Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.05.2013, 12:28   #1
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



Hallo.
Auch mich hat der GVU-Trojaner erwischt. Avast war aktiv, hat eine Meldung gebracht "Bedrohung gefunden".. und dann kam die bekannte GVU-Trojaner-Meldung.

Hab im abgesichertem Modus wie hier beschrieben OTL laufen lassen.
Logs sind im Anhang.

Danke und Gruß,
Ritter
Angehängte Dateien
Dateityp: txt OTL.Txt (94,8 KB, 159x aufgerufen)
Dateityp: txt Extras.Txt (80,3 KB, 146x aufgerufen)

Alt 07.05.2013, 13:11   #2
markusg
/// Malware-holic
 
GVU-Trojaner - Standard

GVU-Trojaner



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O20 - HKU\S-1-5-21-3071843407-2705748177-3159224180-1000 Winlogon: Shell - (C:\Users\Rittmeier\AppData\Roaming\skype.dat) - C:\Users\Rittmeier\AppData\Roaming\skype.dat ()
:files
C:\Users\Rittmeier\AppData\Roaming\skype.dat
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Geändert von markusg (07.05.2013 um 13:23 Uhr)

Alt 07.05.2013, 13:36   #3
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



Ok, hier der Ergebnis des Fixes:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3071843407-2705748177-3159224180-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Rittmeier\AppData\Roaming\skype.dat deleted successfully.
C:\Users\Rittmeier\AppData\Roaming\skype.dat moved successfully.
========== FILES ==========
File\Folder C:\Users\Rittmeier\AppData\Roaming\skype.dat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rittmeier
->Temp folder emptied: 551683 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 1291726 bytes
->FireFox cache emptied: 106454454 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 58144 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 96422 bytes
RecycleBin emptied: 430542 bytes

Total Files Cleaned = 104,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05072013_142803

Files\Folders moved on Reboot...
C:\Users\Rittmeier\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rittmeier\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Upload von MovedFiles erfolgreich (Upload Channel)
__________________

Alt 07.05.2013, 13:38   #4
markusg
/// Malware-holic
 
GVU-Trojaner - Standard

GVU-Trojaner



Sehr gut.
normalen Modus bitte starten, der sollte laufen.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.05.2013, 13:47   #5
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



Tdsskiller hat 1 objekt gefunden, habe skip gewählt. Hier das Log:

14:45:19.0781 5240 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:45:19.0946 5240 ============================================================
14:45:19.0946 5240 Current date / time: 2013/05/07 14:45:19.0946
14:45:19.0946 5240 SystemInfo:
14:45:19.0946 5240
14:45:19.0946 5240 OS Version: 6.1.7601 ServicePack: 1.0
14:45:19.0946 5240 Product type: Workstation
14:45:19.0947 5240 ComputerName: RITTMEIER-PC
14:45:19.0947 5240 UserName: Rittmeier
14:45:19.0947 5240 Windows directory: C:\Windows
14:45:19.0947 5240 System windows directory: C:\Windows
14:45:19.0947 5240 Running under WOW64
14:45:19.0947 5240 Processor architecture: Intel x64
14:45:19.0947 5240 Number of processors: 3
14:45:19.0947 5240 Page size: 0x1000
14:45:19.0947 5240 Boot type: Normal boot
14:45:19.0947 5240 ============================================================
14:45:20.0319 5240 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
14:45:20.0330 5240 Drive \Device\Harddisk1\DR1 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:45:20.0350 5240 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:45:20.0355 5240 ============================================================
14:45:20.0355 5240 \Device\Harddisk0\DR0:
14:45:20.0355 5240 MBR partitions:
14:45:20.0355 5240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
14:45:20.0355 5240 \Device\Harddisk1\DR1:
14:45:20.0355 5240 MBR partitions:
14:45:20.0355 5240 \Device\Harddisk2\DR2:
14:45:20.0368 5240 MBR partitions:
14:45:20.0368 5240 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1E859000
14:45:20.0368 5240 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x1E859800, BlocksNum 0x126EB800
14:45:20.0368 5240 \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x30F45800, BlocksNum 0x2B55C000
14:45:20.0382 5240 \Device\Harddisk2\DR2\Partition4: MBR, Type 0x7, StartLBA 0x5C4A2000, BlocksNum 0x18264000
14:45:20.0382 5240 ============================================================
14:45:20.0409 5240 C: <-> \Device\Harddisk2\DR2\Partition2
14:45:20.0436 5240 F: <-> \Device\Harddisk2\DR2\Partition4
14:45:20.0488 5240 H: <-> \Device\Harddisk2\DR2\Partition3
14:45:20.0539 5240 B: <-> \Device\Harddisk2\DR2\Partition1
14:45:20.0970 5240 K: <-> \Device\Harddisk0\DR0\Partition1
14:45:20.0970 5240 ============================================================
14:45:20.0970 5240 Initialize success
14:45:20.0970 5240 ============================================================
14:45:36.0557 5920 ============================================================
14:45:36.0557 5920 Scan started
14:45:36.0557 5920 Mode: Manual; SigCheck; TDLFS;
14:45:36.0557 5920 ============================================================
14:45:36.0749 5920 ================ Scan system memory ========================
14:45:36.0749 5920 System memory - ok
14:45:36.0749 5920 ================ Scan services =============================
14:45:36.0854 5920 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:45:36.0933 5920 1394ohci - ok
14:45:36.0964 5920 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
14:45:37.0130 5920 acedrv11 - ok
14:45:37.0172 5920 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:45:37.0189 5920 ACPI - ok
14:45:37.0198 5920 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:45:37.0230 5920 AcpiPmi - ok
14:45:37.0266 5920 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
14:45:37.0276 5920 adfs - ok
14:45:37.0342 5920 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:45:37.0354 5920 AdobeARMservice - ok
14:45:37.0393 5920 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:45:37.0411 5920 adp94xx - ok
14:45:37.0423 5920 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:45:37.0438 5920 adpahci - ok
14:45:37.0444 5920 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:45:37.0458 5920 adpu320 - ok
14:45:37.0483 5920 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:45:37.0522 5920 AeLookupSvc - ok
14:45:37.0569 5920 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:45:37.0601 5920 AFD - ok
14:45:37.0615 5920 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:45:37.0627 5920 agp440 - ok
14:45:37.0639 5920 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:45:37.0670 5920 ALG - ok
14:45:37.0679 5920 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:45:37.0690 5920 aliide - ok
14:45:37.0718 5920 [ 9C616BA191B80F5CD1A1B9553E107100 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:45:37.0759 5920 AMD External Events Utility - ok
14:45:37.0834 5920 AMD FUEL Service - ok
14:45:37.0851 5920 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:45:37.0862 5920 amdide - ok
14:45:37.0876 5920 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
14:45:37.0885 5920 amdiox64 - ok
14:45:37.0897 5920 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:45:37.0921 5920 AmdK8 - ok
14:45:38.0062 5920 [ 5165E83751B8FF40E5E4925996FCC506 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:45:38.0203 5920 amdkmdag - ok
14:45:38.0229 5920 [ 86AB3CF484260C4318F3A6E8B035F422 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:45:38.0252 5920 amdkmdap - ok
14:45:38.0272 5920 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:45:38.0285 5920 AmdPPM - ok
14:45:38.0321 5920 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:45:38.0335 5920 amdsata - ok
14:45:38.0347 5920 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:45:38.0362 5920 amdsbs - ok
14:45:38.0372 5920 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:45:38.0382 5920 amdxata - ok
14:45:38.0406 5920 [ 2FBB00A7616106B95104574C6CD640C2 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
14:45:38.0416 5920 amd_sata - ok
14:45:38.0435 5920 [ 87D0D7645CB0D53220649BD5FE15D93E ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
14:45:38.0444 5920 amd_xata - ok
14:45:38.0487 5920 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:45:38.0497 5920 AODDriver4.01 - ok
14:45:38.0508 5920 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:45:38.0518 5920 AODDriver4.1 - ok
14:45:38.0550 5920 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:45:38.0597 5920 AppID - ok
14:45:38.0626 5920 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:45:38.0674 5920 AppIDSvc - ok
14:45:38.0713 5920 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:45:38.0751 5920 Appinfo - ok
14:45:38.0784 5920 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:45:38.0798 5920 AppMgmt - ok
14:45:38.0818 5920 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:45:38.0830 5920 arc - ok
14:45:38.0843 5920 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:45:38.0855 5920 arcsas - ok
14:45:38.0904 5920 [ 954950D11ADA98AC1B7EE3C770E4622C ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
14:45:38.0932 5920 asmthub3 - ok
14:45:38.0955 5920 [ 01DBB05DB1DB95803E3C9F2B49AFE79C ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
14:45:38.0973 5920 asmtxhci - ok
14:45:39.0085 5920 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:45:39.0095 5920 aspnet_state - ok
14:45:39.0132 5920 [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
14:45:39.0142 5920 aswFsBlk - ok
14:45:39.0171 5920 [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
14:45:39.0182 5920 aswMonFlt - ok
14:45:39.0198 5920 [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
14:45:39.0209 5920 aswRdr - ok
14:45:39.0236 5920 [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
14:45:39.0246 5920 aswRvrt - ok
14:45:39.0274 5920 [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
14:45:39.0296 5920 aswSnx - ok
14:45:39.0311 5920 [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP C:\Windows\system32\drivers\aswSP.sys
14:45:39.0326 5920 aswSP - ok
14:45:39.0345 5920 [ D62C10D1829C65115111C160EA956260 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
14:45:39.0357 5920 aswTdi - ok
14:45:39.0380 5920 [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
14:45:39.0393 5920 aswVmm - ok
14:45:39.0398 5920 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:45:39.0439 5920 AsyncMac - ok
14:45:39.0471 5920 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:45:39.0482 5920 atapi - ok
14:45:39.0520 5920 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:45:39.0530 5920 AtiHDAudioService - ok
14:45:39.0559 5920 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:45:39.0601 5920 AudioEndpointBuilder - ok
14:45:39.0610 5920 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:45:39.0643 5920 AudioSrv - ok
14:45:39.0690 5920 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:45:39.0700 5920 avast! Antivirus - ok
14:45:39.0723 5920 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:45:39.0757 5920 AxInstSV - ok
14:45:39.0794 5920 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:45:39.0827 5920 b06bdrv - ok
14:45:39.0844 5920 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:45:39.0871 5920 b57nd60a - ok
14:45:39.0897 5920 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:45:39.0911 5920 BDESVC - ok
14:45:39.0942 5920 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:45:39.0991 5920 Beep - ok
14:45:40.0042 5920 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:45:40.0079 5920 BFE - ok
14:45:40.0103 5920 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:45:40.0158 5920 BITS - ok
14:45:40.0174 5920 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:45:40.0193 5920 blbdrive - ok
14:45:40.0221 5920 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:45:40.0242 5920 bowser - ok
14:45:40.0247 5920 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:45:40.0262 5920 BrFiltLo - ok
14:45:40.0268 5920 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:45:40.0283 5920 BrFiltUp - ok
14:45:40.0310 5920 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:45:40.0324 5920 Browser - ok
14:45:40.0349 5920 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:45:40.0381 5920 Brserid - ok
14:45:40.0386 5920 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:45:40.0402 5920 BrSerWdm - ok
14:45:40.0418 5920 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:45:40.0454 5920 BrUsbMdm - ok
14:45:40.0467 5920 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:45:40.0480 5920 BrUsbSer - ok
14:45:40.0485 5920 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:45:40.0507 5920 BTHMODEM - ok
14:45:40.0529 5920 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:45:40.0566 5920 bthserv - ok
14:45:40.0594 5920 [ F66E106432C735F84BD088D993C106B4 ] c2scsi64 C:\Windows\system32\DRIVERS\c2scsi64.sys
14:45:40.0606 5920 c2scsi64 - ok
14:45:40.0621 5920 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:45:40.0659 5920 cdfs - ok
14:45:40.0690 5920 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:45:40.0716 5920 cdrom - ok
14:45:40.0744 5920 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:45:40.0787 5920 CertPropSvc - ok
14:45:40.0800 5920 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:45:40.0816 5920 circlass - ok
14:45:40.0843 5920 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:45:40.0859 5920 CLFS - ok
14:45:40.0899 5920 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:45:40.0910 5920 clr_optimization_v2.0.50727_32 - ok
14:45:40.0935 5920 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:45:40.0945 5920 clr_optimization_v2.0.50727_64 - ok
14:45:41.0016 5920 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:45:41.0069 5920 clr_optimization_v4.0.30319_32 - ok
14:45:41.0087 5920 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:45:41.0104 5920 clr_optimization_v4.0.30319_64 - ok
14:45:41.0109 5920 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:45:41.0122 5920 CmBatt - ok
14:45:41.0131 5920 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:45:41.0141 5920 cmdide - ok
14:45:41.0170 5920 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:45:41.0198 5920 CNG - ok
14:45:41.0238 5920 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:45:41.0248 5920 Compbatt - ok
14:45:41.0264 5920 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:45:41.0287 5920 CompositeBus - ok
14:45:41.0294 5920 COMSysApp - ok
14:45:41.0312 5920 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:45:41.0323 5920 crcdisk - ok
14:45:41.0352 5920 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:45:41.0375 5920 CryptSvc - ok
14:45:41.0397 5920 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:45:41.0431 5920 CSC - ok
14:45:41.0467 5920 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:45:41.0493 5920 CscService - ok
14:45:41.0524 5920 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:45:41.0560 5920 DcomLaunch - ok
14:45:41.0584 5920 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:45:41.0617 5920 defragsvc - ok
14:45:41.0636 5920 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:45:41.0674 5920 DfsC - ok
14:45:41.0694 5920 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:45:41.0726 5920 Dhcp - ok
14:45:41.0744 5920 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:45:41.0782 5920 discache - ok
14:45:41.0813 5920 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:45:41.0824 5920 Disk - ok
14:45:41.0846 5920 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:45:41.0869 5920 Dnscache - ok
14:45:41.0892 5920 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:45:41.0936 5920 dot3svc - ok
14:45:41.0966 5920 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:45:42.0008 5920 DPS - ok
14:45:42.0042 5920 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:45:42.0067 5920 drmkaud - ok
14:45:42.0092 5920 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:45:42.0113 5920 DXGKrnl - ok
14:45:42.0132 5920 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
14:45:42.0154 5920 E1G60 - ok
14:45:42.0181 5920 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:45:42.0219 5920 EapHost - ok
14:45:42.0275 5920 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:45:42.0333 5920 ebdrv - ok
14:45:42.0359 5920 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:45:42.0382 5920 EFS - ok
14:45:42.0427 5920 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:45:42.0461 5920 ehRecvr - ok
14:45:42.0491 5920 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:45:42.0512 5920 ehSched - ok
14:45:42.0537 5920 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:45:42.0555 5920 elxstor - ok
14:45:42.0573 5920 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:45:42.0600 5920 ErrDev - ok
14:45:42.0630 5920 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:45:42.0675 5920 EventSystem - ok
14:45:42.0690 5920 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:45:42.0721 5920 exfat - ok
14:45:42.0739 5920 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:45:42.0783 5920 fastfat - ok
14:45:42.0824 5920 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:45:42.0853 5920 Fax - ok
14:45:42.0872 5920 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:45:42.0887 5920 fdc - ok
14:45:42.0903 5920 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:45:42.0932 5920 fdPHost - ok
14:45:42.0940 5920 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:45:42.0970 5920 FDResPub - ok
14:45:42.0980 5920 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:45:42.0992 5920 FileInfo - ok
14:45:42.0996 5920 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:45:43.0033 5920 Filetrace - ok
14:45:43.0177 5920 [ 0BB2FBDC69F1A536E5E5847D3B654492 ] Flexlm Service 1 C:\Users\Rittmeier\AppData\Roaming\MSC.Software\MSC.Licensing\11.9\lmgrd.exe
14:45:43.0205 5920 Flexlm Service 1 - ok
14:45:43.0211 5920 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:45:43.0225 5920 flpydisk - ok
14:45:43.0239 5920 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:45:43.0254 5920 FltMgr - ok
14:45:43.0284 5920 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
14:45:43.0312 5920 FontCache - ok
14:45:43.0353 5920 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:45:43.0363 5920 FontCache3.0.0.0 - ok
14:45:43.0384 5920 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:45:43.0396 5920 FsDepends - ok
14:45:43.0418 5920 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:45:43.0428 5920 Fs_Rec - ok
14:45:43.0453 5920 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:45:43.0469 5920 fvevol - ok
14:45:43.0491 5920 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:45:43.0503 5920 gagp30kx - ok
14:45:43.0534 5920 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:45:43.0581 5920 gpsvc - ok
14:45:43.0677 5920 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:45:43.0688 5920 gupdate - ok
14:45:43.0697 5920 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:45:43.0707 5920 gupdatem - ok
14:45:43.0739 5920 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:45:43.0750 5920 gusvc - ok
14:45:43.0764 5920 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:45:43.0790 5920 hcw85cir - ok
14:45:43.0830 5920 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:45:43.0849 5920 HdAudAddService - ok
14:45:43.0871 5920 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:45:43.0899 5920 HDAudBus - ok
14:45:43.0914 5920 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:45:43.0939 5920 HidBatt - ok
14:45:43.0950 5920 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:45:43.0966 5920 HidBth - ok
14:45:43.0971 5920 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:45:43.0997 5920 HidIr - ok
14:45:44.0020 5920 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:45:44.0056 5920 hidserv - ok
14:45:44.0091 5920 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:45:44.0104 5920 HidUsb - ok
14:45:44.0122 5920 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:45:44.0166 5920 hkmsvc - ok
14:45:44.0200 5920 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:45:44.0228 5920 HomeGroupListener - ok
14:45:44.0254 5920 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:45:44.0281 5920 HomeGroupProvider - ok
14:45:44.0298 5920 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:45:44.0310 5920 HpSAMD - ok
14:45:44.0338 5920 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:45:44.0383 5920 HTTP - ok
14:45:44.0415 5920 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:45:44.0426 5920 hwpolicy - ok
14:45:44.0458 5920 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:45:44.0471 5920 i8042prt - ok
14:45:44.0489 5920 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:45:44.0505 5920 iaStorV - ok
14:45:44.0559 5920 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:45:44.0577 5920 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:45:44.0577 5920 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:45:44.0611 5920 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:45:44.0633 5920 idsvc - ok
14:45:44.0647 5920 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:45:44.0658 5920 iirsp - ok
14:45:44.0686 5920 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:45:44.0731 5920 IKEEXT - ok
14:45:44.0801 5920 [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:45:44.0839 5920 IntcAzAudAddService - ok
14:45:44.0853 5920 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:45:44.0864 5920 intelide - ok
14:45:44.0895 5920 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:45:44.0909 5920 intelppm - ok
14:45:44.0937 5920 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:45:44.0978 5920 IPBusEnum - ok
14:45:44.0996 5920 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:45:45.0025 5920 IpFilterDriver - ok
14:45:45.0059 5920 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:45:45.0095 5920 iphlpsvc - ok
14:45:45.0112 5920 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:45:45.0126 5920 IPMIDRV - ok
14:45:45.0147 5920 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:45:45.0186 5920 IPNAT - ok
14:45:45.0196 5920 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:45:45.0218 5920 IRENUM - ok
14:45:45.0243 5920 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:45:45.0254 5920 isapnp - ok
14:45:45.0271 5920 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:45:45.0286 5920 iScsiPrt - ok
14:45:45.0311 5920 [ 79A55E8907F34AB569029505418C35EF ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
14:45:45.0322 5920 JRAID - ok
14:45:45.0331 5920 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:45:45.0342 5920 kbdclass - ok
14:45:45.0364 5920 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:45:45.0377 5920 kbdhid - ok
14:45:45.0389 5920 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:45:45.0403 5920 KeyIso - ok
14:45:45.0425 5920 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:45:45.0436 5920 KSecDD - ok
14:45:45.0447 5920 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:45:45.0460 5920 KSecPkg - ok
14:45:45.0471 5920 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:45:45.0501 5920 ksthunk - ok
14:45:45.0529 5920 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:45:45.0579 5920 KtmRm - ok
14:45:45.0602 5920 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:45:45.0646 5920 LanmanServer - ok
14:45:45.0678 5920 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:45:45.0720 5920 LanmanWorkstation - ok
14:45:45.0753 5920 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:45:45.0796 5920 lltdio - ok
14:45:45.0821 5920 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:45:45.0866 5920 lltdsvc - ok
14:45:45.0884 5920 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:45:45.0914 5920 lmhosts - ok
14:45:45.0928 5920 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:45:45.0941 5920 LSI_FC - ok
14:45:45.0958 5920 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:45:45.0970 5920 LSI_SAS - ok
14:45:45.0982 5920 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:45:45.0994 5920 LSI_SAS2 - ok
14:45:45.0999 5920 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:45:46.0012 5920 LSI_SCSI - ok
14:45:46.0025 5920 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:45:46.0056 5920 luafv - ok
14:45:46.0082 5920 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:45:46.0097 5920 Mcx2Svc - ok
14:45:46.0110 5920 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:45:46.0121 5920 megasas - ok
14:45:46.0130 5920 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:45:46.0146 5920 MegaSR - ok
14:45:46.0164 5920 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:45:46.0208 5920 MMCSS - ok
14:45:46.0225 5920 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:45:46.0264 5920 Modem - ok
14:45:46.0290 5920 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:45:46.0319 5920 monitor - ok
14:45:46.0357 5920 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:45:46.0367 5920 mouclass - ok
14:45:46.0372 5920 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:45:46.0386 5920 mouhid - ok
14:45:46.0421 5920 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:45:46.0433 5920 mountmgr - ok
14:45:46.0447 5920 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:45:46.0460 5920 mpio - ok
14:45:46.0484 5920 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:45:46.0513 5920 mpsdrv - ok
14:45:46.0546 5920 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:45:46.0587 5920 MpsSvc - ok
14:45:46.0619 5920 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:45:46.0647 5920 MRxDAV - ok
14:45:46.0670 5920 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:45:46.0689 5920 mrxsmb - ok
14:45:46.0713 5920 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:45:46.0729 5920 mrxsmb10 - ok
14:45:46.0757 5920 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:45:46.0779 5920 mrxsmb20 - ok
14:45:46.0789 5920 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
14:45:46.0799 5920 msahci - ok
14:45:46.0821 5920 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:45:46.0834 5920 msdsm - ok
14:45:46.0846 5920 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:45:46.0876 5920 MSDTC - ok
14:45:46.0905 5920 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:45:46.0935 5920 Msfs - ok
14:45:46.0947 5920 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:45:46.0977 5920 mshidkmdf - ok
14:45:46.0990 5920 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:45:47.0001 5920 msisadrv - ok
14:45:47.0027 5920 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:45:47.0060 5920 MSiSCSI - ok
14:45:47.0064 5920 msiserver - ok
14:45:47.0102 5920 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:45:47.0131 5920 MSKSSRV - ok
14:45:47.0135 5920 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:45:47.0173 5920 MSPCLOCK - ok
14:45:47.0177 5920 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:45:47.0217 5920 MSPQM - ok
14:45:47.0245 5920 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:45:47.0261 5920 MsRPC - ok
14:45:47.0272 5920 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:45:47.0283 5920 mssmbios - ok
14:45:47.0291 5920 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:45:47.0331 5920 MSTEE - ok
14:45:47.0336 5920 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:45:47.0350 5920 MTConfig - ok
14:45:47.0371 5920 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:45:47.0383 5920 Mup - ok
14:45:47.0414 5920 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:45:47.0463 5920 napagent - ok
14:45:47.0492 5920 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:45:47.0525 5920 NativeWifiP - ok
14:45:47.0549 5920 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:45:47.0574 5920 NDIS - ok
14:45:47.0604 5920 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:45:47.0634 5920 NdisCap - ok
14:45:47.0653 5920 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:45:47.0690 5920 NdisTapi - ok
14:45:47.0721 5920 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:45:47.0750 5920 Ndisuio - ok
14:45:47.0773 5920 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:45:47.0817 5920 NdisWan - ok
14:45:47.0841 5920 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:45:47.0881 5920 NDProxy - ok
14:45:47.0897 5920 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:45:47.0939 5920 NetBIOS - ok
14:45:47.0955 5920 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:45:47.0995 5920 NetBT - ok
14:45:48.0022 5920 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:45:48.0036 5920 Netlogon - ok
14:45:48.0074 5920 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:45:48.0116 5920 Netman - ok
14:45:48.0156 5920 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:48.0170 5920 NetMsmqActivator - ok
14:45:48.0184 5920 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:48.0194 5920 NetPipeActivator - ok
14:45:48.0214 5920 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:45:48.0261 5920 netprofm - ok
14:45:48.0302 5920 [ 618C55B392238B9467F9113E13525C49 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
14:45:48.0339 5920 netr28ux - ok
14:45:48.0360 5920 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:48.0372 5920 NetTcpActivator - ok
14:45:48.0376 5920 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:48.0387 5920 NetTcpPortSharing - ok
14:45:48.0405 5920 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:45:48.0417 5920 nfrd960 - ok
14:45:48.0440 5920 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:45:48.0480 5920 NlaSvc - ok
14:45:48.0537 5920 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
14:45:48.0569 5920 nmwcd - ok
14:45:48.0600 5920 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
14:45:48.0631 5920 nmwcdc - ok
14:45:48.0662 5920 [ 697CA586209E022D15DD0C838B235D6A ] nmwcdnsucx64 C:\Windows\system32\drivers\nmwcdnsucx64.sys
14:45:48.0692 5920 nmwcdnsucx64 - ok
14:45:48.0722 5920 [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
14:45:48.0757 5920 nmwcdnsux64 - ok
14:45:48.0769 5920 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:45:48.0800 5920 Npfs - ok
14:45:48.0825 5920 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:45:48.0868 5920 nsi - ok
14:45:48.0879 5920 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:45:48.0921 5920 nsiproxy - ok
14:45:48.0962 5920 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:45:48.0998 5920 Ntfs - ok
14:45:49.0010 5920 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:45:49.0046 5920 Null - ok
14:45:49.0236 5920 [ B15258B1F45F9571758AC6BB2F043B01 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:45:49.0443 5920 nvlddmkm - ok
14:45:49.0483 5920 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:45:49.0496 5920 nvraid - ok
14:45:49.0512 5920 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:45:49.0525 5920 nvstor - ok
14:45:49.0583 5920 [ 2D7092FEC9BD2ACA199673BBA2BA9277 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:45:49.0619 5920 nvsvc - ok
14:45:49.0644 5920 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:45:49.0657 5920 nv_agp - ok
14:45:49.0712 5920 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:45:49.0728 5920 odserv - ok
14:45:49.0747 5920 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:45:49.0761 5920 ohci1394 - ok
14:45:49.0793 5920 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:45:49.0805 5920 ose - ok
14:45:49.0831 5920 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:45:49.0861 5920 p2pimsvc - ok
14:45:49.0882 5920 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:45:49.0901 5920 p2psvc - ok
14:45:49.0934 5920 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:45:49.0948 5920 Parport - ok
14:45:49.0972 5920 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:45:49.0983 5920 partmgr - ok
14:45:49.0995 5920 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:45:50.0023 5920 PcaSvc - ok
14:45:50.0053 5920 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
14:45:50.0071 5920 pccsmcfd - ok
14:45:50.0084 5920 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:45:50.0097 5920 pci - ok
14:45:50.0118 5920 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:45:50.0129 5920 pciide - ok
14:45:50.0141 5920 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:45:50.0157 5920 pcmcia - ok
14:45:50.0174 5920 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:45:50.0185 5920 pcw - ok
14:45:50.0207 5920 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:45:50.0253 5920 PEAUTH - ok
14:45:50.0289 5920 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:45:50.0323 5920 PeerDistSvc - ok
14:45:50.0387 5920 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:45:50.0418 5920 PerfHost - ok
14:45:50.0466 5920 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:45:50.0525 5920 pla - ok
14:45:50.0564 5920 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:45:50.0586 5920 PlugPlay - ok
14:45:50.0603 5920 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:45:50.0618 5920 PNRPAutoReg - ok
14:45:50.0630 5920 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:45:50.0649 5920 PNRPsvc - ok
14:45:50.0668 5920 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:45:50.0717 5920 PolicyAgent - ok
14:45:50.0764 5920 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:45:50.0813 5920 Power - ok
14:45:50.0844 5920 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:45:50.0888 5920 PptpMiniport - ok
14:45:50.0899 5920 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:45:50.0925 5920 Processor - ok
14:45:50.0943 5920 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
14:45:50.0984 5920 ProfSvc - ok
14:45:51.0002 5920 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:45:51.0015 5920 ProtectedStorage - ok
14:45:51.0038 5920 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:45:51.0068 5920 Psched - ok
14:45:51.0088 5920 [ 05F46042208E515B9C240AAFC54E7AA2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:45:51.0097 5920 PxHlpa64 - ok
14:45:51.0136 5920 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:45:51.0175 5920 ql2300 - ok
14:45:51.0187 5920 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:45:51.0201 5920 ql40xx - ok
14:45:51.0221 5920 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:45:51.0242 5920 QWAVE - ok
14:45:51.0251 5920 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:45:51.0286 5920 QWAVEdrv - ok
14:45:51.0290 5920 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:45:51.0320 5920 RasAcd - ok
14:45:51.0356 5920 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:45:51.0387 5920 RasAgileVpn - ok
14:45:51.0400 5920 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:45:51.0435 5920 RasAuto - ok
14:45:51.0449 5920 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:45:51.0489 5920 Rasl2tp - ok
14:45:51.0520 5920 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:45:51.0569 5920 RasMan - ok
14:45:51.0579 5920 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:45:51.0620 5920 RasPppoe - ok
14:45:51.0645 5920 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:45:51.0677 5920 RasSstp - ok
14:45:51.0690 5920 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:45:51.0735 5920 rdbss - ok
14:45:51.0749 5920 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:45:51.0772 5920 rdpbus - ok
14:45:51.0789 5920 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:45:51.0819 5920 RDPCDD - ok
14:45:51.0840 5920 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:45:51.0855 5920 RDPDR - ok
14:45:51.0864 5920 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:45:51.0905 5920 RDPENCDD - ok
14:45:51.0921 5920 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:45:51.0951 5920 RDPREFMP - ok
14:45:51.0989 5920 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:45:52.0015 5920 RdpVideoMiniport - ok
14:45:52.0051 5920 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:45:52.0076 5920 RDPWD - ok
14:45:52.0104 5920 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:45:52.0117 5920 rdyboost - ok
14:45:52.0138 5920 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:45:52.0180 5920 RemoteAccess - ok
14:45:52.0218 5920 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:45:52.0269 5920 RemoteRegistry - ok
14:45:52.0324 5920 [ 85B5159D86AC06AD744EE9D3C288AEEE ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
14:45:52.0334 5920 Roxio UPnP Renderer 10 - ok
14:45:52.0351 5920 [ 0DB43CAF2D77B809A86E9D7E1BCC6D76 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
14:45:52.0367 5920 Roxio Upnp Server 10 - ok
14:45:52.0419 5920 [ 7958AFFC64E4F284068EB6575CC64DCF ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
14:45:52.0434 5920 RoxLiveShare10 - ok
14:45:52.0480 5920 [ ED69CD4AB4BE607ABF768A60E4AC79DA ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
14:45:52.0506 5920 RoxMediaDB10 - ok
14:45:52.0523 5920 [ 0DA14EE2C0E274FEA5A6545181851C16 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
14:45:52.0536 5920 RoxWatch10 - ok
14:45:52.0561 5920 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:45:52.0607 5920 RpcEptMapper - ok
14:45:52.0622 5920 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:45:52.0641 5920 RpcLocator - ok
14:45:52.0660 5920 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:45:52.0695 5920 RpcSs - ok
14:45:52.0717 5920 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:45:52.0756 5920 rspndr - ok
14:45:52.0786 5920 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:45:52.0801 5920 RTL8167 - ok
14:45:52.0805 5920 RxFilter - ok
14:45:52.0825 5920 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:45:52.0843 5920 s3cap - ok
14:45:52.0858 5920 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:45:52.0871 5920 SamSs - ok
14:45:52.0885 5920 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:45:52.0897 5920 sbp2port - ok
14:45:52.0917 5920 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:45:52.0951 5920 SCardSvr - ok
14:45:52.0970 5920 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:45:52.0999 5920 scfilter - ok
14:45:53.0068 5920 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:45:53.0125 5920 Schedule - ok
14:45:53.0163 5920 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:45:53.0191 5920 SCPolicySvc - ok
14:45:53.0226 5920 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:45:53.0244 5920 SDRSVC - ok
14:45:53.0286 5920 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:45:53.0330 5920 secdrv - ok
14:45:53.0350 5920 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:45:53.0381 5920 seclogon - ok
14:45:53.0390 5920 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:45:53.0424 5920 SENS - ok
14:45:53.0441 5920 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:45:53.0467 5920 SensrSvc - ok
14:45:53.0496 5920 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:45:53.0516 5920 Serenum - ok
14:45:53.0532 5920 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:45:53.0556 5920 Serial - ok
14:45:53.0573 5920 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:45:53.0597 5920 sermouse - ok
14:45:53.0664 5920 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
14:45:53.0682 5920 ServiceLayer - ok
14:45:53.0728 5920 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:45:53.0775 5920 SessionEnv - ok
14:45:53.0805 5920 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:45:53.0832 5920 sffdisk - ok
14:45:53.0844 5920 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:45:53.0871 5920 sffp_mmc - ok
14:45:53.0890 5920 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:45:53.0919 5920 sffp_sd - ok
14:45:53.0923 5920 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:45:53.0940 5920 sfloppy - ok
14:45:53.0968 5920 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:45:54.0002 5920 SharedAccess - ok
14:45:54.0030 5920 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:45:54.0065 5920 ShellHWDetection - ok
14:45:54.0087 5920 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:45:54.0098 5920 SiSRaid2 - ok
14:45:54.0108 5920 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:45:54.0120 5920 SiSRaid4 - ok
14:45:54.0124 5920 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:45:54.0154 5920 Smb - ok
14:45:54.0173 5920 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:45:54.0189 5920 SNMPTRAP - ok
14:45:54.0212 5920 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:45:54.0222 5920 spldr - ok
14:45:54.0255 5920 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
14:45:54.0291 5920 Spooler - ok
14:45:54.0359 5920 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:45:54.0448 5920 sppsvc - ok
14:45:54.0463 5920 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:45:54.0508 5920 sppuinotify - ok
14:45:54.0542 5920 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:45:54.0560 5920 srv - ok
14:45:54.0575 5920 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:45:54.0604 5920 srv2 - ok
14:45:54.0620 5920 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:45:54.0647 5920 srvnet - ok
14:45:54.0668 5920 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:45:54.0701 5920 SSDPSRV - ok
14:45:54.0718 5920 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:45:54.0749 5920 SstpSvc - ok
14:45:54.0760 5920 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:45:54.0771 5920 stexstor - ok
14:45:54.0815 5920 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:45:54.0845 5920 stisvc - ok
14:45:54.0872 5920 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:45:54.0883 5920 storflt - ok
14:45:54.0906 5920 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:45:54.0918 5920 storvsc - ok
14:45:54.0936 5920 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:45:54.0946 5920 swenum - ok
14:45:54.0963 5920 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:45:55.0000 5920 swprv - ok
14:45:55.0013 5920 Synth3dVsc - ok
14:45:55.0060 5920 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:45:55.0108 5920 SysMain - ok
14:45:55.0130 5920 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:45:55.0163 5920 TabletInputService - ok
14:45:55.0176 5920 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:45:55.0220 5920 TapiSrv - ok
14:45:55.0233 5920 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:45:55.0278 5920 TBS - ok
14:45:55.0322 5920 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:45:55.0362 5920 Tcpip - ok
14:45:55.0386 5920 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:45:55.0418 5920 TCPIP6 - ok
14:45:55.0439 5920 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:45:55.0468 5920 tcpipreg - ok
14:45:55.0479 5920 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:45:55.0505 5920 TDPIPE - ok
14:45:55.0534 5920 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:45:55.0547 5920 TDTCP - ok
14:45:55.0578 5920 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:45:55.0607 5920 tdx - ok
14:45:55.0631 5920 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:45:55.0643 5920 TermDD - ok
14:45:55.0669 5920 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:45:55.0719 5920 TermService - ok
14:45:55.0732 5920 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:45:55.0760 5920 Themes - ok
14:45:55.0785 5920 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:45:55.0815 5920 THREADORDER - ok
14:45:55.0841 5920 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:45:55.0881 5920 TrkWks - ok
14:45:55.0921 5920 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:45:55.0961 5920 TrustedInstaller - ok
14:45:55.0990 5920 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:45:56.0031 5920 tssecsrv - ok
14:45:56.0043 5920 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:45:56.0056 5920 TsUsbFlt - ok
14:45:56.0060 5920 tsusbhub - ok
14:45:56.0104 5920 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:45:56.0143 5920 tunnel - ok
14:45:56.0172 5920 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:45:56.0184 5920 uagp35 - ok
14:45:56.0209 5920 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:45:56.0250 5920 udfs - ok
14:45:56.0270 5920 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:45:56.0299 5920 UI0Detect - ok
14:45:56.0322 5920 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:45:56.0334 5920 uliagpkx - ok
14:45:56.0372 5920 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:45:56.0385 5920 umbus - ok
14:45:56.0415 5920 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:45:56.0429 5920 UmPass - ok
14:45:56.0453 5920 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:45:56.0501 5920 UmRdpService - ok
14:45:56.0529 5920 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:45:56.0582 5920 upnphost - ok
14:45:56.0641 5920 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
14:45:56.0664 5920 upperdev - ok
14:45:56.0675 5920 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:45:56.0689 5920 usbccgp - ok
14:45:56.0727 5920 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:45:56.0743 5920 usbcir - ok
14:45:56.0761 5920 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:45:56.0785 5920 usbehci - ok
14:45:56.0820 5920 [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:45:56.0831 5920 usbfilter - ok
14:45:56.0849 5920 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:45:56.0876 5920 usbhub - ok
14:45:56.0886 5920 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:45:56.0906 5920 usbohci - ok
14:45:56.0915 5920 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:45:56.0944 5920 usbprint - ok
14:45:56.0971 5920 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:45:56.0986 5920 usbscan - ok
14:45:57.0019 5920 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
14:45:57.0056 5920 usbser - ok
14:45:57.0090 5920 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
14:45:57.0126 5920 UsbserFilt - ok
14:45:57.0142 5920 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:45:57.0166 5920 USBSTOR - ok
14:45:57.0175 5920 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:45:57.0196 5920 usbuhci - ok
14:45:57.0235 5920 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
14:45:57.0261 5920 usb_rndisx - ok
14:45:57.0290 5920 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:45:57.0331 5920 UxSms - ok
14:45:57.0362 5920 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:45:57.0375 5920 VaultSvc - ok
14:45:57.0388 5920 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:45:57.0399 5920 vdrvroot - ok
14:45:57.0417 5920 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:45:57.0454 5920 vds - ok
14:45:57.0479 5920 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:45:57.0494 5920 vga - ok
14:45:57.0498 5920 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:45:57.0535 5920 VgaSave - ok
14:45:57.0539 5920 VGPU - ok
14:45:57.0559 5920 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:45:57.0573 5920 vhdmp - ok
14:45:57.0586 5920 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:45:57.0597 5920 viaide - ok
14:45:57.0609 5920 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:45:57.0622 5920 vmbus - ok
14:45:57.0636 5920 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:45:57.0654 5920 VMBusHID - ok
14:45:57.0670 5920 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:45:57.0681 5920 volmgr - ok
14:45:57.0720 5920 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:45:57.0736 5920 volmgrx - ok
14:45:57.0759 5920 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:45:57.0773 5920 volsnap - ok
14:45:57.0803 5920 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:45:57.0816 5920 vsmraid - ok
14:45:57.0858 5920 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:45:57.0916 5920 VSS - ok
14:45:57.0926 5920 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:45:57.0941 5920 vwifibus - ok
14:45:57.0966 5920 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:45:57.0982 5920 vwififlt - ok
14:45:58.0008 5920 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:45:58.0057 5920 W32Time - ok
14:45:58.0063 5920 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:45:58.0086 5920 WacomPen - ok
14:45:58.0116 5920 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:45:58.0151 5920 WANARP - ok
14:45:58.0154 5920 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:45:58.0183 5920 Wanarpv6 - ok
14:45:58.0222 5920 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:45:58.0265 5920 wbengine - ok
14:45:58.0279 5920 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:45:58.0300 5920 WbioSrvc - ok
14:45:58.0326 5920 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:45:58.0348 5920 wcncsvc - ok
14:45:58.0363 5920 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:45:58.0387 5920 WcsPlugInService - ok
14:45:58.0402 5920 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:45:58.0414 5920 Wd - ok
14:45:58.0442 5920 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:45:58.0463 5920 Wdf01000 - ok
14:45:58.0476 5920 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:45:58.0502 5920 WdiServiceHost - ok
14:45:58.0506 5920 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:45:58.0524 5920 WdiSystemHost - ok
14:45:58.0554 5920 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:45:58.0584 5920 WebClient - ok
14:45:58.0597 5920 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:45:58.0638 5920 Wecsvc - ok
14:45:58.0654 5920 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:45:58.0698 5920 wercplsupport - ok
14:45:58.0713 5920 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:45:58.0745 5920 WerSvc - ok
14:45:58.0760 5920 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:45:58.0789 5920 WfpLwf - ok
14:45:58.0797 5920 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:45:58.0808 5920 WIMMount - ok
14:45:58.0819 5920 WinDefend - ok
14:45:58.0835 5920 WinHttpAutoProxySvc - ok
14:45:58.0889 5920 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:45:58.0921 5920 Winmgmt - ok
14:45:58.0960 5920 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:45:59.0020 5920 WinRM - ok
14:45:59.0061 5920 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:45:59.0077 5920 WinUsb - ok
14:45:59.0108 5920 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:45:59.0145 5920 Wlansvc - ok
14:45:59.0198 5920 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:45:59.0208 5920 wlcrasvc - ok
14:45:59.0260 5920 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:45:59.0302 5920 wlidsvc - ok
14:45:59.0326 5920 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:45:59.0351 5920 WmiAcpi - ok
14:45:59.0378 5920 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:45:59.0404 5920 wmiApSrv - ok
14:45:59.0419 5920 WMPNetworkSvc - ok
14:45:59.0433 5920 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:45:59.0448 5920 WPCSvc - ok
14:45:59.0466 5920 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:45:59.0484 5920 WPDBusEnum - ok
14:45:59.0498 5920 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:45:59.0537 5920 ws2ifsl - ok
14:45:59.0555 5920 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
14:45:59.0582 5920 wscsvc - ok
14:45:59.0585 5920 WSearch - ok
14:45:59.0633 5920 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:45:59.0681 5920 wuauserv - ok
14:45:59.0697 5920 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:45:59.0737 5920 WudfPf - ok
14:45:59.0755 5920 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:45:59.0785 5920 WUDFRd - ok
14:45:59.0816 5920 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:45:59.0847 5920 wudfsvc - ok
14:45:59.0860 5920 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:45:59.0894 5920 WwanSvc - ok
14:45:59.0938 5920 ================ Scan global ===============================
14:45:59.0959 5920 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:45:59.0976 5920 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:45:59.0986 5920 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:46:00.0020 5920 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:46:00.0044 5920 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:46:00.0049 5920 [Global] - ok
14:46:00.0050 5920 ================ Scan MBR ==================================
14:46:00.0052 5920 [ D9FBB9B922018F6E50EEBCDD233A6DD0 ] \Device\Harddisk0\DR0
14:46:00.0526 5920 \Device\Harddisk0\DR0 - ok
14:46:00.0528 5920 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:46:00.0612 5920 \Device\Harddisk1\DR1 - ok
14:46:00.0630 5920 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
14:46:00.0761 5920 \Device\Harddisk2\DR2 - ok
14:46:00.0761 5920 ================ Scan VBR ==================================
14:46:00.0764 5920 [ A1FA931EB707741F54D661386AC3FA12 ] \Device\Harddisk0\DR0\Partition1
14:46:00.0765 5920 \Device\Harddisk0\DR0\Partition1 - ok
14:46:00.0785 5920 [ 6F5EA9C0CEF733CCBADB1B127FB6FA9B ] \Device\Harddisk2\DR2\Partition1
14:46:00.0786 5920 \Device\Harddisk2\DR2\Partition1 - ok
14:46:00.0788 5920 [ 6E5C5DB7784C31C51C1BA3469D76EF88 ] \Device\Harddisk2\DR2\Partition2
14:46:00.0789 5920 \Device\Harddisk2\DR2\Partition2 - ok
14:46:00.0808 5920 [ 050DE8C0290E35561290225589A87524 ] \Device\Harddisk2\DR2\Partition3
14:46:00.0809 5920 \Device\Harddisk2\DR2\Partition3 - ok
14:46:00.0829 5920 [ 99AD3BC4828C175583CF115FB1B25241 ] \Device\Harddisk2\DR2\Partition4
14:46:00.0830 5920 \Device\Harddisk2\DR2\Partition4 - ok
14:46:00.0830 5920 ============================================================
14:46:00.0830 5920 Scan finished
14:46:00.0830 5920 ============================================================
14:46:00.0840 5924 Detected object count: 1
14:46:00.0840 5924 Actual detected object count: 1
14:46:27.0820 5924 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:46:27.0820 5924 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip


Alt 07.05.2013, 13:49   #6
markusg
/// Malware-holic
 
GVU-Trojaner - Standard

GVU-Trojaner



Sehr gut.
Combofix:
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> GVU-Trojaner

Alt 07.05.2013, 14:05   #7
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



So, weiter gehts.. hier das Log des Combofix:


Combofix Logfile:
Code:
ATTFilter
ComboFix 13-05-07.02 - Rittmeier 07.05.2013  14:55:02.1.3 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4057.2233 [GMT 2:00]
ausgeführt von:: c:\users\Rittmeier\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\users\Rittmeier\AppData\Roaming\skype.ini
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-07 bis 2013-05-07  ))))))))))))))))))))))))))))))
.
.
2013-05-07 13:01 . 2013-05-07 13:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-07 12:28 . 2013-05-07 12:32	--------	d-----w-	C:\_OTL
2013-05-07 12:10 . 2013-05-07 12:10	--------	d-----w-	c:\users\Rittmeier\AppData\Roaming\Malwarebytes
2013-05-07 12:10 . 2013-05-07 12:10	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-07 12:10 . 2013-05-07 12:10	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-07 12:10 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-07 07:31 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7581113E-A2BB-47D5-B411-E512A60DF4BF}\mpengine.dll
2013-05-03 13:27 . 2013-05-07 09:17	--------	d-----w-	c:\program files (x86)\totalcmd
2013-05-03 13:27 . 2013-05-03 13:28	--------	d-----w-	c:\users\Rittmeier\AppData\Roaming\GHISLER
2013-04-25 12:15 . 2013-04-25 12:15	--------	d-----w-	c:\users\Rittmeier\.Altair
2013-04-25 12:15 . 2013-04-25 12:15	--------	d-----w-	c:\users\Rittmeier\AppData\Local\.altair_licensing
2013-04-25 11:26 . 2013-04-25 11:26	--------	d-----w-	c:\program files\Altair
2013-04-25 09:27 . 2013-04-25 09:27	--------	d-----w-	c:\program files\WinRAR
2013-04-25 09:23 . 2013-04-25 09:23	--------	d-----w-	c:\program files\7-Zip
2013-04-24 06:32 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-13 16:37 . 2013-05-03 11:29	255896	----a-w-	c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-04-10 16:27 . 2013-02-15 06:06	3717632	----a-w-	c:\windows\system32\mstscax.dll
2013-04-10 16:27 . 2013-02-15 04:37	3217408	----a-w-	c:\windows\SysWow64\mstscax.dll
2013-04-10 16:27 . 2013-02-15 06:08	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-10 16:27 . 2013-02-15 06:02	158720	----a-w-	c:\windows\system32\aaclient.dll
2013-04-10 16:27 . 2013-02-15 04:34	131584	----a-w-	c:\windows\SysWow64\aaclient.dll
2013-04-10 16:27 . 2013-02-15 03:25	36864	----a-w-	c:\windows\SysWow64\tsgqec.dll
2013-04-10 16:26 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-10 16:26 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-10 16:26 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 16:26 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 16:26 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-10 16:26 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-10 16:26 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 13:12 . 2011-03-28 16:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2009-10-14 05:13	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-10 17:06 . 2009-10-14 05:12	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-04 17:23 . 2013-04-04 17:23	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-04 17:23 . 2013-04-04 17:23	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-04 17:23 . 2013-04-04 17:23	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-04 17:23 . 2013-04-04 17:23	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-04 17:23 . 2013-04-04 17:23	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-04 17:23 . 2013-04-04 17:23	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-04 17:23 . 2013-04-04 17:23	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-04 17:23 . 2013-04-04 17:23	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-04 17:23 . 2013-04-04 17:23	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-04 17:23 . 2013-04-04 17:23	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-04 17:23 . 2013-04-04 17:23	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-04 17:23 . 2013-04-04 17:23	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-04 17:23 . 2013-04-04 17:23	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-04 17:23 . 2013-04-04 17:23	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-04 17:23 . 2013-04-04 17:23	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-04 17:23 . 2013-04-04 17:23	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-04 17:23 . 2013-04-04 17:23	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-04 17:23 . 2013-04-04 17:23	441856	----a-w-	c:\windows\system32\html.iec
2013-04-04 17:23 . 2013-04-04 17:23	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-04 17:23 . 2013-04-04 17:23	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-04 17:23 . 2013-04-04 17:23	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-04 17:23 . 2013-04-04 17:23	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-04 17:23 . 2013-04-04 17:23	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-04 17:23 . 2013-04-04 17:23	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-04 17:23 . 2013-04-04 17:23	235008	----a-w-	c:\windows\system32\url.dll
2013-04-04 17:23 . 2013-04-04 17:23	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-04 17:23 . 2013-04-04 17:23	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-04 17:23 . 2013-04-04 17:23	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-04 17:23 . 2013-04-04 17:23	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-04 17:23 . 2013-04-04 17:23	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-04 17:23 . 2013-04-04 17:23	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-04 17:23 . 2013-04-04 17:23	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-04 17:23 . 2013-04-04 17:23	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-04 17:23 . 2013-04-04 17:23	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-04 17:23 . 2013-04-04 17:23	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-04 17:23 . 2013-04-04 17:23	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-04 17:23 . 2013-04-04 17:23	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-04 17:23 . 2013-04-04 17:23	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-04 17:23 . 2013-04-04 17:23	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-04 17:23 . 2013-04-04 17:23	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-04 17:23 . 2013-04-04 17:23	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-04 17:23 . 2013-04-04 17:23	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-04 17:23 . 2013-04-04 17:23	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-04 17:23 . 2013-04-04 17:23	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-04 17:23 . 2013-04-04 17:23	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-04 17:23 . 2013-04-04 17:23	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-04 17:23 . 2013-04-04 17:23	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-04 17:23 . 2013-04-04 17:23	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-04 17:23 . 2013-04-04 17:23	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-04 17:22 . 2013-04-04 17:22	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-04-04 17:22 . 2013-04-04 17:22	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-04-04 17:22 . 2013-04-04 17:22	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-04-04 17:22 . 2013-04-04 17:22	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-04-04 17:22 . 2013-04-04 17:22	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-04-04 17:22 . 2013-04-04 17:22	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-04-04 17:22 . 2013-04-04 17:22	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-04 17:22 . 2013-04-04 17:22	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-04-04 17:22 . 2013-04-04 17:22	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-04-04 17:22 . 2013-04-04 17:22	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-04-04 17:22 . 2013-04-04 17:22	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-04-04 17:22 . 2013-04-04 17:22	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-04-04 17:22 . 2013-04-04 17:22	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-04-04 17:22 . 2013-04-04 17:22	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-04-04 17:22 . 2013-04-04 17:22	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-04 17:22 . 2013-04-04 17:22	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-04-04 17:22 . 2013-04-04 17:22	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-04-04 17:22 . 2013-04-04 17:22	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-04 17:22 . 2013-04-04 17:22	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-04-04 17:22 . 2013-04-04 17:22	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-04-04 17:22 . 2013-04-04 17:22	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-04 17:22 . 2013-04-04 17:22	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-04-04 17:22 . 2013-04-04 17:22	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-04-04 17:22 . 2013-04-04 17:22	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-04-04 17:22 . 2013-04-04 17:22	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-04-04 17:22 . 2013-04-04 17:22	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-04-04 17:22 . 2013-04-04 17:22	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-04-04 17:22 . 2013-04-04 17:22	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-04-04 17:22 . 2013-04-04 17:22	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-04-04 17:22 . 2013-04-04 17:22	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-04-04 17:22 . 2013-04-04 17:22	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-04-04 17:22 . 2013-04-04 17:22	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-04-04 17:22 . 2013-04-04 17:22	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWinl.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Mobile Partner"="c:\program files (x86)\HiSuite\HiSuite.exe" [2013-05-03 547328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HyperWorkswin64Desktop Quick Launch.lnk - c:\programme\Altair_Hyperworks_10\hw\bin\win64\hw.exe [N/A]
JDownloader.lnk - c:\program files (x86)\JDownloader\JDownloaderD3D.exe [2011-10-8 218816]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe [2013-4-27 1386136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
R3 aswVmm;aswVmm; [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]
S0 aswRvrt;aswRvrt; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-07-26 53488]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 c2scsi64;c2scsi64;c:\windows\system32\DRIVERS\c2scsi64.sys [2007-08-17 169208]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 Flexlm Service 1;Flexlm Service 1;c:\users\Rittmeier\AppData\Roaming\MSC.Software\MSC.Licensing\11.9\lmgrd.exe [2011-03-14 1775440]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 69287929
*Deregistered* - 69287929
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 16:30	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 09:20]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 09:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-03-18 170496]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.easylifeapp.com/?pid=700&src=ie1&r=2013/02/23&hid=706455254&lg=EN&cc=DE
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{2768C57C-46F8-4DC4-8BAB-12E70DF10322}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Rittmeier\AppData\Roaming\Mozilla\Firefox\Profiles\hlprhcmb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=700&src=ff2&r=2013/02/23&hid=706455254&lg=EN&cc=DE&l=1&q=
FF - prefs.js: browser.search.selectedEngine - EasyLife
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?pid=700&src=ff2&r=2013/02/23&hid=706455254&lg=EN&cc=DE&l=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3071843407-2705748177-3159224180-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3071843407-2705748177-3159224180-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-07  15:03:24
ComboFix-quarantined-files.txt  2013-05-07 13:03
.
Vor Suchlauf: 13 Verzeichnis(se), 68.612.423.680 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 68.492.283.904 Bytes frei
.
- - End Of File - - 7BB8BA5D667115608D88E566DCD25E5E
         
--- --- ---

Alt 07.05.2013, 14:11   #8
markusg
/// Malware-holic
 
GVU-Trojaner - Standard

GVU-Trojaner



hi,
poste bitte alle Malwarebytes Logs mit Funden
http://www.trojaner-board.de/125889-...en-posten.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.05.2013, 14:21   #9
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



so, auch malewarebytes ist fündig geworden. hier das log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.07.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Rittmeier :: RITTMEIER-PC [Administrator]

07.05.2013 15:16:06
mbam-log-2013-05-07 (15-16-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223591
Laufzeit: 2 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-2.1 (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\Rittmeier\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 15
C:\Users\Rittmeier\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\ffmpeg.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Rittmeier\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 07.05.2013, 14:26   #10
markusg
/// Malware-holic
 
GVU-Trojaner - Standard

GVU-Trojaner



Hi alle bisher erstellten logs mit funden von Malwarebytes, kein neues
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.05.2013, 14:32   #11
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



Achso, du meintest alte logs mit früheren funden..

Nun ist es so, dass ich malewarebytes erst jetzt mal wieder installiert hatte. Die anderen gelisteten Programme (avira etc.) habe ich auch nicht, ich nutze avast und kann hier keine alten protokolle finden..

Wie machen wir weiter ?

Alt 07.05.2013, 14:39   #12
markusg
/// Malware-holic
 
GVU-Trojaner - Standard

GVU-Trojaner



Hi,
Malwarebytes öffnen, und einen kompletten Scan machen, neues Log posten bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.05.2013, 15:56   #13
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



Alles klar. Also nach dem erwähnten Quick-Scan (für den ich das Log gepostet hatte) inkl. Löschung der Funde, hier nun das Log des Vollständigen-Scan:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.07.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Rittmeier :: RITTMEIER-PC [Administrator]

07.05.2013 15:46:53
mbam-log-2013-05-07 (15-46-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|D:\|E:\|F:\|H:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 543542
Laufzeit: 1 Stunde(n), 1 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\_OTL\MovedFiles.zip (Trojan.Agent.zr0) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\05072013_142803\C_Users\Rittmeier\AppData\Roaming\skype.dat (Trojan.Agent.zr0) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 07.05.2013, 16:17   #14
markusg
/// Malware-holic
 
GVU-Trojaner - Standard

GVU-Trojaner



Sieht doch schon mal gut aus.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.05.2013, 16:38   #15
Ritter_83
 
GVU-Trojaner - Standard

GVU-Trojaner



CCCleaner hab ich bereits. Hier die Liste (hab alle unbekannten mit "unbekannt" kenntlich gemacht, alle anderen sind notwendig):

EMC 10 Content Ihr Firmenname 08.10.2011 809MB 1.0.015
TAXMAN 2012 Haufe-Lexware GmbH & Co.KG 02.06.2012 600MB 18.07.00.0008
Roxio WinOnCD 10 Roxio 08.10.2011 596MB 1.0.044
TAXMAN Bibliothek 2012 Haufe-Lexware GmbH & Co. KG 02.06.2012 463MB 18.0.0.0
Google Earth Google 25.03.2013 173MB 7.0.3.8542
Haufe iDesk-Service Haufe 02.06.2012 137MB 11.07.19.8023 unbekannt
Java 7 Update 17 Oracle 24.03.2013 129MB 7.0.170 unbekannt
Adobe Reader X (10.1.6) - Deutsch Adobe Systems Incorporated 23.04.2013 121MB 10.1.6
Java(TM) 6 Update 13 (64-bit) Sun Microsystems, Inc. 18.03.2012 89,7MB 6.0.130 unbekannt
Lexware Elster Lexware GmbH & Co. KG 18.03.2012 59,1MB 9.10.00.0041
Roxio CinePlayer Roxio 08.10.2011 56,5MB 3.9
Microsoft .NET Framework 4 Extended Microsoft Corporation 23.02.2013 51,9MB 4.0.30319 unbekannt
Nokia Software Updater Nokia Corporation 09.07.2012 50,7MB 3.0.655
Microsoft Silverlight Microsoft Corporation 14.03.2013 50,6MB 5.1.20125.0 unbekannt
Mozilla Firefox 21.0 (x86 de) Mozilla 07.05.2013 43,5MB 21.0
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 18.03.2012 38,8MB 4.0.30319 unbekannt
Roxio CinePlayer Decoder Pack Roxio 08.10.2011 35,2MB 4.3.0
Microsoft .NET Framework 1.1 Microsoft 08.10.2011 34,8MB 1.1.4322 unbekannt
Haufe iDesk-Browser Haufe-Lexware GmbH & Co. KG 02.06.2012 26,7MB 10.10.14.0000
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 09.07.2012 26,2MB 8.0.881.0
PC Connectivity Solution Nokia 09.07.2012 21,0MB 12.0.17.0
Roxio Central Core Roxio 08.10.2011 21,0MB 3.6.0
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 07.05.2013 19,2MB 1.75.0.1300
Lexware Info Service Haufe-Lexware GmbH & Co.KG 02.06.2012 15,8MB 2.80.00.0007
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 28.04.2013 15,2MB 10.0.40219 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 19.03.2012 12,2MB 10.0.40219 unbekannt
Roxio BackOnTrack Roxio 08.10.2011 11,9MB 1.1.0
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 23.02.2013 10,6MB 4.0.30319 unbekannt
Roxio MediaShare Roxio 08.10.2011 10,2MB 1.0.0
Roxio File Backup Roxio 08.10.2011 9,53MB 1.1.0
Microsoft Office File Validation Add-In Microsoft Corporation 14.11.2011 7,95MB 14.0.5130.5003
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 07.05.2013 6,00MB 11.4.402.287 unbekannt
Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 15.11.2011 6,00MB 11.1.102.55 unbekannt
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 08.10.2011 5,57MB 15.4.5722.2 unbekannt
7-Zip 9.20 (x64 edition) Igor Pavlov 25.04.2013 4,53MB 9.20.00.0
Nokia Connectivity Cable Driver Nokia 09.07.2012 3,95MB 7.1.78.0
EMCGadgets64 Ihr Firmenname 08.10.2011 3,42MB 1.0.020 unbekannt
Roxio Disc Gallery Roxio 08.10.2011 3,25MB 3.1
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 23.02.2013 2,93MB 4.0.30319 unbekannt
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 18.03.2012 2,67MB 10.1.82.76 unbekannt
Roxio Update Manager Roxio 08.10.2011 2,36MB 6.0.0
Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 13.11.2011 2,22MB 1.10.0.0
A-PDF Restrictions Remover 1.6 A-PDF Solution 24.06.2012 1,98MB
Roxio Central Audio Roxio 08.10.2011 1,89MB 3.6.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 08.10.2011 1,69MB 3.1.0000 unbekannt
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 09.01.2013 1,54MB 4.30.2117.0 unbekannt
MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 10.07.2012 1,53MB 4.30.2114.0 unbekannt
MSXML 4.0 SP3 Parser Microsoft Corporation 09.07.2012 1,47MB 4.30.2100.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 09.10.2011 1,33MB 4.20.9876.0 unbekannt
Roxio Central Data Roxio 08.10.2011 1,32MB 3.6.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 09.10.2011 1,27MB 4.20.9870.0 unbekannt
Roxio Central Copy Roxio 08.10.2011 1,03MB 3.6.0
Microsoft WSE 3.0 Runtime Microsoft Corp. 18.03.2012 942KB 3.0.5305.0 unbekannt
Roxio Central Tools Roxio 08.10.2011 607KB 3.6.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 09.10.2011 600KB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.10.2011 596KB 9.0.30729.4148 unbekannt
Microsoft Office Live Add-in 1.5 Microsoft Corporation 25.04.2012 508KB 2.0.4024.1 unbekannt
OptimizerPro BetterSoft 23.02.2012 340KB 1.0 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.12.2011 300KB 8.0.59193 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 12.03.2012 244KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.03.2012 230KB 9.0.30729 unbekannt
EasyLife Gadget EasyLife Gadget 23.02.2013 147KB 1.0
Microsoft Tool Web Package : EXCTRLST.EXE Microsoft Corporation 26.03.2013 56,0KB 1.00.0.1 unbekannt
WISO Steuer-Sparbuch 2013 Buhl Data Service GmbH 27.04.2013 20.00.8137
WISO Steuer 2012 Buhl Data Service GmbH 02.06.2012 19.00.7303
Wisdom-soft ScreenHunter 6.0 Free Wisdom Software Inc. 07.05.2013
WinRAR 4.20 (64-Bit) win.rar GmbH 25.04.2013 4.20.0
Winload Toolbar Winload 07.05.2013 6.8.9.0 unbekannt
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 09.07.2012 08/22/2008 7.0.0.0 unbekannt
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) Nokia 09.07.2012 02/25/2011 7.01.0.9 unbekannt
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) Nokia 09.07.2012 02/25/2011 4.7 unbekannt
Windows Live Essentials Microsoft Corporation 19.04.2012 15.4.3555.0308 unbekannt
Winamp Nullsoft, Inc 07.05.2013 5.5
VueScan 07.05.2013
VLC media player 1.1.11 VideoLAN 07.05.2013 1.1.11
Total Commander 64-bit (Remove or Repair) Ghisler Software GmbH 03.05.2013 8.0
Saal Design Software SSW Software GmbH 07.05.2013 2.9.2
Rossmann Fotowelt Software 4.9 ORWO Net 07.05.2013 4.9
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 19.12.2011 6.0.1.6251 unbekannt
Realtek Ethernet Controller Driver Realtek 19.12.2011 7.43.321.2011 unbekannt
ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 07.05.2013 11.0.0.14 unbekannt
PDFCreator Frank Heindörfer, Philip Chinery 02.06.2012 0.9.5
NVIDIA Grafiktreiber 285.62 NVIDIA Corporation 01.11.2011 285.62
Nokia Suite Nokia 07.05.2013 3.4.49.0
Nokia PC Suite Nokia 07.05.2013 7.1.180.46
MSC.Licensing 11.9 MSC.Software Corporation 21.10.2012 11.9.0
MSC Nastran 2012.1 MSC.Software Corporation 07.05.2013 12.1.0
Microsoft Office Enterprise 2007 Microsoft Corporation 07.05.2013 12.0.6612.1000
JMicron JMB36X Driver JMicron Technology Corp. 19.12.2011 1.17.62.0 unbekannt
JDownloader 0.9 AppWork GmbH 07.05.2013 0.9
ICQ7.6 ICQ 08.10.2011 7.6
HiSuite Huawei Technologies Co.,Ltd 07.05.2013 32.300.12.00.06
Hama Wireless LAN Adapter Hama 06.10.2011 1.00.0000
Google Toolbar for Internet Explorer Google Inc. 07.05.2013
Google Chrome Google Inc. 09.07.2012 26.0.1410.64
FlexNet Publisher License Server Manager Flexera Software LLC. 17.11.2012 11.11.0.0
Das Vermächtnis: Testament of Sin City Interactive 26.03.2012
CCleaner Piriform 22.08.2012 3.22
Canon MX310 series Benutzerregistrierung 07.05.2013
Canon MX310 series 23.12.2011
Canon MP Navigator EX 1.0 07.05.2013
avast! Free Antivirus AVAST Software 07.05.2013 8.0.1483.0
Altair Licensing 10.0win64 Altair Engineering, Inc. 07.01.2012 1.0
Altair HyperWorks Master Installer 12.0 (Local 64-bit) Altair Engineering, Inc. 25.04.2013 12.0
Altair HyperWorks 10.0win64 Altair Engineering, Inc. 22.01.2013 10.0
Adobe AIR Adobe Systems Incorporated 07.05.2013 3.6.0.6090 unbekannt

Antwort

Themen zu GVU-Trojaner
aktiv, avast, bedrohung, bedrohung gefunden, bekannte, gefunde, gvu-trojaner, laufe, laufen, meldung, modus



Zum Thema GVU-Trojaner - Hallo. Auch mich hat der GVU-Trojaner erwischt. Avast war aktiv, hat eine Meldung gebracht "Bedrohung gefunden".. und dann kam die bekannte GVU-Trojaner-Meldung. Hab im abgesichertem Modus wie hier beschrieben OTL - GVU-Trojaner...
Archiv
Du betrachtest: GVU-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.