.0980 2852  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
05:05:55.0027 2852  Netman - ok
05:05:55.0043 2852  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
05:05:55.0085 2852  netprofm - ok
05:05:55.0094 2852  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:05:55.0107 2852  NetTcpPortSharing - ok
05:05:55.0130 2852  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
05:05:55.0144 2852  nfrd960 - ok
05:05:55.0174 2852  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
05:05:55.0202 2852  NlaSvc - ok
05:05:55.0226 2852  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
05:05:55.0252 2852  nmwcd - ok
05:05:55.0277 2852  [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
05:05:55.0303 2852  nmwcdc - ok
05:05:55.0318 2852  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
05:05:55.0352 2852  Npfs - ok
05:05:55.0364 2852  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
05:05:55.0408 2852  nsi - ok
05:05:55.0423 2852  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
05:05:55.0458 2852  nsiproxy - ok
05:05:55.0511 2852  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
05:05:55.0576 2852  Ntfs - ok
05:05:55.0592 2852  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
05:05:55.0629 2852  Null - ok
05:05:55.0667 2852  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
05:05:55.0698 2852  NVENETFD - ok
05:05:55.0734 2852  [ 10204955027011E08A9DC27737A48A54 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
05:05:55.0765 2852  NVHDA - ok
05:05:55.0957 2852  [ CC1EFEA1F0AB17E59BD4B5BAFF3E5CB0 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
05:05:56.0285 2852  nvlddmkm - ok
05:05:56.0324 2852  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
05:05:56.0340 2852  nvraid - ok
05:05:56.0349 2852  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
05:05:56.0364 2852  nvstor - ok
05:05:56.0412 2852  [ 39F933CA2798156B0B7A19D104B73B9A ] nvsvc           C:\Windows\system32\nvvsvc.exe
05:05:56.0447 2852  nvsvc - ok
05:05:56.0514 2852  [ 4E5C5D88EB0A8D21824D5A3EB7327E69 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
05:05:56.0559 2852  nvUpdatusService - ok
05:05:56.0578 2852  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
05:05:56.0592 2852  nv_agp - ok
05:05:56.0598 2852  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
05:05:56.0614 2852  ohci1394 - ok
05:05:56.0639 2852  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
05:05:56.0670 2852  p2pimsvc - ok
05:05:56.0688 2852  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
05:05:56.0718 2852  p2psvc - ok
05:05:56.0730 2852  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
05:05:56.0753 2852  Parport - ok
05:05:56.0777 2852  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
05:05:56.0791 2852  partmgr - ok
05:05:56.0806 2852  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
05:05:56.0867 2852  PcaSvc - ok
05:05:56.0893 2852  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
05:05:56.0909 2852  pci - ok
05:05:56.0925 2852  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
05:05:56.0938 2852  pciide - ok
05:05:56.0960 2852  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
05:05:56.0976 2852  pcmcia - ok
05:05:56.0999 2852  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
05:05:57.0012 2852  pcw - ok
05:05:57.0029 2852  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
05:05:57.0073 2852  PEAUTH - ok
05:05:57.0132 2852  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
05:05:57.0172 2852  PerfHost - ok
05:05:57.0209 2852  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
05:05:57.0276 2852  pla - ok
05:05:57.0315 2852  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
05:05:57.0350 2852  PlugPlay - ok
05:05:57.0359 2852  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
05:05:57.0384 2852  PNRPAutoReg - ok
05:05:57.0397 2852  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
05:05:57.0414 2852  PNRPsvc - ok
05:05:57.0442 2852  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
05:05:57.0491 2852  PolicyAgent - ok
05:05:57.0510 2852  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
05:05:57.0546 2852  Power - ok
05:05:57.0566 2852  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
05:05:57.0603 2852  PptpMiniport - ok
05:05:57.0625 2852  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
05:05:57.0650 2852  Processor - ok
05:05:57.0670 2852  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
05:05:57.0694 2852  ProfSvc - ok
05:05:57.0709 2852  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
05:05:57.0722 2852  ProtectedStorage - ok
05:05:57.0745 2852  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
05:05:57.0786 2852  Psched - ok
05:05:57.0832 2852  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
05:05:57.0879 2852  ql2300 - ok
05:05:57.0884 2852  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
05:05:57.0898 2852  ql40xx - ok
05:05:57.0917 2852  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
05:05:57.0938 2852  QWAVE - ok
05:05:57.0949 2852  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
05:05:57.0973 2852  QWAVEdrv - ok
05:05:57.0990 2852  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
05:05:58.0030 2852  RasAcd - ok
05:05:58.0055 2852  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
05:05:58.0095 2852  RasAgileVpn - ok
05:05:58.0110 2852  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
05:05:58.0154 2852  RasAuto - ok
05:05:58.0165 2852  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
05:05:58.0211 2852  Rasl2tp - ok
05:05:58.0227 2852  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
05:05:58.0280 2852  RasMan - ok
05:05:58.0296 2852  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
05:05:58.0331 2852  RasPppoe - ok
05:05:58.0342 2852  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
05:05:58.0418 2852  RasSstp - ok
05:05:58.0437 2852  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
05:05:58.0485 2852  rdbss - ok
05:05:58.0507 2852  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
05:05:58.0533 2852  rdpbus - ok
05:05:58.0546 2852  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
05:05:58.0583 2852  RDPCDD - ok
05:05:58.0610 2852  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
05:05:58.0653 2852  RDPENCDD - ok
05:05:58.0664 2852  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
05:05:58.0703 2852  RDPREFMP - ok
05:05:58.0729 2852  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
05:05:58.0751 2852  RDPWD - ok
05:05:58.0772 2852  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
05:05:58.0789 2852  rdyboost - ok
05:05:58.0827 2852  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
05:05:58.0890 2852  RemoteAccess - ok
05:05:58.0907 2852  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
05:05:58.0954 2852  RemoteRegistry - ok
05:05:58.0959 2852  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
05:05:59.0003 2852  RpcEptMapper - ok
05:05:59.0011 2852  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
05:05:59.0031 2852  RpcLocator - ok
05:05:59.0050 2852  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
05:05:59.0087 2852  RpcSs - ok
05:05:59.0097 2852  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
05:05:59.0133 2852  rspndr - ok
05:05:59.0169 2852  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
05:05:59.0190 2852  RTL8167 - ok
05:05:59.0222 2852  [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
05:05:59.0245 2852  RTL8192su - ok
05:05:59.0254 2852  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
05:05:59.0267 2852  SamSs - ok
05:05:59.0347 2852  [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\WNt500x64\Sandra.sys
05:05:59.0370 2852  SANDRA - ok
05:05:59.0385 2852  [ 00DE27C8349D0D049636DD8BD02E3BC4 ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\RpcAgentSrv.exe
05:05:59.0403 2852  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
05:05:59.0403 2852  SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
05:05:59.0415 2852  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
05:05:59.0440 2852  sbp2port - ok
05:05:59.0459 2852  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
05:05:59.0497 2852  SCardSvr - ok
05:05:59.0511 2852  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
05:05:59.0551 2852  scfilter - ok
05:05:59.0570 2852  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
05:05:59.0622 2852  Schedule - ok
05:05:59.0640 2852  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
05:05:59.0672 2852  SCPolicySvc - ok
05:05:59.0684 2852  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
05:05:59.0712 2852  SDRSVC - ok
05:05:59.0729 2852  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
05:05:59.0770 2852  secdrv - ok
05:05:59.0778 2852  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
05:05:59.0813 2852  seclogon - ok
05:05:59.0824 2852  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
05:05:59.0860 2852  SENS - ok
05:05:59.0880 2852  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
05:05:59.0906 2852  SensrSvc - ok
05:05:59.0934 2852  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
05:05:59.0970 2852  Serenum - ok
05:05:59.0982 2852  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
05:06:00.0006 2852  Serial - ok
05:06:00.0022 2852  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
05:06:00.0047 2852  sermouse - ok
05:06:00.0060 2852  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
05:06:00.0098 2852  SessionEnv - ok
05:06:00.0122 2852  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
05:06:00.0164 2852  sffdisk - ok
05:06:00.0175 2852  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
05:06:00.0190 2852  sffp_mmc - ok
05:06:00.0209 2852  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
05:06:00.0227 2852  sffp_sd - ok
05:06:00.0241 2852  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
05:06:00.0260 2852  sfloppy - ok
05:06:00.0279 2852  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
05:06:00.0319 2852  SharedAccess - ok
05:06:00.0341 2852  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
05:06:00.0385 2852  ShellHWDetection - ok
05:06:00.0394 2852  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
05:06:00.0407 2852  SiSRaid2 - ok
05:06:00.0419 2852  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
05:06:00.0432 2852  SiSRaid4 - ok
05:06:00.0462 2852  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
05:06:00.0498 2852  Smb - ok
05:06:00.0512 2852  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
05:06:00.0542 2852  SNMPTRAP - ok
05:06:00.0627 2852  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
05:06:00.0654 2852  Sony PC Companion - ok
05:06:00.0673 2852  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
05:06:00.0686 2852  spldr - ok
05:06:00.0718 2852  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
05:06:00.0753 2852  Spooler - ok
05:06:00.0807 2852  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
05:06:00.0880 2852  sppsvc - ok
05:06:00.0896 2852  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
05:06:00.0939 2852  sppuinotify - ok
05:06:00.0966 2852  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
05:06:00.0995 2852  srv - ok
05:06:01.0009 2852  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
05:06:01.0033 2852  srv2 - ok
05:06:01.0042 2852  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
05:06:01.0067 2852  srvnet - ok
05:06:01.0091 2852  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
05:06:01.0138 2852  SSDPSRV - ok
05:06:01.0141 2852  SSPORT - ok
05:06:01.0150 2852  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
05:06:01.0193 2852  SstpSvc - ok
05:06:01.0221 2852  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
05:06:01.0248 2852  stexstor - ok
05:06:01.0301 2852  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
05:06:01.0365 2852  stisvc - ok
05:06:01.0392 2852  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
05:06:01.0405 2852  swenum - ok
05:06:01.0431 2852  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
05:06:01.0478 2852  swprv - ok
05:06:01.0511 2852  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
05:06:01.0556 2852  SysMain - ok
05:06:01.0572 2852  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
05:06:01.0605 2852  TabletInputService - ok
05:06:01.0631 2852  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
05:06:01.0675 2852  TapiSrv - ok
05:06:01.0689 2852  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
05:06:01.0725 2852  TBS - ok
05:06:01.0786 2852  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
05:06:01.0844 2852  Tcpip - ok
05:06:01.0876 2852  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
05:06:01.0918 2852  TCPIP6 - ok
05:06:01.0932 2852  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
05:06:01.0951 2852  tcpipreg - ok
05:06:01.0974 2852  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
05:06:01.0996 2852  TDPIPE - ok
05:06:02.0029 2852  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
05:06:02.0056 2852  TDTCP - ok
05:06:02.0072 2852  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
05:06:02.0115 2852  tdx - ok
05:06:02.0137 2852  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
05:06:02.0151 2852  TermDD - ok
05:06:02.0176 2852  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
05:06:02.0220 2852  TermService - ok
05:06:02.0234 2852  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
05:06:02.0253 2852  Themes - ok
05:06:02.0265 2852  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
05:06:02.0299 2852  THREADORDER - ok
05:06:02.0310 2852  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
05:06:02.0349 2852  TrkWks - ok
05:06:02.0391 2852  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
05:06:02.0443 2852  TrustedInstaller - ok
05:06:02.0474 2852  [ 59BD43714E1034A913F019413905D387 ] TS4NT           C:\Windows\system32\Drivers\TS4nt.sys
05:06:02.0488 2852  TS4NT - ok
05:06:02.0551 2852  [ B4A0237AF692AC90E18F61880A48D010 ] TSNxGService    C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe
05:06:02.0579 2852  TSNxGService - ok
05:06:02.0593 2852  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
05:06:02.0632 2852  tssecsrv - ok
05:06:02.0654 2852  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
05:06:02.0683 2852  TsUsbFlt - ok
05:06:02.0703 2852  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
05:06:02.0717 2852  TsUsbGD - ok
05:06:02.0735 2852  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
05:06:02.0775 2852  tunnel - ok
05:06:02.0797 2852  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
05:06:02.0811 2852  uagp35 - ok
05:06:02.0825 2852  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
05:06:02.0886 2852  udfs - ok
05:06:02.0903 2852  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
05:06:02.0936 2852  UI0Detect - ok
05:06:02.0969 2852  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
05:06:02.0996 2852  uliagpkx - ok
05:06:03.0028 2852  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
05:06:03.0052 2852  umbus - ok
05:06:03.0069 2852  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
05:06:03.0109 2852  UmPass - ok
05:06:03.0132 2852  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
05:06:03.0199 2852  upnphost - ok
05:06:03.0226 2852  [ 4E93C8496359E97830C75AC36393654D ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
05:06:03.0259 2852  upperdev - ok
05:06:03.0275 2852  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
05:06:03.0313 2852  usbccgp - ok
05:06:03.0344 2852  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
05:06:03.0373 2852  usbcir - ok
05:06:03.0394 2852  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
05:06:03.0413 2852  usbehci - ok
05:06:03.0440 2852  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
05:06:03.0467 2852  usbhub - ok
05:06:03.0483 2852  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
05:06:03.0497 2852  usbohci - ok
05:06:03.0524 2852  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
05:06:03.0541 2852  usbprint - ok
05:06:03.0568 2852  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
05:06:03.0591 2852  usbscan - ok
05:06:03.0616 2852  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
05:06:03.0652 2852  usbser - ok
05:06:03.0663 2852  [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
05:06:03.0709 2852  UsbserFilt - ok
05:06:03.0725 2852  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:06:03.0751 2852  USBSTOR - ok
05:06:03.0776 2852  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
05:06:03.0801 2852  usbuhci - ok
05:06:03.0820 2852  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
05:06:03.0868 2852  UxSms - ok
05:06:03.0920 2852  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
05:06:03.0951 2852  VaultSvc - ok
05:06:03.0982 2852  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
05:06:04.0011 2852  vdrvroot - ok
05:06:04.0035 2852  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
05:06:04.0075 2852  vds - ok
05:06:04.0093 2852  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
05:06:04.0110 2852  vga - ok
05:06:04.0120 2852  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
05:06:04.0162 2852  VgaSave - ok
05:06:04.0179 2852  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
05:06:04.0196 2852  vhdmp - ok
05:06:04.0220 2852  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
05:06:04.0232 2852  viaide - ok
05:06:04.0244 2852  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
05:06:04.0258 2852  volmgr - ok
05:06:04.0269 2852  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
05:06:04.0287 2852  volmgrx - ok
05:06:04.0304 2852  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
05:06:04.0323 2852  volsnap - ok
05:06:04.0349 2852  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
05:06:04.0363 2852  vsmraid - ok
05:06:04.0399 2852  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
05:06:04.0480 2852  VSS - ok
05:06:04.0492 2852  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
05:06:04.0518 2852  vwifibus - ok
05:06:04.0542 2852  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
05:06:04.0565 2852  vwififlt - ok
05:06:04.0587 2852  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
05:06:04.0626 2852  W32Time - ok
05:06:04.0643 2852  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
05:06:04.0661 2852  WacomPen - ok
05:06:04.0679 2852  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
05:06:04.0719 2852  WANARP - ok
05:06:04.0722 2852  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
05:06:04.0753 2852  Wanarpv6 - ok
05:06:04.0806 2852  [ 261A725F8ACEDDA695C7FFF6D6EDE6B5 ] watchmi         C:\Program Files (x86)\watchmi\TvdService.exe
05:06:04.0819 2852  watchmi ( UnsignedFile.Multi.Generic ) - warning
05:06:04.0819 2852  watchmi - detected UnsignedFile.Multi.Generic (1)
05:06:04.0865 2852  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
05:06:04.0924 2852  wbengine - ok
05:06:04.0944 2852  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
05:06:04.0975 2852  WbioSrvc - ok
05:06:04.0990 2852  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
05:06:05.0015 2852  wcncsvc - ok
05:06:05.0026 2852  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
05:06:05.0049 2852  WcsPlugInService - ok
05:06:05.0060 2852  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
05:06:05.0073 2852  Wd - ok
05:06:05.0103 2852  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
05:06:05.0131 2852  Wdf01000 - ok
05:06:05.0141 2852  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
05:06:05.0167 2852  WdiServiceHost - ok
05:06:05.0171 2852  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
05:06:05.0190 2852  WdiSystemHost - ok
05:06:05.0207 2852  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
05:06:05.0243 2852  WebClient - ok
05:06:05.0258 2852  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
05:06:05.0311 2852  Wecsvc - ok
05:06:05.0326 2852  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
05:06:05.0374 2852  wercplsupport - ok
05:06:05.0390 2852  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
05:06:05.0424 2852  WerSvc - ok
05:06:05.0447 2852  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
05:06:05.0481 2852  WfpLwf - ok
05:06:05.0499 2852  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
05:06:05.0511 2852  WIMMount - ok
05:06:05.0535 2852  WinDefend - ok
05:06:05.0539 2852  WinHttpAutoProxySvc - ok
05:06:05.0581 2852  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
05:06:05.0650 2852  Winmgmt - ok
05:06:05.0683 2852  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
05:06:05.0754 2852  WinRM - ok
05:06:05.0792 2852  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
05:06:05.0837 2852  WinUsb - ok
05:06:05.0864 2852  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
05:06:05.0903 2852  Wlansvc - ok
05:06:05.0936 2852  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
05:06:05.0963 2852  wlcrasvc - ok
05:06:06.0019 2852  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
05:06:06.0083 2852  wlidsvc - ok
05:06:06.0109 2852  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
05:06:06.0127 2852  WmiAcpi - ok
05:06:06.0147 2852  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
05:06:06.0166 2852  wmiApSrv - ok
05:06:06.0183 2852  WMPNetworkSvc - ok
05:06:06.0203 2852  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
05:06:06.0234 2852  WPCSvc - ok
05:06:06.0244 2852  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
05:06:06.0261 2852  WPDBusEnum - ok
05:06:06.0277 2852  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
05:06:06.0339 2852  ws2ifsl - ok
05:06:06.0355 2852  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
05:06:06.0375 2852  wscsvc - ok
05:06:06.0378 2852  WSearch - ok
05:06:06.0395 2852  [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
05:06:06.0409 2852  wsvd - ok
05:06:06.0473 2852  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
05:06:06.0525 2852  wuauserv - ok
05:06:06.0551 2852  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
05:06:06.0566 2852  WudfPf - ok
05:06:06.0589 2852  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
05:06:06.0617 2852  WUDFRd - ok
05:06:06.0631 2852  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
05:06:06.0657 2852  wudfsvc - ok
05:06:06.0669 2852  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
05:06:06.0692 2852  WwanSvc - ok
05:06:06.0712 2852  ================ Scan global ===============================
05:06:06.0732 2852  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
05:06:06.0765 2852  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
05:06:06.0776 2852  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
05:06:06.0790 2852  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
05:06:06.0814 2852  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
05:06:06.0818 2852  [Global] - ok
05:06:06.0818 2852  ================ Scan MBR ==================================
05:06:06.0829 2852  [ 5D949EEA3BEEC2DF38A2D7900AD89A60 ] \Device\Harddisk0\DR0
05:06:09.0043 2852  \Device\Harddisk0\DR0 - ok
05:06:09.0043 2852  ================ Scan VBR ==================================
05:06:09.0047 2852  [ 4D2116B1D0928B24062AFEFFE8277A7C ] \Device\Harddisk0\DR0\Partition1
05:06:09.0049 2852  \Device\Harddisk0\DR0\Partition1 - ok
05:06:09.0095 2852  [ C1D9D0A11540696D42F56CDADA727778 ] \Device\Harddisk0\DR0\Partition2
05:06:09.0099 2852  \Device\Harddisk0\DR0\Partition2 - ok
05:06:09.0130 2852  [ F4BF22D640D4C018E23BF62A9101CCB0 ] \Device\Harddisk0\DR0\Partition3
05:06:09.0132 2852  \Device\Harddisk0\DR0\Partition3 - ok
05:06:09.0133 2852  ============================================================
05:06:09.0133 2852  Scan finished
05:06:09.0133 2852  ============================================================
05:06:09.0150 5924  Detected object count: 2
05:06:09.0150 5924  Actual detected object count: 2
05:08:29.0619 5924  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
05:08:29.0619 5924  SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
05:08:29.0620 5924  watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
05:08:29.0620 5924  watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
aswMBR.txt
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-10 04:31:55
-----------------------------
04:31:55.524    OS Version: Windows x64 6.1.7601 Service Pack 1
04:31:55.524    Number of processors: 8 586 0x102
04:31:55.525    ComputerName: CHAOS-PC  UserName: Chaos
04:32:00.695    Initialize success
04:35:16.913    AVAST engine defs: 13010901
04:45:33.497    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
04:45:33.501    Disk 0 Vendor: ST1500DL CC4A Size: 1430799MB BusType: 11
04:45:33.541    Disk 0 MBR read successfully
04:45:33.546    Disk 0 MBR scan
04:45:33.559    Disk 0 unknown MBR code
04:45:33.568    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
04:45:33.586    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1378473 MB offset 206848
04:45:33.630    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        51200 MB offset 2823319552
04:45:33.654    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 2928177152
04:45:33.716    Disk 0 scanning C:\Windows\system32\drivers
04:45:46.550    Service scanning
04:46:08.418    Modules scanning
04:46:08.433    Disk 0 trace - called modules:
04:46:08.457    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
04:46:08.466    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076e9790]
04:46:08.475    3 CLASSPNP.SYS[fffff88001b7b43f] -> nt!IofCallDriver -> [0xfffffa800680aac0]
04:46:08.484    5 amd_xata.sys[fffff8800108ca1d] -> nt!IofCallDriver -> \Device\00000069[0xfffffa80067fa840]
04:46:13.367    AVAST engine scan C:\Windows
04:46:16.617    AVAST engine scan C:\Windows\system32
04:48:50.999    AVAST engine scan C:\Windows\system32\drivers
04:49:06.519    AVAST engine scan C:\Users\Chaos
04:58:06.150    AVAST engine scan C:\ProgramData
04:59:46.354    Scan finished successfully
05:00:42.571    Disk 0 MBR has been saved successfully to "C:\Users\Chaos\Desktop\MBR.dat"
05:00:42.575    The log file has been saved successfully to "C:\Users\Chaos\Desktop\aswMBR.txt"
         
Danke dir! Bis später..

Alt 10.01.2013, 10:51   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.01.2013, 17:27   #11
Amy0407
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Guten Abend! Vielen Dank für deine Antwort! Ich habe Combofix jetzt seit reichlich 45 Minuten laufen und es stagniert in Stufe 4! Am Rechner selbst kann ich optisch keine Festplattenaktivität erkennen. Hat sich das Programm evtl. Aufgehangen? Aktuell schreibe ich vom Handy.

Nochmal ein kurzes Hallo, ich habe das Programm nach 1 Stunde Laufzeit beendet. lt. anderen Beiträgen über Google ist eine Laufzeit von 1 Stunde ohne Änderungen als Absturz des Programms anzusehen. Ich hoffe doch sehr, dass ich jetzt keine Fehler begangen habe. Ich habe einen neuen Versuch gestartet und den Lauf neu angesetzt. Leider ebenfalls mit dem gleichen Ergebnis. Das Programm habe ich nicht deinstalliert. Es befindet sich noch auf dem Desktop.

Bevor ich den Scan gestartet habe hab ich Virenscanner, Firewalls ect. komplett ausgeschaltet.

Ich wünsche dir einen schönen Abend. Bis morgen!

Alt 10.01.2013, 20:20   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.01.2013, 04:47   #13
Amy0407
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Moin, hab ich gemacht (Combofix deinstalliert ect) . Das ganze 2x, da er leider weiter bei Stufe 4 einfach stehen bleibt und sich nichts mehr tut. Ich bekomme auch weder eine Aufforderung zum Systemwiederherstellungspunkt, noch zu Updates. Beim Start kommen die ganzen Warnungen (Virenscanner, Firewall aus) und dann legt er gleich mit dem Scanvorgang los.. bis 4 und Ende!

machs gut bis heute Abend und Danke

Alt 11.01.2013, 15:34   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Probier CF bitte im abgesicherten Modus mit Netzwerktreibern aus


Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.01.2013, 18:17   #15
Amy0407
 
Exploit.Drop.GSA - Standard

Exploit.Drop.GSA



Guten Abend, das hat jetzt funktioniert. Um muss noch ergänzen, dass CF die Aktivität von GData gemeldet hat und um Deaktivierung bat. Durch den abgesicherten Modus war GData bereits deaktiviert und auch im Taskmanager konnte ich nichts erkennen. Ich hätte gar keine Änderungen an GData vornehmen können, da keine Änderung angenommen wurde. Ich hoffe sehr, dass diese Meldung das Ergebnis von CF nicht beeinflusst. Alternativ müsste ich GData deinstallieren und den Vorgang erneut starten.

Code:
ATTFilter
ComboFix 13-01-11.01 - Chaos 11.01.2013  19:01:49.5.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8169.7157 [GMT 1:00]
ausgeführt von:: c:\users\Chaos\Desktop\ComboFix.exe
AV: G Data TotalProtection 2013 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data TotalProtection 2013 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-11 bis 2013-01-11  ))))))))))))))))))))))))))))))
.
.
2013-01-11 18:06 . 2013-01-11 18:06	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-01-11 18:06 . 2013-01-11 18:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-11 03:48 . 2013-01-11 03:48	--------	d-----w-	c:\users\Chaos\AppData\Local\Diagnostics
2013-01-06 17:21 . 2013-01-06 17:21	--------	d-----w-	c:\users\Chaos\AppData\Local\Windows Live Writer
2013-01-06 17:21 . 2013-01-06 17:21	--------	d-----w-	c:\users\Chaos\AppData\Roaming\Windows Live Writer
2013-01-06 13:59 . 2013-01-06 13:59	--------	d-----w-	c:\users\Chaos\AppData\Roaming\Malwarebytes
2013-01-06 13:59 . 2013-01-06 13:59	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-06 13:59 . 2013-01-06 13:59	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-06 13:59 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-06 13:59 . 2013-01-06 13:59	--------	d-----w-	c:\users\Chaos\AppData\Local\Programs
2012-12-29 04:38 . 2012-12-29 04:38	16504	----a-w-	c:\windows\system32\drivers\GdPhyMem.sys
2012-12-28 05:37 . 2012-12-28 05:37	2889	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2012-12-21 05:47 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 05:47 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 05:47 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 05:47 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-15 06:33 . 2012-12-15 06:33	--------	d-----w-	c:\users\Chaos\Podcasts
2012-12-15 06:31 . 2012-12-15 06:34	--------	d-----w-	c:\users\Chaos\AppData\Local\Sony
2012-12-15 06:31 . 2012-12-15 06:31	--------	d-----w-	c:\program files (x86)\Common Files\Sony Shared
2012-12-15 06:30 . 2012-12-15 06:31	--------	d-----w-	c:\programdata\Sony Corporation
2012-12-15 06:29 . 2012-12-15 06:31	--------	d-----w-	c:\program files (x86)\Sony Media Go Install
2012-12-15 06:29 . 2012-12-15 06:33	--------	d-----w-	c:\users\Chaos\AppData\Roaming\Sony
2012-12-12 18:37 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 18:37 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-12 18:37 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 18:37 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 17:26 . 2011-07-18 20:31	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-09 05:27 . 2012-05-29 01:24	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 05:27 . 2011-12-01 21:26	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-09 11:36 . 2012-12-09 11:36	27760	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2012-12-09 11:36 . 2012-12-09 11:36	14448	----a-w-	c:\windows\system32\drivers\ggflt.sys
2012-11-30 04:45 . 2013-01-09 17:18	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-30 10:50 . 2012-05-12 11:51	60320	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2012-10-30 10:48 . 2012-05-12 11:51	126880	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2012-10-30 10:48 . 2012-05-12 11:51	54176	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2012-10-30 10:48 . 2012-05-12 11:51	64416	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2012-10-16 08:38 . 2012-11-28 04:54	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 04:54	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 04:54	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-12 39408]
"GoogleChromeAutoLaunch_9C355F266C25602F9C5EB5F430276502"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-08 1248360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-14 336384]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe" [2012-09-17 995352]
"GDFirewallTray"="c:\program files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
watchmi tray.lnk - c:\windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2012-5-12 300928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-10-30 126880]
R1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-10-30 64416]
R1 GLogin;GLogin; [x]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-08-05 106648]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-07-12 64376]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-14 361984]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
R2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\TotalProtection\AVK\AVKService.exe [2012-01-27 468472]
R2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2012-09-11 1617432]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 565928]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R2 TSNxGService;G Data Datensafe Service;c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [2012-05-24 306216]
R2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2011-10-07 70144]
R3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-10-30 60320]
R3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
R3 GDTunerSvc;G Data Tuner Service;c:\program files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [2012-05-14 1218552]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-12-09 14448]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\RpcAgentSrv.exe [2009-04-26 95896]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-04-15 40064]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-10-30 54176]
S0 TS4NT;TS4nt driver;c:\windows\System32\Drivers\TS4nt.sys [2012-07-12 98760]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-08-02 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-08-02 391144]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-11 04:44	1606760	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 05:27]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-12 11:22]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-12 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Chaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 83.169.186.33 83.169.186.97
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-TSNxG4Tray - c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-AFPL Ghostscript 8.54 - c:\program files (x86)\gs\uninstgs.exe
AddRemove-AFPL Ghostscript Fonts - c:\program files (x86)\gs\uninstgs.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-11  19:08:56
ComboFix-quarantined-files.txt  2013-01-11 18:08
.
Vor Suchlauf: 8 Verzeichnis(se), 1.394.750.980.096 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 1.394.446.548.992 Bytes frei
.
- - End Of File - - E52E9EF5B036EC1B3D65A205555C3B0F
         
Danke und bis morgen

Antwort

Themen zu Exploit.Drop.GSA
abbruch, anlage, applaus, autostart, dvd, ebenfalls, erneut, euro, fehler, gdata, gesperrt, gmer-scan, guten, hilfe!, hintergrund, hängt, kurze, neu, neustart, pc wurde gesperrt, quarantäne, scan, scannen, screen, trojaner, trojanern, virenscan, virus



Ähnliche Themen: Exploit.Drop.GSA


  1. Exploit.Drop.GS
    Log-Analyse und Auswertung - 07.10.2013 (9)
  2. exploit.drop
    Log-Analyse und Auswertung - 26.03.2013 (31)
  3. GVU Trojaner-Problem!(Exploit.Drop.GS;Exploit.drop.GSA;trojan.ransom.SUGen;--->Malwarebytes-Funde)
    Plagegeister aller Art und deren Bekämpfung - 02.03.2013 (6)
  4. Exploit Drop GSA
    Log-Analyse und Auswertung - 29.01.2013 (7)
  5. exploit.drop.gsa eingefangen
    Log-Analyse und Auswertung - 22.01.2013 (22)
  6. GVU Virus - runctf.lnk (im Autostart), wgsdgsdgdsgsd.dll (Exploit.Drop.GS), dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) und dsgsdgdsgdsgw.js
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (3)
  7. Exploit.Drop.GS eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (1)
  8. GVU Trojaner (Exploit.drop.gsa)
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (12)
  9. Exploit.Drop.GS, blockierte Websiten
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (21)
  10. exploit.drop.gs
    Log-Analyse und Auswertung - 29.10.2012 (27)
  11. GVU Trojaner und Exploit.Drop.GS
    Log-Analyse und Auswertung - 27.10.2012 (10)
  12. Exploit.Drop-UR.2 endgültig löschen
    Log-Analyse und Auswertung - 23.10.2012 (4)
  13. Exploit.Drop.UR2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (32)
  14. Bifrose.Trace und Exploit.drop.nr2
    Log-Analyse und Auswertung - 05.10.2012 (2)
  15. Exploit.drop.ur.2-BKA-Trojaner auf Windows 7
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (23)
  16. exploit.drop.ur.2
    Log-Analyse und Auswertung - 20.08.2012 (5)
  17. Exploit.Drop - Trojaner
    Log-Analyse und Auswertung - 03.07.2012 (3)

Zum Thema Exploit.Drop.GSA - Hallo und guten Abend, ich bin neu hier und hoffe mit meinem ersten Posting jetzt nicht gleich Fehler zu machen. Kurze Problemerläuterung: Ich habe vor mehreren Tagen das Pech gehabt - Exploit.Drop.GSA...
Archiv
Du betrachtest: Exploit.Drop.GSA auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.