| |
| |||||||
Log-Analyse und Auswertung: GVU-Trojaner schon wieder...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.05.2013, 23:49
| #1 |
 |  GVU-Trojaner schon wieder... Guten Abend, als ich gestern auf nicht wirklich jugendfreien Seiten unterwegs war habe ich mir den GVU-Trojaner eingefangen. Immer wenn ich mich anmelde erscheint die bestimmt fast allen bekannte weiße Seite mit der Aufforderung 100 Euronen zu zahlen und ich kann den Pc runterfahren. Strg+Alt+Entf funktioniert noch,also kann ich problemlos den PC runterfahren und auch der Abgesicherte Modus bereitet keine Probleme. Gestern Abend ist es mit gelungen dank meiner riesigen Menge an Datenmüll den Virus zu schließen bevor er mit seiner Arbeit beginnen konnte. Dabei konnte ich den Namen tiyv.exe (vlt auch tivy,konnte es nicht genau sehen) als Versteck ausfindig machen Betriebssystem Windows Vista [32-Bit] Medion (Akira?) Intel(R) Core(TM)2 Duo CPU E7400@2,80GHz Bis jetzt bin ich den Schritten hier im Einführungspost gefolgt und habe Defogger,OTl und Gmer über meinen PC laufen lassen. Die Ergebnisse der Scans habe ich als .zip Datei angehängt Sie enthält alle 3 Logfiles von Extra.txt,OTL.txt und Gmer.txt Mir würde es schon reichen wenn ich die wichtigsten Dokumente auf meine externe Festplatte ziehen könnte und dann den PC neu aufsetzten. Wenn möglich wäre es natürlich besser nur gezielt den GVU-Trojaner auszumerzen. Sonstige Programme habe ich bis jetzt noch keine zur Hand. Danke für eure Hilfe! Edit: habe natüröich versucht die gesehene Datei ausfindig zu machen und zu löschen. Hab sie zwar gelöscht,geholfen hat es aber nicht Geändert von Cypher00 (15.05.2013 um 23:51 Uhr) Grund: eigene Versuche ergänzt |
|
15.05.2013, 23:53
| #2 |
| /// Malware-holic   | GVU-Trojaner schon wieder... Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\lbzdo.dat (Microsoft Corporation)
[2013.05.14 17:14:55 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lbzdo.dat
[2013.05.14 17:14:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.14 17:14:54 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Users\Sabine\1719529.dll
[2013.05.15 13:45:26 | 095,023,320 | ---- | M] () -- C:\ProgramData\odzbl.pad
[2013.05.15 10:15:35 | 000,002,609 | ---- | M] () -- C:\ProgramData\odzbl.js
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
16.05.2013, 00:31
| #3 |
| | GVU-Trojaner schon wieder... hier der _OTL\Moved Files FILELOG
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
C:\ProgramData\lbzdo.dat moved successfully.
File C:\ProgramData\lbzdo.dat not found.
C:\ProgramData\rundll32.exe moved successfully.
C:\Users\Sabine\1719529.dll moved successfully.
C:\ProgramData\odzbl.pad moved successfully.
C:\ProgramData\odzbl.js moved successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: FH
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
User: Manuel
User: Public
User: Sabine
->Temp folder emptied: 497442637 bytes
->Temporary Internet Files folder emptied: 2581519971 bytes
->Java cache emptied: 236706 bytes
->Google Chrome cache emptied: 65392145 bytes
->Flash cache emptied: 57446 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7650254 bytes
RecycleBin emptied: 2351028808 bytes
Total Files Cleaned = 5.249,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05162013_010457
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Geändert von Cypher00 (16.05.2013 um 00:37 Uhr) Grund: Rückmeldung zu Upload |
|
16.05.2013, 00:39
| #4 |
| /// Malware-holic | GVU-Trojaner schon wieder... thx fürs hochladen. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.05.2013, 00:49
| #5 |
| | GVU-Trojaner schon wieder... Eine Frage zur Anleitung:Soll ich den PC jetzt neustarten vor dem nächsten Schritt,also vor dem nächsten Scan? Hier der Filelog für den TDSSKiller: Code:
ATTFilter 01:46:14.0515 1328 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:46:14.0984 1328 ============================================================
01:46:14.0984 1328 Current date / time: 2013/05/16 01:46:14.0984
01:46:14.0984 1328 SystemInfo:
01:46:14.0984 1328
01:46:14.0984 1328 OS Version: 6.0.6002 ServicePack: 2.0
01:46:14.0984 1328 Product type: Workstation
01:46:14.0984 1328 ComputerName: SABINE-PC
01:46:14.0984 1328 UserName: Sabine
01:46:14.0984 1328 Windows directory: C:\Windows
01:46:14.0984 1328 System windows directory: C:\Windows
01:46:14.0984 1328 Processor architecture: Intel x86
01:46:14.0984 1328 Number of processors: 2
01:46:14.0984 1328 Page size: 0x1000
01:46:14.0984 1328 Boot type: Normal boot
01:46:14.0984 1328 ============================================================
01:46:16.0031 1328 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:46:16.0046 1328 Drive \Device\Harddisk4\DR42 - Size: 0x0 (0.00 Gb), SectorSize: 0x200, Cylinders: 0x0, SectorsPerTrack: 0x0, TracksPerCylinder: 0x0, Type 'W'
01:46:16.0046 1328 ============================================================
01:46:16.0046 1328 \Device\Harddisk0\DR0:
01:46:16.0046 1328 MBR partitions:
01:46:16.0046 1328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
01:46:16.0046 1328 ============================================================
01:46:16.0062 1328 C: <-> \Device\Harddisk0\DR0\Partition1
01:46:16.0062 1328 ============================================================
01:46:16.0062 1328 Initialize success
01:46:16.0062 1328 ============================================================
01:46:33.0999 5340 ============================================================
01:46:33.0999 5340 Scan started
01:46:33.0999 5340 Mode: Manual; SigCheck; TDLFS;
01:46:33.0999 5340 ============================================================
01:46:34.0218 5340 ================ Scan system memory ========================
01:46:34.0218 5340 System memory - ok
01:46:34.0218 5340 ================ Scan services =============================
01:46:34.0328 5340 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
01:46:34.0421 5340 ACPI - ok
01:46:34.0484 5340 [ E850B0A94E8703CCBC980B31594DC408 ] acsint C:\Windows\system32\DRIVERS\acsint.sys
01:46:34.0499 5340 acsint - ok
01:46:34.0531 5340 [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux C:\Windows\system32\DRIVERS\acsmux.sys
01:46:34.0546 5340 acsmux - ok
01:46:34.0593 5340 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:46:34.0593 5340 AdobeFlashPlayerUpdateSvc - ok
01:46:34.0640 5340 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:46:34.0671 5340 adp94xx - ok
01:46:34.0734 5340 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:46:34.0749 5340 adpahci - ok
01:46:34.0765 5340 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
01:46:34.0781 5340 adpu160m - ok
01:46:34.0796 5340 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:46:34.0812 5340 adpu320 - ok
01:46:34.0843 5340 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:46:34.0874 5340 AeLookupSvc - ok
01:46:34.0906 5340 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
01:46:34.0937 5340 AFD - ok
01:46:34.0953 5340 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:46:35.0015 5340 agp440 - ok
01:46:35.0031 5340 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
01:46:35.0031 5340 aic78xx - ok
01:46:35.0062 5340 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
01:46:35.0109 5340 ALG - ok
01:46:35.0140 5340 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
01:46:35.0156 5340 aliide - ok
01:46:35.0171 5340 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
01:46:35.0171 5340 amdagp - ok
01:46:35.0203 5340 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
01:46:35.0203 5340 amdide - ok
01:46:35.0265 5340 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
01:46:35.0312 5340 AmdK7 - ok
01:46:35.0312 5340 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:46:35.0359 5340 AmdK8 - ok
01:46:35.0406 5340 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
01:46:35.0421 5340 AntiVirSchedulerService - ok
01:46:35.0437 5340 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
01:46:35.0437 5340 AntiVirService - ok
01:46:35.0468 5340 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
01:46:35.0515 5340 Appinfo - ok
01:46:35.0531 5340 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
01:46:35.0531 5340 arc - ok
01:46:35.0546 5340 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:46:35.0562 5340 arcsas - ok
01:46:35.0656 5340 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
01:46:35.0656 5340 aspnet_state - ok
01:46:35.0687 5340 AsrCDDrv - ok
01:46:35.0703 5340 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:46:35.0734 5340 AsyncMac - ok
01:46:35.0749 5340 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
01:46:35.0749 5340 atapi - ok
01:46:35.0781 5340 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:46:35.0796 5340 AudioEndpointBuilder - ok
01:46:35.0796 5340 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
01:46:35.0812 5340 Audiosrv - ok
01:46:35.0828 5340 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
01:46:35.0828 5340 avgntflt - ok
01:46:35.0843 5340 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
01:46:35.0859 5340 avipbb - ok
01:46:35.0874 5340 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
01:46:35.0874 5340 avkmgr - ok
01:46:35.0890 5340 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
01:46:35.0937 5340 Beep - ok
01:46:35.0968 5340 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
01:46:35.0984 5340 BFE - ok
01:46:36.0015 5340 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
01:46:36.0062 5340 BITS - ok
01:46:36.0078 5340 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
01:46:36.0109 5340 blbdrive - ok
01:46:36.0124 5340 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:46:36.0140 5340 bowser - ok
01:46:36.0171 5340 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
01:46:36.0187 5340 BrFiltLo - ok
01:46:36.0203 5340 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
01:46:36.0265 5340 BrFiltUp - ok
01:46:36.0312 5340 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
01:46:36.0406 5340 Browser - ok
01:46:36.0624 5340 [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
01:46:36.0624 5340 Suspicious file (NoAccess): C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe. md5: D9C8DC2D7EC28E3FF25C99EF17C8631A
01:46:36.0640 5340 BrowserProtect ( LockedFile.Multi.Generic ) - warning
01:46:36.0640 5340 BrowserProtect - detected LockedFile.Multi.Generic (1)
01:46:36.0656 5340 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
01:46:36.0703 5340 Brserid - ok
01:46:36.0734 5340 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
01:46:36.0796 5340 BrSerWdm - ok
01:46:36.0812 5340 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
01:46:36.0874 5340 BrUsbMdm - ok
01:46:36.0906 5340 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
01:46:36.0937 5340 BrUsbSer - ok
01:46:36.0953 5340 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:46:37.0015 5340 BTHMODEM - ok
01:46:37.0031 5340 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:46:37.0046 5340 cdfs - ok
01:46:37.0078 5340 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:46:37.0093 5340 cdrom - ok
01:46:37.0109 5340 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
01:46:37.0124 5340 CertPropSvc - ok
01:46:37.0156 5340 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
01:46:37.0171 5340 circlass - ok
01:46:37.0218 5340 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
01:46:37.0234 5340 CLFS - ok
01:46:37.0281 5340 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:46:37.0281 5340 clr_optimization_v2.0.50727_32 - ok
01:46:37.0328 5340 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:46:37.0343 5340 clr_optimization_v4.0.30319_32 - ok
01:46:37.0374 5340 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:46:37.0390 5340 cmdide - ok
01:46:37.0406 5340 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:46:37.0421 5340 Compbatt - ok
01:46:37.0421 5340 COMSysApp - ok
01:46:37.0421 5340 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:46:37.0437 5340 crcdisk - ok
01:46:37.0453 5340 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
01:46:37.0484 5340 Crusoe - ok
01:46:37.0515 5340 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:46:37.0562 5340 CryptSvc - ok
01:46:37.0609 5340 [ A979E61C7A92D22F324817CDB6C1DBED ] cusrvc C:\Program Files\Novell\Client\cusrvc.exe
01:46:37.0624 5340 cusrvc - ok
01:46:37.0656 5340 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:46:37.0734 5340 DcomLaunch - ok
01:46:37.0749 5340 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:46:37.0796 5340 DfsC - ok
01:46:37.0859 5340 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
01:46:37.0968 5340 DFSR - ok
01:46:38.0046 5340 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
01:46:38.0093 5340 Dhcp - ok
01:46:38.0109 5340 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
01:46:38.0109 5340 disk - ok
01:46:38.0156 5340 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:46:38.0187 5340 Dnscache - ok
01:46:38.0203 5340 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:46:38.0234 5340 dot3svc - ok
01:46:38.0249 5340 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
01:46:38.0281 5340 DPS - ok
01:46:38.0312 5340 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:46:38.0343 5340 drmkaud - ok
01:46:38.0374 5340 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:46:38.0406 5340 DXGKrnl - ok
01:46:38.0437 5340 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
01:46:38.0484 5340 E1G60 - ok
01:46:38.0499 5340 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
01:46:38.0515 5340 EapHost - ok
01:46:38.0546 5340 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
01:46:38.0562 5340 Ecache - ok
01:46:38.0609 5340 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:46:38.0640 5340 ehRecvr - ok
01:46:38.0671 5340 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
01:46:38.0718 5340 ehSched - ok
01:46:38.0734 5340 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
01:46:38.0749 5340 ehstart - ok
01:46:38.0781 5340 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:46:38.0796 5340 elxstor - ok
01:46:38.0874 5340 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
01:46:38.0921 5340 EMDMgmt - ok
01:46:38.0937 5340 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:46:38.0968 5340 ErrDev - ok
01:46:38.0999 5340 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
01:46:39.0031 5340 EventSystem - ok
01:46:39.0046 5340 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
01:46:39.0062 5340 exfat - ok
01:46:39.0078 5340 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:46:39.0093 5340 fastfat - ok
01:46:39.0109 5340 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:46:39.0156 5340 fdc - ok
01:46:39.0156 5340 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
01:46:39.0171 5340 fdPHost - ok
01:46:39.0187 5340 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
01:46:39.0234 5340 FDResPub - ok
01:46:39.0265 5340 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:46:39.0281 5340 FileInfo - ok
01:46:39.0296 5340 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:46:39.0328 5340 Filetrace - ok
01:46:39.0343 5340 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:46:39.0374 5340 flpydisk - ok
01:46:39.0390 5340 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:46:39.0406 5340 FltMgr - ok
01:46:39.0453 5340 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
01:46:39.0499 5340 FontCache - ok
01:46:39.0562 5340 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:46:39.0562 5340 FontCache3.0.0.0 - ok
01:46:39.0593 5340 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:46:39.0609 5340 Fs_Rec - ok
01:46:39.0624 5340 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:46:39.0640 5340 gagp30kx - ok
01:46:39.0718 5340 Giraffic - ok
01:46:39.0734 5340 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
01:46:39.0781 5340 gpsvc - ok
01:46:39.0921 5340 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
01:46:39.0921 5340 gupdate - ok
01:46:39.0937 5340 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
01:46:39.0937 5340 gupdatem - ok
01:46:39.0953 5340 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
01:46:39.0968 5340 hamachi - ok
01:46:40.0281 5340 [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
01:46:40.0484 5340 Hamachi2Svc - ok
01:46:40.0562 5340 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:46:40.0578 5340 HdAudAddService - ok
01:46:40.0656 5340 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:46:40.0749 5340 HDAudBus - ok
01:46:40.0796 5340 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:46:40.0843 5340 HidBth - ok
01:46:40.0874 5340 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
01:46:40.0906 5340 HidIr - ok
01:46:40.0937 5340 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
01:46:40.0953 5340 hidserv - ok
01:46:40.0953 5340 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:46:40.0968 5340 HidUsb - ok
01:46:41.0062 5340 [ 9D2C35E06CE117355ABADCEEE1558D21 ] HiPatchService C:\Program Files\Hi-Rez Studios\HiPatchService.exe
01:46:41.0093 5340 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
01:46:41.0093 5340 HiPatchService - detected UnsignedFile.Multi.Generic (1)
01:46:41.0124 5340 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:46:41.0140 5340 hkmsvc - ok
01:46:41.0171 5340 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
01:46:41.0171 5340 HpCISSs - ok
01:46:41.0218 5340 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:46:41.0249 5340 HTTP - ok
01:46:41.0281 5340 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
01:46:41.0281 5340 i2omp - ok
01:46:41.0328 5340 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:46:41.0359 5340 i8042prt - ok
01:46:41.0390 5340 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
01:46:41.0390 5340 iaStorV - ok
01:46:41.0453 5340 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:46:41.0703 5340 idsvc - ok
01:46:41.0734 5340 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:46:41.0765 5340 iirsp - ok
01:46:41.0859 5340 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
01:46:41.0906 5340 IKEEXT - ok
01:46:41.0921 5340 IntcAzAudAddService - ok
01:46:41.0921 5340 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
01:46:41.0937 5340 intelide - ok
01:46:41.0953 5340 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:46:41.0968 5340 intelppm - ok
01:46:41.0999 5340 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:46:42.0031 5340 IPBusEnum - ok
01:46:42.0046 5340 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:46:42.0093 5340 IpFilterDriver - ok
01:46:42.0124 5340 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:46:42.0124 5340 iphlpsvc - ok
01:46:42.0140 5340 IpInIp - ok
01:46:42.0156 5340 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
01:46:42.0171 5340 IPMIDRV - ok
01:46:42.0203 5340 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
01:46:42.0218 5340 IPNAT - ok
01:46:42.0281 5340 [ 572A08A06C6BA5080EE80F170B0E627C ] iprntsrv C:\Windows\system32\iprntsrv.exe
01:46:42.0296 5340 iprntsrv ( UnsignedFile.Multi.Generic ) - warning
01:46:42.0296 5340 iprntsrv - detected UnsignedFile.Multi.Generic (1)
01:46:42.0328 5340 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:46:42.0359 5340 IRENUM - ok
01:46:42.0374 5340 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:46:42.0390 5340 isapnp - ok
01:46:42.0421 5340 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
01:46:42.0437 5340 iScsiPrt - ok
01:46:42.0453 5340 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
01:46:42.0468 5340 iteatapi - ok
01:46:42.0484 5340 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
01:46:42.0484 5340 iteraid - ok
01:46:42.0515 5340 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:46:42.0531 5340 kbdclass - ok
01:46:42.0546 5340 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:46:42.0593 5340 kbdhid - ok
01:46:42.0609 5340 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
01:46:42.0671 5340 KeyIso - ok
01:46:55.0281 5340 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:46:55.0296 5340 KSecDD - ok
01:46:55.0328 5340 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
01:46:55.0374 5340 KtmRm - ok
01:46:55.0406 5340 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
01:46:55.0453 5340 LanmanServer - ok
01:46:55.0484 5340 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:46:55.0531 5340 LanmanWorkstation - ok
01:46:55.0562 5340 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:46:55.0593 5340 lltdio - ok
01:46:55.0624 5340 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:46:55.0656 5340 lltdsvc - ok
01:46:55.0671 5340 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:46:55.0703 5340 lmhosts - ok
01:46:55.0734 5340 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:46:55.0749 5340 LSI_FC - ok
01:46:55.0749 5340 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:46:55.0765 5340 LSI_SAS - ok
01:46:55.0781 5340 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:46:55.0796 5340 LSI_SCSI - ok
01:46:55.0812 5340 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
01:46:55.0843 5340 luafv - ok
01:46:55.0874 5340 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
01:46:55.0890 5340 McComponentHostService - ok
01:46:55.0906 5340 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:46:55.0921 5340 Mcx2Svc - ok
01:46:55.0968 5340 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
01:46:56.0015 5340 megasas - ok
01:46:56.0062 5340 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
01:46:56.0078 5340 MegaSR - ok
01:46:56.0109 5340 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
01:46:56.0171 5340 MMCSS - ok
01:46:56.0203 5340 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
01:46:56.0234 5340 Modem - ok
01:46:56.0234 5340 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:46:56.0296 5340 monitor - ok
01:46:56.0296 5340 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:46:56.0312 5340 mouclass - ok
01:46:56.0343 5340 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:46:56.0390 5340 mouhid - ok
01:46:56.0406 5340 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
01:46:56.0421 5340 MountMgr - ok
01:46:56.0453 5340 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
01:46:56.0468 5340 mpio - ok
01:46:56.0484 5340 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:46:56.0515 5340 mpsdrv - ok
01:46:56.0562 5340 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
01:46:56.0593 5340 MpsSvc - ok
01:46:56.0609 5340 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
01:46:56.0624 5340 Mraid35x - ok
01:46:56.0671 5340 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:46:56.0703 5340 MRxDAV - ok
01:46:56.0749 5340 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:46:56.0765 5340 mrxsmb - ok
01:46:56.0781 5340 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:46:56.0796 5340 mrxsmb10 - ok
01:46:56.0796 5340 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:46:56.0812 5340 mrxsmb20 - ok
01:46:56.0843 5340 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
01:46:56.0843 5340 msahci - ok
01:46:56.0859 5340 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:46:56.0874 5340 msdsm - ok
01:46:56.0890 5340 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
01:46:56.0921 5340 MSDTC - ok
01:46:56.0953 5340 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:46:57.0015 5340 Msfs - ok
01:46:57.0093 5340 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:46:57.0109 5340 msisadrv - ok
01:46:57.0140 5340 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:46:57.0171 5340 MSiSCSI - ok
01:46:57.0171 5340 msiserver - ok
01:46:57.0218 5340 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:46:57.0249 5340 MSKSSRV - ok
01:46:57.0281 5340 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:46:57.0296 5340 MSPCLOCK - ok
01:46:57.0312 5340 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:46:57.0343 5340 MSPQM - ok
01:46:57.0374 5340 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:46:57.0390 5340 MsRPC - ok
01:46:57.0406 5340 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:46:57.0406 5340 mssmbios - ok
01:46:57.0437 5340 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:46:57.0453 5340 MSTEE - ok
01:46:57.0468 5340 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
01:46:57.0484 5340 Mup - ok
01:46:57.0499 5340 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
01:46:57.0531 5340 napagent - ok
01:46:57.0562 5340 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:46:57.0562 5340 NativeWifiP - ok
01:46:57.0593 5340 [ 157E98B2DD9139C7D55049FE635BD39F ] NCFilter C:\Windows\system32\DRIVERS\NCFilter.sys
01:46:57.0609 5340 NCFilter - ok
01:46:57.0624 5340 [ DF04002FB1F6C9DCB438B9324640CCDB ] NCFSD C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys
01:46:57.0640 5340 NCFSD - ok
01:46:57.0640 5340 [ 54ADEC9108C5A0BF9D21E4A6EF062DB1 ] NCIOCTL C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys
01:46:57.0656 5340 NCIOCTL - ok
01:46:57.0656 5340 [ 450B8C689B73C39816FB872404805517 ] NCRecognizer C:\Windows\system32\DRIVERS\NCRecognizer.sys
01:46:57.0671 5340 NCRecognizer - ok
01:46:57.0687 5340 [ D28874F3CE6BADD9884C62391B39133F ] NCUncFilter C:\Windows\system32\DRIVERS\NCUncFilter.sys
01:46:57.0687 5340 NCUncFilter - ok
01:46:57.0718 5340 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:46:57.0734 5340 NDIS - ok
01:46:57.0765 5340 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:46:57.0781 5340 NdisTapi - ok
01:46:57.0796 5340 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:46:57.0812 5340 Ndisuio - ok
01:46:57.0828 5340 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:46:57.0843 5340 NdisWan - ok
01:46:57.0843 5340 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:46:57.0859 5340 NDProxy - ok
01:46:57.0874 5340 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:46:57.0890 5340 NetBIOS - ok
01:46:57.0921 5340 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
01:46:57.0953 5340 netbt - ok
01:46:57.0984 5340 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
01:46:57.0984 5340 Netlogon - ok
01:46:57.0999 5340 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
01:46:58.0031 5340 Netman - ok
01:46:58.0046 5340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:46:58.0078 5340 NetMsmqActivator - ok
01:46:58.0078 5340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:46:58.0093 5340 NetPipeActivator - ok
01:46:58.0109 5340 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
01:46:58.0140 5340 netprofm - ok
01:46:58.0171 5340 [ 9BA2F93E4F01EC58E722B36639E0CE5D ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
01:46:58.0249 5340 netr28u - ok
01:46:58.0249 5340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:46:58.0265 5340 NetTcpActivator - ok
01:46:58.0265 5340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:46:58.0281 5340 NetTcpPortSharing - ok
01:46:58.0296 5340 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:46:58.0296 5340 nfrd960 - ok
01:46:58.0312 5340 [ A1EF820415ED5BBE0DBB3F67866BD2E1 ] NICM C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys
01:46:58.0312 5340 NICM - ok
01:46:58.0390 5340 [ 2D2F2428012C4468B1D48939ACAF056F ] nipplpt2 C:\Windows\system32\drivers\nipplpt.sys
01:46:58.0390 5340 nipplpt2 - ok
01:46:58.0406 5340 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:46:58.0437 5340 NlaSvc - ok
01:46:58.0437 5340 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:46:58.0468 5340 Npfs - ok
01:46:58.0499 5340 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
01:46:58.0546 5340 nsi - ok
01:46:58.0578 5340 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:46:58.0609 5340 nsiproxy - ok
01:46:58.0656 5340 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:46:58.0718 5340 Ntfs - ok
01:46:58.0749 5340 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
01:46:58.0781 5340 ntrigdigi - ok
01:46:58.0812 5340 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
01:46:58.0828 5340 Null - ok
01:46:58.0874 5340 [ 6FF4A2805E7092B8162462C03AE426E8 ] NuTCRACKERService C:\Windows\system32\nutsrv4.exe
01:46:58.0890 5340 NuTCRACKERService - ok
01:46:59.0093 5340 [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:46:59.0421 5340 nvlddmkm - ok
01:46:59.0453 5340 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:46:59.0468 5340 nvraid - ok
01:46:59.0484 5340 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:46:59.0484 5340 nvstor - ok
01:46:59.0531 5340 [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc C:\Windows\system32\nvvsvc.exe
01:46:59.0562 5340 nvsvc - ok
01:46:59.0624 5340 [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:46:59.0671 5340 nvUpdatusService - ok
01:46:59.0703 5340 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:46:59.0718 5340 nv_agp - ok
01:46:59.0718 5340 NwlnkFlt - ok
01:46:59.0734 5340 NwlnkFwd - ok
01:46:59.0781 5340 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:46:59.0828 5340 ohci1394 - ok
01:46:59.0859 5340 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
01:46:59.0921 5340 p2pimsvc - ok
01:46:59.0953 5340 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
01:46:59.0984 5340 p2psvc - ok
01:47:00.0031 5340 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:47:00.0046 5340 Parport - ok
01:47:00.0062 5340 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:47:00.0078 5340 partmgr - ok
01:47:00.0093 5340 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
01:47:00.0109 5340 Parvdm - ok
01:47:00.0140 5340 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
01:47:00.0156 5340 PcaSvc - ok
01:47:00.0187 5340 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
01:47:00.0203 5340 pci - ok
01:47:00.0203 5340 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
01:47:00.0218 5340 pciide - ok
01:47:00.0249 5340 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:47:00.0265 5340 pcmcia - ok
01:47:00.0296 5340 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:47:00.0359 5340 PEAUTH - ok
01:47:00.0406 5340 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
01:47:00.0531 5340 pla - ok
01:47:00.0562 5340 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:47:00.0609 5340 PlugPlay - ok
01:47:00.0640 5340 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
01:47:00.0656 5340 PNRPAutoReg - ok
01:47:00.0718 5340 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
01:47:00.0796 5340 PNRPsvc - ok
01:47:00.0828 5340 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:47:00.0843 5340 PolicyAgent - ok
01:47:01.0031 5340 [ F0ACCA9C2A3897CE9AC38820AD319093 ] PortmapperService C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe
01:47:01.0031 5340 Suspicious file (Hidden): C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe. md5: F0ACCA9C2A3897CE9AC38820AD319093
01:47:01.0031 5340 PortmapperService ( HiddenFile.Multi.Generic ) - warning
01:47:01.0031 5340 PortmapperService - detected HiddenFile.Multi.Generic (1)
01:47:01.0031 5340 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:47:01.0093 5340 PptpMiniport - ok
01:47:01.0124 5340 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
01:47:01.0156 5340 Processor - ok
01:47:01.0171 5340 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
01:47:01.0187 5340 ProfSvc - ok
01:47:01.0203 5340 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
01:47:01.0218 5340 ProtectedStorage - ok
01:47:01.0218 5340 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
01:47:01.0249 5340 PSched - ok
01:47:01.0281 5340 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:47:01.0343 5340 ql2300 - ok
01:47:01.0374 5340 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:47:01.0390 5340 ql40xx - ok
01:47:01.0421 5340 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
01:47:01.0437 5340 QWAVE - ok
01:47:01.0437 5340 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:47:01.0468 5340 QWAVEdrv - ok
01:47:01.0468 5340 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:47:01.0499 5340 RasAcd - ok
01:47:01.0515 5340 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
01:47:01.0531 5340 RasAuto - ok
01:47:01.0546 5340 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:47:01.0562 5340 Rasl2tp - ok
01:47:01.0578 5340 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
01:47:01.0609 5340 RasMan - ok
01:47:01.0624 5340 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:47:01.0640 5340 RasPppoe - ok
01:47:01.0656 5340 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:47:01.0656 5340 RasSstp - ok
01:47:01.0671 5340 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:47:01.0687 5340 rdbss - ok
01:47:01.0703 5340 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:47:01.0718 5340 RDPCDD - ok
01:47:01.0749 5340 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
01:47:01.0765 5340 rdpdr - ok
01:47:01.0765 5340 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:47:01.0812 5340 RDPENCDD - ok
01:47:01.0843 5340 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:47:01.0874 5340 RDPWD - ok
01:47:01.0906 5340 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:47:01.0937 5340 RemoteAccess - ok
01:47:01.0953 5340 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:47:01.0968 5340 RemoteRegistry - ok
01:47:01.0984 5340 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
01:47:02.0015 5340 RpcLocator - ok
01:47:02.0031 5340 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
01:47:02.0062 5340 RpcSs - ok
01:47:02.0109 5340 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:47:02.0171 5340 rspndr - ok
01:47:02.0265 5340 [ 174B9514CD1A0C33CE4BBC02A3C81A62 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
01:47:02.0406 5340 RTL8169 - ok
01:47:02.0484 5340 [ 3E322976D9414490DF552D63A0DBE288 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
01:47:02.0499 5340 RTL8192su - ok
01:47:02.0562 5340 [ 93E699215095CAE67E2631468A45F750 ] SaiKA50A C:\Windows\system32\DRIVERS\SaiKA50A.sys
01:47:02.0578 5340 SaiKA50A - ok
01:47:02.0624 5340 [ F8591353036D0D7B28FFAC373DF95D22 ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
01:47:02.0624 5340 SaiMini - ok
01:47:02.0640 5340 [ B6BA8F537D63FDF425C9245699AE2565 ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
01:47:02.0656 5340 SaiNtBus - ok
01:47:02.0687 5340 [ 3BF2B0FA7A45A7AC0141B737765BAE9D ] SaiUA50A C:\Windows\system32\DRIVERS\SaiUA50A.sys
01:47:02.0703 5340 SaiUA50A - ok
01:47:02.0703 5340 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
01:47:02.0703 5340 SamSs - ok
01:47:02.0718 5340 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:47:02.0734 5340 sbp2port - ok
01:47:02.0765 5340 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:47:02.0781 5340 SCardSvr - ok
01:47:02.0812 5340 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
01:47:02.0921 5340 Schedule - ok
01:47:02.0937 5340 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
01:47:02.0953 5340 SCPolicySvc - ok
01:47:02.0999 5340 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:47:03.0046 5340 SDRSVC - ok
01:47:03.0078 5340 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:47:03.0124 5340 secdrv - ok
01:47:03.0140 5340 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
01:47:03.0156 5340 seclogon - ok
01:47:03.0171 5340 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
01:47:03.0203 5340 SENS - ok
01:47:03.0234 5340 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:47:03.0249 5340 Serenum - ok
01:47:03.0265 5340 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:47:03.0281 5340 Serial - ok
01:47:03.0296 5340 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:47:03.0312 5340 sermouse - ok
01:47:03.0343 5340 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
01:47:03.0374 5340 SessionEnv - ok
01:47:03.0390 5340 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:47:03.0406 5340 sffdisk - ok
01:47:03.0437 5340 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:47:03.0468 5340 sffp_mmc - ok
01:47:03.0499 5340 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:47:03.0562 5340 sffp_sd - ok
01:47:03.0593 5340 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:47:03.0640 5340 sfloppy - ok
01:47:03.0671 5340 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:47:03.0687 5340 SharedAccess - ok
01:47:03.0703 5340 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:47:03.0734 5340 ShellHWDetection - ok
01:47:03.0749 5340 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
01:47:03.0765 5340 sisagp - ok
01:47:03.0781 5340 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
01:47:03.0796 5340 SiSRaid2 - ok
01:47:03.0812 5340 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:47:03.0812 5340 SiSRaid4 - ok
01:47:03.0890 5340 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
01:47:03.0890 5340 SkypeUpdate - ok
01:47:03.0968 5340 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
01:47:04.0218 5340 slsvc - ok
01:47:04.0265 5340 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
01:47:04.0312 5340 SLUINotify - ok
01:47:04.0343 5340 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:47:04.0374 5340 Smb - ok
01:47:04.0390 5340 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:47:04.0406 5340 SNMPTRAP - ok
01:47:04.0437 5340 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
01:47:04.0437 5340 spldr - ok
01:47:04.0468 5340 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
01:47:04.0499 5340 Spooler - ok
01:47:04.0531 5340 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
01:47:04.0546 5340 srv - ok
01:47:04.0578 5340 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:47:04.0578 5340 srv2 - ok
01:47:04.0609 5340 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:47:04.0640 5340 srvnet - ok
01:47:04.0671 5340 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:47:04.0703 5340 SSDPSRV - ok
01:47:04.0718 5340 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
01:47:04.0734 5340 ssmdrv - ok
01:47:04.0749 5340 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:47:04.0796 5340 SstpSvc - ok
01:47:04.0843 5340 Steam Client Service - ok
01:47:04.0906 5340 [ E4EBF293D1F612BDA19B646C36715B20 ] STEC3 C:\Windows\system32\STEC3.sys
01:47:04.0921 5340 STEC3 ( UnsignedFile.Multi.Generic ) - warning
01:47:04.0921 5340 STEC3 - detected UnsignedFile.Multi.Generic (1)
01:47:04.0999 5340 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:47:05.0046 5340 Stereo Service - ok
01:47:05.0140 5340 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
01:47:05.0171 5340 stisvc - ok
01:47:05.0187 5340 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:47:05.0203 5340 swenum - ok
01:47:05.0218 5340 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
01:47:05.0249 5340 swprv - ok
01:47:05.0265 5340 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
01:47:05.0281 5340 Symc8xx - ok
01:47:05.0296 5340 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
01:47:05.0296 5340 Sym_hi - ok
01:47:05.0312 5340 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
01:47:05.0328 5340 Sym_u3 - ok
01:47:05.0359 5340 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
01:47:05.0390 5340 SysMain - ok
01:47:05.0421 5340 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:47:05.0437 5340 TabletInputService - ok
01:47:05.0453 5340 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:47:05.0484 5340 TapiSrv - ok
01:47:05.0515 5340 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
01:47:05.0531 5340 TBS - ok
01:47:05.0562 5340 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:47:05.0593 5340 Tcpip - ok
01:47:05.0640 5340 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
01:47:05.0671 5340 Tcpip6 - ok
01:47:05.0718 5340 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:47:05.0734 5340 tcpipreg - ok
01:47:05.0765 5340 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:47:05.0796 5340 TDPIPE - ok
01:47:05.0796 5340 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:47:05.0812 5340 TDTCP - ok
01:47:05.0843 5340 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:47:05.0859 5340 tdx - ok
01:47:05.0874 5340 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:47:05.0874 5340 TermDD - ok
01:47:05.0890 5340 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
01:47:05.0968 5340 TermService - ok
01:47:06.0031 5340 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
01:47:06.0031 5340 Themes - ok
01:47:06.0046 5340 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
01:47:06.0062 5340 THREADORDER - ok
01:47:06.0078 5340 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
01:47:06.0093 5340 TrkWks - ok
01:47:06.0140 5340 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:47:06.0156 5340 TrustedInstaller - ok
01:47:06.0171 5340 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:47:06.0203 5340 tssecsrv - ok
01:47:06.0265 5340 [ FC740E4FF236B72CA59B8F762D30C7F3 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
01:47:06.0374 5340 TuneUp.UtilitiesSvc - ok
01:47:06.0453 5340 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
01:47:06.0453 5340 TuneUpUtilitiesDrv - ok
01:47:06.0546 5340 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
01:47:06.0562 5340 tunmp - ok
01:47:06.0593 5340 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:47:06.0593 5340 tunnel - ok
01:47:06.0624 5340 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:47:06.0640 5340 uagp35 - ok
01:47:06.0671 5340 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:47:06.0687 5340 udfs - ok
01:47:06.0687 5340 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:47:06.0718 5340 UI0Detect - ok
01:47:06.0734 5340 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:47:06.0749 5340 uliagpkx - ok
01:47:06.0765 5340 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
01:47:06.0781 5340 uliahci - ok
01:47:06.0796 5340 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
01:47:06.0812 5340 UlSata - ok
01:47:06.0828 5340 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
01:47:06.0843 5340 ulsata2 - ok
01:47:06.0859 5340 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:47:06.0890 5340 umbus - ok
01:47:06.0906 5340 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
01:47:06.0937 5340 upnphost - ok
01:47:06.0953 5340 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:47:06.0984 5340 usbaudio - ok
01:47:07.0015 5340 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:47:07.0046 5340 usbccgp - ok
01:47:07.0062 5340 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:47:07.0093 5340 usbcir - ok
01:47:07.0124 5340 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:47:07.0140 5340 usbehci - ok
01:47:07.0156 5340 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:47:07.0203 5340 usbhub - ok
01:47:07.0218 5340 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:47:07.0249 5340 usbohci - ok
01:47:07.0281 5340 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:47:07.0296 5340 usbprint - ok
01:47:07.0312 5340 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:47:07.0343 5340 usbscan - ok
01:47:07.0374 5340 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:47:07.0390 5340 USBSTOR - ok
01:47:07.0406 5340 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:47:07.0437 5340 usbuhci - ok
01:47:07.0453 5340 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
01:47:07.0515 5340 UxSms - ok
01:47:07.0562 5340 [ 57324E62405EC114C6C1A6F1C9704E8F ] UxTuneUp C:\Windows\System32\uxtuneup.dll
01:47:07.0562 5340 UxTuneUp - ok
01:47:07.0609 5340 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
01:47:07.0703 5340 vds - ok
01:47:07.0749 5340 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:47:07.0765 5340 vga - ok
01:47:07.0796 5340 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
01:47:07.0812 5340 VgaSave - ok
01:47:07.0843 5340 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
01:47:07.0859 5340 viaagp - ok
01:47:07.0874 5340 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
01:47:07.0890 5340 ViaC7 - ok
01:47:07.0906 5340 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
01:47:07.0906 5340 viaide - ok
01:47:07.0921 5340 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:47:07.0921 5340 volmgr - ok
01:47:07.0968 5340 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:47:07.0968 5340 volmgrx - ok
01:47:08.0031 5340 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:47:08.0046 5340 volsnap - ok
01:47:08.0109 5340 [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
01:47:08.0124 5340 vpnagent - ok
01:47:08.0171 5340 [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
01:47:08.0171 5340 vpnva - ok
01:47:08.0187 5340 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:47:08.0203 5340 vsmraid - ok
01:47:08.0234 5340 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
01:47:08.0281 5340 VSS - ok
01:47:08.0296 5340 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
01:47:08.0328 5340 W32Time - ok
01:47:08.0359 5340 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:47:08.0406 5340 WacomPen - ok
01:47:08.0406 5340 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
01:47:08.0421 5340 Wanarp - ok
01:47:08.0421 5340 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:47:08.0437 5340 Wanarpv6 - ok
01:47:08.0468 5340 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:47:08.0515 5340 wcncsvc - ok
01:47:08.0531 5340 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:47:08.0562 5340 WcsPlugInService - ok
01:47:08.0578 5340 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
01:47:08.0593 5340 Wd - ok
01:47:08.0640 5340 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:47:08.0671 5340 Wdf01000 - ok
01:47:08.0687 5340 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:47:08.0718 5340 WdiServiceHost - ok
01:47:08.0718 5340 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:47:08.0734 5340 WdiSystemHost - ok
01:47:08.0765 5340 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
01:47:08.0781 5340 WebClient - ok
01:47:08.0812 5340 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:47:08.0843 5340 Wecsvc - ok
01:47:08.0874 5340 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:47:08.0890 5340 wercplsupport - ok
01:47:08.0921 5340 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
01:47:08.0937 5340 WerSvc - ok
01:47:08.0968 5340 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
01:47:08.0984 5340 WinDefend - ok
01:47:08.0984 5340 WinHttpAutoProxySvc - ok
01:47:09.0015 5340 Winmgmt - ok
01:47:09.0046 5340 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
01:47:09.0093 5340 WinRM - ok
01:47:09.0124 5340 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:47:09.0171 5340 Wlansvc - ok
01:47:09.0281 5340 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:47:09.0453 5340 wlidsvc - ok
01:47:09.0468 5340 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:47:09.0515 5340 WmiAcpi - ok
01:47:09.0593 5340 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:47:09.0640 5340 wmiApSrv - ok
01:47:09.0671 5340 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
01:47:09.0765 5340 WMPNetworkSvc - ok
01:47:09.0843 5340 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:47:09.0968 5340 WPCSvc - ok
01:47:09.0999 5340 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:47:10.0031 5340 WPDBusEnum - ok
01:47:10.0078 5340 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:47:10.0140 5340 WPFFontCache_v0400 - ok
01:47:10.0171 5340 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:47:10.0234 5340 ws2ifsl - ok
01:47:10.0234 5340 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
01:47:10.0265 5340 wscsvc - ok
01:47:10.0265 5340 WSearch - ok
01:47:10.0312 5340 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
01:47:10.0406 5340 wuauserv - ok
01:47:10.0437 5340 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:47:10.0499 5340 WudfPf - ok
01:47:10.0515 5340 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:47:10.0531 5340 WUDFRd - ok
01:47:10.0562 5340 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:47:10.0578 5340 wudfsvc - ok
01:47:10.0593 5340 [ 3D130383A56DB5DE539AA6BB269E1A6C ] XTSvcMgr C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
01:47:10.0609 5340 XTSvcMgr - ok
01:47:10.0624 5340 ================ Scan global ===============================
01:47:10.0640 5340 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
01:47:10.0687 5340 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
01:47:10.0703 5340 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
01:47:10.0718 5340 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
01:47:10.0734 5340 [Global] - ok
01:47:10.0734 5340 ================ Scan MBR ==================================
01:47:10.0734 5340 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:47:11.0109 5340 \Device\Harddisk0\DR0 - ok
01:47:11.0109 5340 ================ Scan VBR ==================================
01:47:11.0124 5340 [ B6DFDB9B4F02D57757EC3ABAFB56DC56 ] \Device\Harddisk0\DR0\Partition1
01:47:11.0124 5340 \Device\Harddisk0\DR0\Partition1 - ok
01:47:11.0124 5340 ============================================================
01:47:11.0124 5340 Scan finished
01:47:11.0124 5340 ============================================================
01:47:11.0124 4960 Detected object count: 5
01:47:11.0124 4960 Actual detected object count: 5
01:47:37.0359 4960 BrowserProtect ( LockedFile.Multi.Generic ) - skipped by user
01:47:37.0359 4960 BrowserProtect ( LockedFile.Multi.Generic ) - User select action: Skip
01:47:37.0359 4960 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
01:47:37.0359 4960 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:47:37.0359 4960 iprntsrv ( UnsignedFile.Multi.Generic ) - skipped by user
01:47:37.0359 4960 iprntsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:47:37.0359 4960 PortmapperService ( HiddenFile.Multi.Generic ) - skipped by user
01:47:37.0359 4960 PortmapperService ( HiddenFile.Multi.Generic ) - User select action: Skip
01:47:37.0374 4960 STEC3 ( UnsignedFile.Multi.Generic ) - skipped by user
01:47:37.0374 4960 STEC3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:47:49.0421 5764 Deinitialize success
|
|
16.05.2013, 20:12
| #6 |
| | GVU-Trojaner schon wieder... hier nochmal den TDSSKiller Log als zip-Anhang sieht bis jetzt ganz gut aus ,der Trojaner wird nicht mehr gestartet und alles andere funktioniert wieder |
|
16.05.2013, 23:33
| #7 |
| /// Malware-holic | GVU-Trojaner schon wieder... Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.05.2013, 13:56
| #8 |
| | GVU-Trojaner schon wieder... Hier der Log von Combofix: Code:
ATTFilter ComboFix 13-05-16.02 - Sabine 17.05.2013 14:26:39.1.2 - x86
Running from: c:\users\Sabine\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPlyTune.dll
c:\program files\DealPly\DealPlyUpdate.exe
c:\program files\DealPly\DealPlyUpdate.log
c:\program files\DealPly\DealPlyUpdateRun.exe
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\smartdl
c:\program files\smartdl\cc
c:\program files\smartdl\gunzip.exe
c:\program files\smartdl\installid
c:\program files\smartdl\status-o
c:\program files\smartdl\status
c:\program files\smartdl\TorrentSearch.exe
c:\program files\TSearch
c:\program files\TSearch\client.py
c:\program files\TSearch\easydownload.exe
c:\program files\TSearch\header.bmp
c:\program files\TSearch\libtorrent.pyd
c:\program files\TSearch\python25.dll
c:\program files\TSearch\results
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Sabine\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
c:\users\Sabine\AppData\Roaming\ie_util.exe
c:\users\Sabine\AppData\Roaming\Uriwik
c:\users\Sabine\AppData\Roaming\Uriwik\anup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_STEC3
-------\Service_STEC3
.
.
((((((((((((((((((((((((( Files Created from 2013-04-17 to 2013-05-17 )))))))))))))))))))))))))))))))
.
.
2013-05-17 12:38 . 2013-05-17 12:42 -------- d-----w- c:\users\Sabine\AppData\Local\temp
2013-05-17 12:38 . 2013-05-17 12:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-17 12:38 . 2013-05-17 12:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-16 19:09 . 2013-05-16 19:09 -------- d-----w- C:\TDSSKiller Log
2013-05-16 18:48 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16E03CF5-5251-4223-AB02-D7C3EA81F93E}\mpengine.dll
2013-05-16 15:18 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 00:12 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 00:12 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 00:12 . 2013-04-09 01:36 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 00:07 . 2013-05-16 21:34 -------- d-----w- c:\users\Sabine\AppData\Roaming\Tayv
2013-05-16 00:07 . 2013-05-16 00:07 -------- d-----w- c:\users\Sabine\AppData\Roaming\Wuqao
2013-05-15 23:04 . 2013-05-15 23:34 -------- d-----w- C:\_OTL
2013-05-15 12:11 . 2013-05-15 12:11 -------- d-----w- c:\users\FH
2013-05-12 12:11 . 2013-05-12 12:11 -------- d-----w- c:\users\Sabine\AppData\Local\Program Files
2013-05-05 21:32 . 2013-05-05 21:32 -------- d-----w- c:\users\Sabine\AppData\Local\Game Dev Tycoon
2013-05-05 16:54 . 2013-05-05 16:56 -------- d-----w- c:\users\Sabine\AppData\Roaming\mysearchdial
2013-05-05 16:54 . 2013-05-05 16:56 -------- d-----w- c:\program files\Mysearchdial
2013-05-04 16:13 . 2013-05-04 16:13 -------- d-----w- c:\users\Public\Games
2013-05-03 09:51 . 2013-05-03 17:05 -------- d-----w- c:\program files\Common Files\PTC
2013-05-03 09:45 . 2013-05-03 09:48 -------- d-----w- c:\users\Sabine\AppData\Local\PTC
2013-05-03 07:37 . 2013-05-03 17:07 -------- d-----w- c:\program files\PTC
2013-05-03 07:22 . 2013-05-03 07:38 -------- d-----w- c:\programdata\PTC
2013-05-03 07:15 . 2013-05-03 07:15 -------- d-----w- c:\progra~2\02517~1
2013-05-02 12:25 . 2013-05-02 12:25 -------- d-----w- c:\progra~2\04113~1
2013-05-01 19:01 . 2013-05-01 19:01 -------- d-----w- c:\program files\mixiedj
2013-05-01 19:01 . 2013-05-01 19:01 -------- d-----w- c:\program files\mixidj
2013-05-01 18:35 . 2013-05-01 19:01 -------- d-----w- c:\users\Sabine\AppData\Roaming\Download Manager
2013-04-30 06:40 . 2013-04-30 06:40 -------- d-----w- c:\progra~2\0A41F~1
2013-04-28 10:25 . 2013-04-28 10:25 -------- d-----w- c:\program files\DomaIQ Uninstaller
2013-04-28 10:24 . 2013-04-28 10:24 -------- d-----w- c:\users\Sabine\AppData\Roaming\player
2013-04-28 10:24 . 2013-04-28 10:24 -------- d-----w- c:\program files\Tuguu SL
2013-04-28 10:23 . 2013-04-28 10:23 -------- d-----w- c:\users\Sabine\AppData\Roaming\Driver Pro
2013-04-28 10:23 . 2013-04-28 10:23 -------- d-----w- c:\program files\Driver Pro
2013-04-28 09:33 . 2013-04-28 09:33 -------- d-----w-0 c:\progra~2\WW0~1
2013-04-27 09:49 . 2013-04-27 09:49 -------- d-----w- c:\progra~2\0321F~1
2013-04-25 10:04 . 2013-04-25 10:04 -------- d-----w- c:\progra~2\0241B~1
2013-04-24 14:30 . 2013-04-24 14:30 -------- d-----w- c:\progra~2\08517~1
2013-04-22 15:24 . 2013-04-22 15:24 -------- d-----w- c:\progra~2\0DF0B~1
2013-04-22 06:05 . 2013-04-22 06:05 -------- d-----w- c:\progra~2\0811B~1
2013-04-21 07:57 . 2013-04-21 07:57 -------- d-----w- c:\progra~2\0601B~1
2013-04-20 16:38 . 2013-04-20 16:38 -------- d-----w- c:\progra~2\UU0~2
2013-04-19 11:09 . 2013-04-19 11:09 -------- d-----w- c:\program files\Common Files\Skype
2013-04-18 15:04 . 2013-04-18 15:04 -------- d-----w-0 c:\progra~2\220B~1.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 19:10 . 2013-05-16 19:10 23832 ----a-w- C:\TDSSKiller Log.zip
2013-05-15 23:35 . 2012-08-11 14:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 23:35 . 2012-08-11 14:39 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-08-10 14:45 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-03-15 15:21 . 2013-03-15 15:21 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-15 15:21 . 2012-08-12 21:06 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-15 15:21 . 2012-08-12 21:06 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-11 13:25 . 2013-04-10 14:52 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 14:52 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 14:52 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 14:52 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 14:52 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 14:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-03 19:07 . 2013-04-10 14:52 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-02-25 22:22 . 2013-02-25 22:22 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:22 . 2012-02-09 20:43 1017120 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-25 22:22 . 2013-02-25 22:22 6262608 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:22 . 2012-08-25 09:37 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-25 22:22 . 2012-08-13 13:34 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-25 22:22 . 2012-08-13 13:34 2505144 ----a-w- c:\windows\system32\nvapi.dll
2013-02-25 22:22 . 2012-02-09 20:43 15129960 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-25 22:22 . 2013-02-25 22:22 7932256 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 22:22 . 2013-02-25 22:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:22 . 2013-02-25 22:22 20449056 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-25 22:22 . 2013-02-25 22:22 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:22 . 2013-02-25 22:22 2720544 ----a-w- c:\windows\system32\nvcuvid.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\prxtbVeoh.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Veoh_Web_Player\prxtbVeoh.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\prxtbVeoh.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\prxtbVeoh.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2013-05-03 1635752]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2012-04-16 67960]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-06-11 4692840]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Driver Pro"="c:\program files\Driver Pro\DPLauncher.exe" [2012-10-30 340512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"NWTRAY"="NWTRAY.EXE" [2011-11-27 34904]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2012-04-25 68184]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2012-04-25 72280]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-09-26 522232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"NuTCSetupEnviron"="c:\progra~1\PTC\MKSTOO~1\bin\ncoeenv.exe" [2009-11-23 37160]
.
c:\users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
msconfig.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2013-2-14 523264]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli iPrntWinCredMan
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [x]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 21:29 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 23:35]
.
2013-05-17 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files\FinalTorrent\FTCheckForUpdates.exe [2012-08-11 12:24]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-07 13:12]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-07 13:12]
.
2013-05-17 c:\windows\Tasks\OptimizerProUpdaterTask{2CE03A48-B8B3-4E05-A2FF-7C30D795730E}.job
- c:\programdata\Premium\OptimizerPro\OptimizerPro.exe [2012-12-24 14:50]
.
2013-05-17 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-09-04 12:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEtD0D0A0FyD0E0AtDzzyDtN0D0Tzu0CyEzytCtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu2Z2Y1N2Y1H1B1Q&cr=1207875316&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=tugumsd&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEtD0D0A0FyD0E0AtDzzyDtN0D0Tzu0CyEzytCtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu2Z2Y1N2Y1H1B1Q&cr=1207875316&ir=
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=33360bb7-7237-4abc-a443-f4f7cfe757f5&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: %SystemRoot%\system32\nutafun4.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Optimizer Pro - c:\program files\Optimizer Pro\OptProLauncher.exe
HKCU-Run-GameCenter - c:\program files\Joyvy\GameCenter.exe
HKCU-Run-Oqsaixvivy - c:\users\Sabine\AppData\Roaming\Epmo\tiyv.exe
HKCU-Run-IExplorer Util - c:\users\Sabine\AppData\Roaming\ie_util.exe
HKCU-Run-AmazonMP3DownloaderHelper - c:\users\Sabine\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKCU-Run-Kaseums - c:\users\Sabine\AppData\Roaming\Uriwik\anup.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-Katawa Shoujo - c:\program files\Katawa Shoujo\Uninstall Katawa Shoujo.exe
AddRemove-Optimizer Pro_is1 - c:\program files\Optimizer Pro\unins000.exe
AddRemove-Amazon MP3-Downloader - c:\users\Sabine\AppData\Local\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AddRemove-GoforFiles - c:\program files\GoforFiles\uninstall.exe
AddRemove-YourFileDownloader - c:\program files\YourFileDownloader\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-17 14:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortmapperService]
"ImagePath"="c:\program files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\Installation]
"strAbsolutePath"="c:\\age\\マブラヴ11\\"
"strObjectOcean"="c:\\age\\マブラヴ11\\マブラヴ11.rio"
"strIciPath"="c:\\age\\マブラヴ11\\マブラヴ11.rio.ici\00cations"
"strTTFileName"="マブラヴ11.rbt"
"strInstallSourcePath"="i:\\"
"bInstalled"=dword:00000001
"strInstallTypeSelect"="1"
"strInstallSystemType"=""
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\InstallFont]
"MS Pゴシック%#16%$-B"="マブラヴ11.rio\\MS Pゴシック16B.5RF"
"MS Pゴシック%#24%$-B%$-A"="マブラヴ11.rio\\MS Pゴシック24BA.5RF"
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\PeculiarToTheApp]
"strTheAppName"="マブラヴ1.1\0011\00E"
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rUGPBasic]
"strRugpPluginFolder"="c:\\age\\マブラヴ11\\Plugins"
"bIsIllegalTerminateCheck"=dword:00000000
"nRugpVersion"=dword:0000157c
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmBoxSettings]
"nWndFrameLevel"=dword:00000003
"nWndBaseRatioSrc"=dword:000000c0
"nWndBaseRatioDst"=dword:00000006
"nWndBaseColor1"=dword:002020a0
"nWndBaseColor2"=dword:00c0c0ff
"nWndBaseGradation"=dword:00000001
"nFontBlank"=dword:00000002
"nMainFontColor"=dword:ffffffff
"nSelectedFontColor"=dword:ff8090c0
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmInstallation]
"strFontCachePath"="c:\\age\\マブラヴ11\\"
"strVirtuaRegistryAbsolutePath"="c:\\age\\マブラヴ11\\Vmreg\\"
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmPeculiarToTheApp]
"bCanSettingWindow"=dword:00000001
"bCanSettingFont"=dword:00000001
"bPageOverNext"=dword:00000000
"bUucAccessMasterKey"=dword:00000001
"strLowSpecFont"="MS Pゴシック%#16%$-B"
"strStandardFont"="MS Pゴシック%#24%$-B%$-A"
"bCanSettingSound"=dword:00000001
"bFullScreenMenuOff"=dword:00000000
"bWindowMenuAccessMasterKey"=dword:00000001
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmUISettings]
"bFullScreen"=dword:00000001
"dwMainFontStyle"=dword:0000000c
"nTextSpeed"=dword:00000030
"strCurrentMonitorDevice"="\\\\.\\DISPLAY1"
"dwCurrentMonitorFlag"=dword:00000001
"nWindowSize"=dword:00000003
"nFaceWindowSize"=dword:00000003
"isBgm"=dword:00000001
"isEffect"=dword:00000001
"nVoiceLevel"=dword:00000001
"nLayeredEffect"=dword:00000001
"nSeenMsgSkip"=dword:00000000
"nAutoMsgSkip"=dword:00000000
"bMouseTrace"=dword:00000001
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,89,31,a3,ec,25,e6,40,ab,92,39,0a,71,a7,40,0c,56,b7,cb,75,68,
69,00,d0,4c,2f,19,ad,e6,4b,50,d7,7b,28,2b,69,c2,9c,5c,bf,d1,b9,cb,9b,d7,40,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\Installation]
"strAbsolutePath"="c:\\age\\マブラヴ11\\"
"strObjectOcean"="c:\\age\\マブラヴ11\\マブラヴ11.rio"
"strIciPath"="c:\\age\\マブラヴ11\\マブラヴ11.rio.ici"
"strTTFileName"="マブラヴ11.rbt"
"strInstallSourcePath"="i:\\"
"bInstalled"=dword:00000001
"strInstallTypeSelect"="1"
"strInstallSystemType"=""
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\InstallFont]
"MS Pゴシック%#24%$-B%$-A"="マブラヴ11.rio\\MS Pゴシック24BA.5RF"
"MS Pゴシック%#16%$-B"="マブラヴ11.rio\\MS Pゴシック16B.5RF"
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\PeculiarToTheApp]
"strTheAppName"="マブラヴ1.1"
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rUGPBasic]
"strRugpPluginFolder"="c:\\age\\マブラヴ11\\Plugins"
"bIsIllegalTerminateCheck"=dword:00000000
"nRugpVersion"=dword:0000157c
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmBoxSettings]
"nWndFrameLevel"=dword:00000003
"nWndBaseRatioSrc"=dword:000000c0
"nWndBaseRatioDst"=dword:00000006
"nWndBaseColor1"=dword:002020a0
"nWndBaseColor2"=dword:00c0c0ff
"nWndBaseGradation"=dword:00000001
"nFontBlank"=dword:00000002
"nMainFontColor"=dword:ffffffff
"nSelectedFontColor"=dword:ff8090c0
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmInstallation]
"strFontCachePath"="c:\\age\\マブラヴ11\\"
"strVirtuaRegistryAbsolutePath"="c:\\age\\マブラヴ11\\Vmreg\\"
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmPeculiarToTheApp]
"strStandardFont"="MS Pゴシック%#24%$-B%$-A"
"strLowSpecFont"="MS Pゴシック%#16%$-B"
"bCanSettingWindow"=dword:00000001
"bCanSettingFont"=dword:00000001
"bPageOverNext"=dword:00000000
"bUucAccessMasterKey"=dword:00000001
"bCanSettingSound"=dword:00000001
"bFullScreenMenuOff"=dword:00000000
"bWindowMenuAccessMasterKey"=dword:00000001
.
[HKEY_USERS\S-1-5-21-338440498-2888063792-2753391560-1001\Software\relic UGP Applications\age\゙0ヨ0・・1*1*\rvmmUISettings]
"dwMainFontStyle"=dword:00000005
"bFullScreen"=dword:00000001
"nTextSpeed"=dword:00000030
"strCurrentMonitorDevice"="\\\\.\\DISPLAY1"
"dwCurrentMonitorFlag"=dword:00000001
"nWindowSize"=dword:00000003
"nFaceWindowSize"=dword:00000003
"isBgm"=dword:00000001
"isEffect"=dword:00000001
"nVoiceLevel"=dword:00000001
"nLayeredEffect"=dword:00000001
"nSeenMsgSkip"=dword:00000001
"nAutoMsgSkip"=dword:00000000
"bMouseTrace"=dword:00000001
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\NETWIN32.DLL
.
- - - - - - - > 'Explorer.exe'(2892)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\windows\system32\NETWIN32.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Novell\Client\cusrvc.exe
c:\program files\Giraffic\Veoh_GirafficWatchdog.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Hi-Rez Studios\HiPatchService.exe
c:\windows\system32\iprntsrv.exe
c:\windows\system32\nutsrv4.exe
c:\program files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Giraffic\Veoh_Giraffic.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
c:\windows\System32\nwtray.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2013-05-17 14:52:50 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-17 12:52
.
Pre-Run: 12 Verzeichnis(se), 574.919.929.856 Bytes frei
Post-Run: 16 Verzeichnis(se), 577.036.746.752 Bytes frei
.
- - End Of File - - 68A2502FC4BD7B92984609376CB040FC
|
|
17.05.2013, 14:04
| #9 |
| /// Malware-holic | GVU-Trojaner schon wieder... Hi öffne mal bitte Computer, c: qoobox rechtsklick Quarantain, dann mit winrar oder ähnlichem archivierungsprogramm packen und hochladen: Trojaner-Board Upload Channel
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.05.2013, 16:13
| #10 |
| /// Malware-holic | GVU-Trojaner schon wieder... danke fürs hochladen. Nutzt du den PC für Onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.05.2013, 11:38
| #11 |
| | GVU-Trojaner schon wieder... nein,nichts dergleichen,ich benutze ih nur zum im Internet surfen,zum Spielen und für das Studium um Berichte oder dergleichen zu schreiben. |
|
20.05.2013, 12:13
| #12 |
| /// Malware-holic | GVU-Trojaner schon wieder... ok wenn wir fertig sind, alle Passwörter ändern. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.05.2013, 22:14
| #13 |
| | GVU-Trojaner schon wieder... Ich hab jetzt ein noch größeres Problem als vorher.. Da ich das Programm zuerst in der falschen Sprache installiert hatte wollte ich es neu installieren,nach der Deinstallation war jedoch der Virus wieder aktiv und dieses mal sogar noch schlimmer als vorher.  Ich kann auf meinem Rechner nicht einmal mehr im abgesicherten Modus arbeiten,selbst dort taucht der GVU-Bildschirm sofort auf. Hätte vorher fragen sollen als die Installation nicht geklappt hat,ich hoffe das kann noch gerettet werden. Ich arbeite grad von dem Laptop meines Bruders aus. Die Programme sind alle noch auf meinen Rechner,falls man irgendwie direkt auf sie zugreifen kann. Wenn nicht müsste ich irgendwo noch ein Paar Cds rumliegen haben. MfG Cyph Habe mir jetzt die Programme defogger,OTL und GMER auf eine CD gebrannt. Wie kann ich diese direkt bei Start starten? Ich hab mir jetzt defogger, OTL und GMER auf eine CD gebrannt. Wie kann ich diese abspielen ohne mich anmelden zu müssen? |
|
30.05.2013, 13:49
| #14 |
| /// Malware-holic | GVU-Trojaner schon wieder... Hi, kommst du an nen pc mit brenner? download: ISO Burner - Download - Filepony isoburner anleitung: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html • Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die  Textbox. Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
30.05.2013, 17:41
| #15 |
| | GVU-Trojaner schon wieder... kann komischerweise wieder den PC normal starten,weiß leider nicht woran das liegt aber das Programm mit dem Virus wird wieder wie zuvor gesperrt und nicht gestartet. Habe mich auch gestern gewundert,da ich zwar den Signalton gehört habe das ein Programm gesperrt wurde aber die weiße Seite trotzdem erschienen ist. Sol ich jetzt trotzdem zur Sicherheit wieder von vorne beginnen? oder mit malware weiter machen. |
|
| Themen zu GVU-Trojaner schon wieder... |
| .zip datei, besser, cpu, datei, ergebnisse, euro, externe festplatte, festplatte, funktioniert, gmer, guten, gvu abgesicherter modus, hilfe!, logfiles, malware 100€, modus, namen, neu, programme, schließen, seite, seiten, virus, vista, weiße seite, windows, windows vista, zahlen |
WARNUNG an die MITLESER: 
Linear-Darstellung
