Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.05.2013, 20:58   #1
doc_jochim
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



Hallo,

der Vista-Rechner meines Vaters hat jetzt den hier inzwischen schon öfter behandelten GVU-Trojaner eingefangen. Da hat wohl jemand irgendwo was falsches angeklickt...

Und wer soll es jetzt wieder richten? Das kostet mich sicher tage- und nächtelange Arbeit...

Es sei denn, einer von Euch Profis erbarmt sich und kann mir vielleicht Hilfe leisten.

Erschwerend kommt hinzu, daß ich mich mit Vista überhaupt gar nicht auskenne.

Danke hiermit schonmal im Voraus für Eure Hilfe

doc

Alt 27.05.2013, 21:01   #2
markusg
/// Malware-holic
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



Hi,
kommst du an nen pc mit brenner?
download:
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die
Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
         
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs
__________________

__________________

Alt 27.05.2013, 21:50   #3
doc_jochim
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



Zitat:
Zitat von markusg Beitrag anzeigen
Hi,
kommst du an nen pc mit brenner?
Ja.


Zitat:
[...]download: [...]
• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
Ja

Zitat:
• OTLPE
• Yes.
• Yes.
• entferne den haken
• OTL startet.
• Run Scan.
• Dateien in C:\otl.txt gesichert
• Inhalt in die Textbox.
So, die *.txt-Datei habe ich jetzt - aber wie bekomme ich die auf den Stick? Wenn ich den einstecke, wird er nicht erkannt.

Muß ich da etwas in dem CD-Betriebssystem REATOGO-X-PE einstellen?

doc
__________________

Alt 27.05.2013, 21:54   #4
markusg
/// Malware-holic
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



dann mal text speichern, stick raus, neustarten von der CD stick rein und speichern
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.05.2013, 22:02   #5
doc_jochim
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



So, jetzt hat der befallene Rechner wieder das Netzwerkkabel.

Nur noch kurz die Frage: Wie geht das mit der Textbox?

doc


Alt 27.05.2013, 22:05   #6
markusg
/// Malware-holic
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



einfach das aus der textbox kopieren in das otl eingabefeld du kannnst es entweder mit der Maus markieren, rechtsklick kopieren und dann rechtsklick in otl und einfügen bzw strg+v oder bei der Textbox auf alles auswählen, dann sparst du dir das Markieren.
__________________
--> GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?

Alt 27.05.2013, 22:07   #7
doc_jochim
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



Ich probiere es mal mit dem Code...

Code:
ATTFilter
OTL logfile created on: 5/27/2013 11:43:17 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445.76 Gb Total Space | 341.54 Gb Free Space | 76.62% Space Free | Partition Type: NTFS
Drive D: | 19.99 Gb Total Space | 10.40 Gb Free Space | 52.01% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/02/10 06:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 06:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2008/09/30 15:23:10 | 000,058,696 | ---- | M] (BullGuard Ltd.) [Auto] -- C:\Program Files\BullGuard Software\BullGuard\BsMailProxy.dll -- (BsMailProxy)
SRV - [2008/09/30 15:22:37 | 000,107,848 | ---- | M] (BullGuard Ltd.) [Auto] -- C:\Program Files\BullGuard Software\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2008/09/30 15:22:31 | 000,718,152 | ---- | M] (BullGuard Software) [Auto] -- C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe -- (BGLiveSvc)
SRV - [2008/09/30 15:22:16 | 000,083,272 | ---- | M] (BullGuard, Ltd.) [On_Demand] -- C:\Program Files\BullGuard Software\BullGuard\BsMain.dll -- (BgMainSvc)
SRV - [2008/02/28 12:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/13 12:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto] -- C:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | Auto] --  -- (elcapi20)
DRV - File not found [Kernel | On_Demand] --  -- (catchme)
DRV - [2008/09/30 15:22:42 | 000,050,896 | ---- | M] (BullGuard Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy)
DRV - [2008/04/03 06:56:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/15 10:17:14 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/02/14 09:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/17 16:35:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\HomeCinema\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008/01/16 12:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/11/21 06:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/10/11 21:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2007/05/16 07:07:58 | 000,016,984 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand] -- C:\Program Files\BullGuard Software\BullGuard\Reconn.sys -- (Reconn)
DRV - [2006/10/30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2002/07/15 06:43:06 | 000,073,660 | ---- | M] (elmeg Kommunikationstechnik) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ElgTaDrv.sys -- (ElgTaDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Horst_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Horst_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Horst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2008/10/05 07:35:00 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\bullguard.exe (BullGuard Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Horst_ON_C..\Run: [AdobeUpdater]  File not found
O4 - HKU\Horst_ON_C..\Run: [Bateittuy] C:\Users\Horst\AppData\Roaming\Itko\liobb.exe (Sysinternals)
O4 - HKU\Horst_ON_C..\Run: [IExplorer Util] C:\Users\Horst\AppData\Roaming\ie_util.exe (Sysinternals)
O4 - HKU\Horst_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Horst_ON_C..\Run: [Reqitoi] C:\Users\Horst\AppData\Roaming\Unze\okpy.exe (Sysinternals)
O4 - Startup: C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Horst_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Horst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Horst_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Horst_ON_C Winlogon: Shell - (C:\Users\Horst\AppData\Roaming\skype.dat) - C:\Users\Horst\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9cb123c9-063b-11e1-aabf-001d92b5bf74}\Shell - "" = AutoRun
O33 - MountPoints2\{9cb123c9-063b-11e1-aabf-001d92b5bf74}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/27 12:41:14 | 000,059,392 | ---- | C] (Sysinternals) -- C:\Users\Horst\AppData\Roaming\ie_util.exe
[2013/05/27 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Itko
[2013/05/27 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Ikxu
[2013/05/27 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Deym
[2013/05/27 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Unze
[2013/05/27 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Quxuru
[2013/05/27 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Kogycu
[2013/05/16 07:28:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/16 07:17:01 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/05/16 07:16:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/16 07:16:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/16 07:16:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/16 07:16:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/16 07:16:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/05/16 07:16:35 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/16 07:16:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/16 07:16:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/15 08:45:24 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 08:45:17 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/27 16:29:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/27 16:29:00 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 16:29:00 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 16:28:53 | 000,000,004 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\skype.ini
[2013/05/27 16:19:15 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/27 16:19:15 | 000,634,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/27 16:19:15 | 000,146,266 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/27 16:19:15 | 000,120,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/27 16:13:46 | 000,007,592 | ---- | M] () -- C:\Users\Horst\AppData\Local\d3d9caps.dat
[2013/05/27 16:12:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/27 16:11:33 | 3219,316,736 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/27 15:12:57 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/27 12:41:13 | 000,059,392 | ---- | M] (Sysinternals) -- C:\Users\Horst\AppData\Roaming\ie_util.exe
[2013/05/24 06:12:27 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/23 12:05:51 | 000,016,463 | ---- | M] () -- C:\Users\Horst\Documents\Wibbing u. Laucht Mietforderungen 15.01.13.odt
[2013/05/22 13:52:11 | 000,016,555 | ---- | M] () -- C:\Users\Horst\Documents\Beihilfe.odt
[2013/05/17 06:14:57 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/05/16 08:32:52 | 000,373,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/05 15:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/01 20:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/29 06:47:57 | 000,013,656 | ---- | M] () -- C:\Users\Horst\Documents\NK-Anschreiben.odt
 
========== Files Created - No Company Name ==========
 
[2013/05/27 16:11:33 | 3219,316,736 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/27 12:45:33 | 000,000,004 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\skype.ini
[2013/01/14 06:38:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/01/09 17:38:48 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2013/01/09 17:38:47 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2013/01/09 17:38:47 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2013/01/09 17:38:47 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2013/01/09 17:38:47 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2013/01/09 17:38:47 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2013/01/09 17:38:47 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2013/01/09 17:38:47 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2013/01/09 17:38:47 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2013/01/09 17:38:47 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2013/01/09 17:38:47 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2013/01/09 17:38:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2013/01/09 17:38:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2013/01/09 17:38:47 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2013/01/09 17:38:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2013/01/09 17:38:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2013/01/09 17:38:47 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2013/01/09 17:38:47 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2013/01/09 17:38:47 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/06/03 16:55:10 | 000,000,950 | ---- | C] () -- C:\Windows\XI420Ke.INI
[2012/01/11 04:27:45 | 000,060,928 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\skype.dat
[2011/10/27 04:19:18 | 000,000,540 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\wklnhst.dat
[2011/03/14 15:29:04 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini
[2009/08/18 19:19:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/18 19:19:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/15 09:19:21 | 000,216,064 | ---- | C] () -- C:\Windows\PEV.exe
[2009/08/15 09:19:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/08/15 09:19:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/08/15 09:19:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/06/30 15:53:26 | 000,024,206 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\UserTile.png
[2009/06/30 14:38:31 | 000,007,592 | ---- | C] () -- C:\Users\Horst\AppData\Local\d3d9caps.dat
[2008/10/27 14:00:06 | 000,000,574 | ---- | C] () -- C:\Users\Horst\AppData\default.pls
[2008/10/16 13:52:05 | 000,030,208 | ---- | C] () -- C:\Users\Horst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/05 08:23:01 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/10/05 08:23:01 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/10/05 07:44:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/22 16:10:26 | 000,000,093 | ---- | C] () -- C:\Users\Horst\AppData\Local\fusioncache.dat
[2008/04/21 07:34:30 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008/04/21 07:34:30 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008/04/21 04:47:19 | 000,000,052 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008/03/31 09:47:15 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008/03/31 09:24:19 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008/03/31 09:24:18 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/01/21 03:15:58 | 000,674,582 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,146,266 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,373,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,634,440 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,120,004 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2008/09/22 16:14:15 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Buhl Data Service GmbH
[2009/09/02 06:54:25 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\BullGuard
[2013/05/27 16:28:56 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Deym
[2012/01/29 06:46:56 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Hemera
[2013/05/27 12:40:24 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Ikxu
[2013/05/27 12:40:24 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Itko
[2013/05/27 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Kogycu
[2011/11/03 14:15:27 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\OpenOffice.org
[2013/05/27 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Quxuru
[2013/02/14 08:06:25 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Sommer Informatik GmbH
[2013/02/14 09:30:58 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\TeamViewer
[2011/10/27 04:19:25 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Template
[2009/01/02 13:40:44 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Ulead Systems
[2009/08/15 10:37:53 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Uniblue
[2013/05/27 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Unze
[2008/09/22 15:49:30 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/09/22 16:14:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2012/08/28 15:39:49 | 000,000,000 | ---D | M] -- C:\ProgramData\BullGuard
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/09/22 15:49:30 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/09/22 15:49:30 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/03/31 09:45:39 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2008/03/31 09:39:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Gnab
[2008/03/31 10:31:14 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2009/01/04 17:17:10 | 000,000,000 | ---D | M] -- C:\ProgramData\OLYMPUS
[2013/01/09 18:35:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Panasonic
[2009/02/03 15:20:49 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayMovie
[2008/04/21 07:35:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonavis
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/09/22 15:49:30 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/03/28 09:35:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008/09/22 15:49:30 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/04/01 04:48:38 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2013/05/27 16:29:00 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 912 bytes -> C:\Users\Horst\Documents\Sommer-Informatik  Kosten2_weg.eml:OECustomProperty
@Alternate Data Stream - 880 bytes -> C:\Users\Horst\Documents\Fachberatung für Elektrogroßgeräte.eml:OECustomProperty
@Alternate Data Stream - 574 bytes -> C:\Users\Horst\Documents\Entwürfe.eml:OECustomProperty
< End of report >
         
Uuups, ich glaube, ich habe in der Reihenfolge was falsch gemacht und das mit der Textbox falsch verstanden...

Wer lesen kann, ist klar im Vorteil.

Also nochmal...:

Er scannt und scannt und scannt...

doc

Alt 27.05.2013, 22:20   #8
markusg
/// Malware-holic
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



Hi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKU\Horst_ON_C..\Run: [Reqitoi] C:\Users\Horst\AppData\Roaming\Unze\okpy.exe (Sysinternals)
O4 - HKU\Horst_ON_C..\Run: [IExplorer Util] C:\Users\Horst\AppData\Roaming\ie_util.exe (Sysinternals)
O4 - HKU\Horst_ON_C..\Run: [Bateittuy] C:\Users\Horst\AppData\Roaming\Itko\liobb.exe (Sysinternals)
O20 - HKU\Horst_ON_C Winlogon: Shell - (C:\Users\Horst\AppData\Roaming\skype.dat) - C:\Users\Horst\AppData\Roaming\skype.dat ()
[2013/05/27 12:41:14 | 000,059,392 | ---- | C] (Sysinternals) -- C:\Users\Horst\AppData\Roaming\ie_util.exe
[2013/05/27 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Itko
[2013/05/27 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Ikxu
[2013/05/27 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Deym
[2013/05/27 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Unze
[2013/05/27 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Quxuru
[2013/05/27 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Kogycu
[2013/05/27 16:28:53 | 000,000,004 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\skype.ini
:Files
C:\Users\Horst\AppData\Roaming\Unze
C:\Users\Horst\AppData\Roaming\Itko
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

b
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.05.2013, 22:31   #9
doc_jochim
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



So, das mit dem Txt-file ist in Arbeit.

Nachdem ich das mit dem Custom Scan verstanden habe, hatte ich den Scan nochmal gestartet. Allerdings mit dem Ergebnis: Out of Memory...

?!

Alt 27.05.2013, 22:43   #10
markusg
/// Malware-holic
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



kannst trotzdem mit dem fix weitermachen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.05.2013, 22:55   #11
doc_jochim
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



So, das mit dem Upload hat geklappt.

doc

Alt 27.05.2013, 22:55   #12
markusg
/// Malware-holic
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



Danke fürs hochladen.
Wenn du in den normalen modus kommst, folgenes.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.05.2013, 23:06   #13
doc_jochim
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



Hallo, hier das Ergebnis:

Code:
ATTFilter
02:02:07.0349 3424  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:02:07.0364 3424  ============================================================
02:02:07.0364 3424  Current date / time: 2013/05/28 02:02:07.0364
02:02:07.0364 3424  SystemInfo:
02:02:07.0364 3424  
02:02:07.0364 3424  OS Version: 6.0.6002 ServicePack: 2.0
02:02:07.0364 3424  Product type: Workstation
02:02:07.0364 3424  ComputerName: PAPSNEU
02:02:07.0364 3424  UserName: Horst
02:02:07.0364 3424  Windows directory: C:\Windows
02:02:07.0364 3424  System windows directory: C:\Windows
02:02:07.0364 3424  Processor architecture: Intel x86
02:02:07.0364 3424  Number of processors: 4
02:02:07.0364 3424  Page size: 0x1000
02:02:07.0364 3424  Boot type: Normal boot
02:02:07.0364 3424  ============================================================
02:02:08.0690 3424  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:02:08.0768 3424  Drive \Device\Harddisk5\DR6 - Size: 0x3D2DFE00 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:02:08.0768 3424  ============================================================
02:02:08.0768 3424  \Device\Harddisk0\DR0:
02:02:08.0768 3424  MBR partitions:
02:02:08.0768 3424  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37B83000
02:02:08.0784 3424  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x37B8383F, BlocksNum 0x2801402
02:02:08.0784 3424  \Device\Harddisk5\DR6:
02:02:08.0784 3424  MBR partitions:
02:02:08.0784 3424  \Device\Harddisk5\DR6\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E96DF
02:02:08.0784 3424  ============================================================
02:02:08.0831 3424  C: <-> \Device\Harddisk0\DR0\Partition1
02:02:08.0831 3424  D: <-> \Device\Harddisk0\DR0\Partition2
02:02:08.0831 3424  ============================================================
02:02:08.0831 3424  Initialize success
02:02:08.0831 3424  ============================================================
02:02:33.0151 2716  ============================================================
02:02:33.0151 2716  Scan started
02:02:33.0151 2716  Mode: Manual; SigCheck; TDLFS; 
02:02:33.0151 2716  ============================================================
02:02:33.0728 2716  ================ Scan system memory ========================
02:02:33.0728 2716  System memory - ok
02:02:33.0728 2716  ================ Scan services =============================
02:02:33.0931 2716  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
02:02:34.0103 2716  ACPI - ok
02:02:34.0196 2716  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:02:34.0243 2716  AdobeARMservice - ok
02:02:34.0274 2716  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
02:02:34.0321 2716  adp94xx - ok
02:02:34.0352 2716  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
02:02:34.0399 2716  adpahci - ok
02:02:34.0415 2716  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
02:02:34.0461 2716  adpu160m - ok
02:02:34.0477 2716  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
02:02:34.0524 2716  adpu320 - ok
02:02:34.0555 2716  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
02:02:34.0602 2716  AeLookupSvc - ok
02:02:34.0649 2716  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
02:02:34.0711 2716  AFD - ok
02:02:34.0742 2716  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
02:02:34.0789 2716  agp440 - ok
02:02:34.0805 2716  [ 8DC09F3B54DDCAEB52E0DCFA1D55B26A ] ahcix86s        C:\Windows\system32\DRIVERS\ahcix86s.sys
02:02:34.0851 2716  ahcix86s - ok
02:02:34.0883 2716  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
02:02:34.0929 2716  aic78xx - ok
02:02:34.0945 2716  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
02:02:35.0070 2716  ALG - ok
02:02:35.0101 2716  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
02:02:35.0148 2716  aliide - ok
02:02:35.0195 2716  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
02:02:35.0241 2716  amdagp - ok
02:02:35.0273 2716  [ F12456AD77B1C32D8C5CA51927872850 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
02:02:35.0304 2716  amdide - ok
02:02:35.0335 2716  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
02:02:35.0397 2716  AmdK7 - ok
02:02:35.0413 2716  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
02:02:35.0475 2716  AmdK8 - ok
02:02:35.0507 2716  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
02:02:35.0569 2716  Appinfo - ok
02:02:35.0600 2716  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
02:02:35.0631 2716  arc - ok
02:02:35.0647 2716  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
02:02:35.0678 2716  arcsas - ok
02:02:35.0803 2716  [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:02:35.0850 2716  aspnet_state - ok
02:02:35.0865 2716  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
02:02:35.0912 2716  AsyncMac - ok
02:02:35.0928 2716  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
02:02:35.0959 2716  atapi - ok
02:02:35.0990 2716  [ 4AA1EB65481C392955939E735D27118B ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
02:02:36.0037 2716  AtiPcie - ok
02:02:36.0084 2716  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:02:36.0146 2716  AudioEndpointBuilder - ok
02:02:36.0146 2716  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
02:02:36.0177 2716  Audiosrv - ok
02:02:36.0287 2716  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
02:02:36.0349 2716  BBSvc - ok
02:02:36.0365 2716  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
02:02:36.0443 2716  BBUpdate - ok
02:02:36.0489 2716  [ 49EA1829AD8FE3BC7E56B81EC4922BE5 ] BdFileSpy       C:\Windows\system32\drivers\BdFileSpy.sys
02:02:36.0521 2716  BdFileSpy - ok
02:02:36.0552 2716  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
02:02:36.0614 2716  Beep - ok
02:02:36.0645 2716  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
02:02:36.0723 2716  BFE - ok
02:02:36.0801 2716  [ A657A7530574B823DC680101ED69B04F ] BGLiveSvc       C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
02:02:36.0957 2716  BGLiveSvc ( UnsignedFile.Multi.Generic ) - warning
02:02:36.0957 2716  BGLiveSvc - detected UnsignedFile.Multi.Generic (1)
02:02:36.0989 2716  [ 99473441BDB18EC05B3A0704857ED107 ] BgMainSvc       C:\Program Files\BullGuard Software\BullGuard\BsMain.dll
02:02:37.0035 2716  BgMainSvc - ok
02:02:37.0082 2716  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
02:02:37.0191 2716  BITS - ok
02:02:37.0207 2716  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
02:02:37.0269 2716  blbdrive - ok
02:02:37.0285 2716  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
02:02:37.0332 2716  bowser - ok
02:02:37.0347 2716  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
02:02:37.0379 2716  BrFiltLo - ok
02:02:37.0394 2716  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
02:02:37.0441 2716  BrFiltUp - ok
02:02:37.0457 2716  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
02:02:37.0503 2716  Browser - ok
02:02:37.0519 2716  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
02:02:37.0675 2716  Brserid - ok
02:02:37.0691 2716  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
02:02:37.0753 2716  BrSerWdm - ok
02:02:37.0800 2716  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
02:02:37.0862 2716  BrUsbMdm - ok
02:02:37.0878 2716  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
02:02:37.0940 2716  BrUsbSer - ok
02:02:37.0971 2716  [ 14097ADFB42C1C2A1C1BF04EE165125B ] BsFileScan      C:\Program Files\BullGuard Software\BullGuard\BsFileScan.dll
02:02:37.0987 2716  BsFileScan - ok
02:02:38.0018 2716  [ 951BA32E312C68EC8FD725EEE7DB5D60 ] BsMailProxy     C:\Program Files\BullGuard Software\BullGuard\BsMailProxy.dll
02:02:38.0049 2716  BsMailProxy - ok
02:02:38.0065 2716  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
02:02:38.0127 2716  BTHMODEM - ok
02:02:38.0268 2716  catchme - ok
02:02:38.0283 2716  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
02:02:38.0361 2716  cdfs - ok
02:02:38.0408 2716  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
02:02:38.0455 2716  cdrom - ok
02:02:38.0486 2716  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
02:02:38.0549 2716  CertPropSvc - ok
02:02:38.0564 2716  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
02:02:38.0642 2716  circlass - ok
02:02:38.0673 2716  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
02:02:38.0720 2716  CLFS - ok
02:02:38.0767 2716  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:02:38.0814 2716  clr_optimization_v2.0.50727_32 - ok
02:02:38.0876 2716  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:02:38.0939 2716  clr_optimization_v4.0.30319_32 - ok
02:02:38.0954 2716  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
02:02:38.0985 2716  cmdide - ok
02:02:39.0017 2716  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
02:02:39.0157 2716  Compbatt - ok
02:02:39.0235 2716  COMSysApp - ok
02:02:39.0297 2716  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
02:02:39.0329 2716  crcdisk - ok
02:02:39.0360 2716  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
02:02:39.0422 2716  Crusoe - ok
02:02:39.0469 2716  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
02:02:39.0516 2716  CryptSvc - ok
02:02:39.0578 2716  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
02:02:39.0625 2716  DcomLaunch - ok
02:02:39.0672 2716  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
02:02:39.0734 2716  DfsC - ok
02:02:39.0812 2716  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
02:02:40.0031 2716  DFSR - ok
02:02:40.0077 2716  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
02:02:40.0140 2716  Dhcp - ok
02:02:40.0155 2716  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
02:02:40.0202 2716  disk - ok
02:02:40.0249 2716  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
02:02:40.0296 2716  Dnscache - ok
02:02:40.0343 2716  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
02:02:40.0405 2716  dot3svc - ok
02:02:40.0483 2716  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
02:02:40.0561 2716  DPS - ok
02:02:40.0577 2716  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
02:02:40.0639 2716  drmkaud - ok
02:02:40.0717 2716  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
02:02:40.0748 2716  DXGKrnl - ok
02:02:40.0779 2716  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
02:02:40.0826 2716  E1G60 - ok
02:02:40.0873 2716  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
02:02:40.0920 2716  EapHost - ok
02:02:40.0982 2716  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
02:02:41.0029 2716  Ecache - ok
02:02:41.0091 2716  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
02:02:41.0169 2716  ehRecvr - ok
02:02:41.0201 2716  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
02:02:41.0263 2716  ehSched - ok
02:02:41.0294 2716  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
02:02:41.0341 2716  ehstart - ok
02:02:41.0357 2716  elcapi20 - ok
02:02:41.0388 2716  [ B687F79CB390E103AF36DCBB5C417044 ] ElgTaDrv        C:\Windows\system32\Drivers\ElgTaDrv.sys
02:02:41.0435 2716  ElgTaDrv ( UnsignedFile.Multi.Generic ) - warning
02:02:41.0435 2716  ElgTaDrv - detected UnsignedFile.Multi.Generic (1)
02:02:41.0466 2716  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
02:02:41.0544 2716  elxstor - ok
02:02:41.0591 2716  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
02:02:41.0669 2716  EMDMgmt - ok
02:02:41.0700 2716  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
02:02:41.0762 2716  ErrDev - ok
02:02:41.0809 2716  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
02:02:41.0871 2716  EventSystem - ok
02:02:41.0918 2716  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
02:02:41.0981 2716  exfat - ok
02:02:42.0012 2716  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
02:02:42.0074 2716  fastfat - ok
02:02:42.0105 2716  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
02:02:42.0168 2716  fdc - ok
02:02:42.0183 2716  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
02:02:42.0215 2716  fdPHost - ok
02:02:42.0246 2716  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
02:02:42.0308 2716  FDResPub - ok
02:02:42.0324 2716  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
02:02:42.0355 2716  FileInfo - ok
02:02:42.0371 2716  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
02:02:42.0449 2716  Filetrace - ok
02:02:42.0464 2716  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
02:02:42.0511 2716  flpydisk - ok
02:02:42.0542 2716  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
02:02:42.0573 2716  FltMgr - ok
02:02:42.0651 2716  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
02:02:42.0792 2716  FontCache - ok
02:02:42.0854 2716  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:02:42.0885 2716  FontCache3.0.0.0 - ok
02:02:42.0948 2716  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
02:02:42.0995 2716  Fs_Rec - ok
02:02:43.0010 2716  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
02:02:43.0057 2716  gagp30kx - ok
02:02:43.0119 2716  [ 51B2D8629E1A0F463682F365D56325CB ] GnabService     c:\program files\common files\gnab\service\servicecontroller.exe
02:02:43.0151 2716  GnabService ( UnsignedFile.Multi.Generic ) - warning
02:02:43.0151 2716  GnabService - detected UnsignedFile.Multi.Generic (1)
02:02:43.0197 2716  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
02:02:43.0260 2716  gpsvc - ok
02:02:43.0338 2716  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
02:02:43.0400 2716  gupdate - ok
02:02:43.0416 2716  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
02:02:43.0416 2716  gupdatem - ok
02:02:43.0494 2716  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
02:02:43.0556 2716  gusvc - ok
02:02:43.0587 2716  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:02:43.0697 2716  HdAudAddService - ok
02:02:43.0743 2716  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
02:02:43.0775 2716  HDAudBus - ok
02:02:43.0790 2716  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
02:02:43.0868 2716  HidBth - ok
02:02:43.0899 2716  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
02:02:43.0962 2716  HidIr - ok
02:02:43.0993 2716  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
02:02:44.0040 2716  hidserv - ok
02:02:44.0071 2716  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
02:02:44.0102 2716  HidUsb - ok
02:02:44.0133 2716  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
02:02:44.0211 2716  hkmsvc - ok
02:02:44.0243 2716  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
02:02:44.0274 2716  HpCISSs - ok
02:02:44.0305 2716  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
02:02:44.0586 2716  HTTP - ok
02:02:44.0617 2716  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
02:02:44.0648 2716  i2omp - ok
02:02:44.0695 2716  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
02:02:44.0742 2716  i8042prt - ok
02:02:44.0757 2716  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
02:02:44.0835 2716  iaStorV - ok
02:02:44.0929 2716  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:02:45.0085 2716  idsvc - ok
02:02:45.0116 2716  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
02:02:45.0147 2716  iirsp - ok
02:02:45.0194 2716  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
02:02:45.0288 2716  IKEEXT - ok
02:02:45.0397 2716  [ 4C01298060CF930D26A75A86B874B6AE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
02:02:45.0569 2716  IntcAzAudAddService - ok
02:02:45.0600 2716  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
02:02:45.0647 2716  intelide - ok
02:02:45.0662 2716  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
02:02:45.0725 2716  intelppm - ok
02:02:45.0756 2716  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
02:02:45.0803 2716  IPBusEnum - ok
02:02:45.0834 2716  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:02:45.0881 2716  IpFilterDriver - ok
02:02:45.0927 2716  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
02:02:46.0005 2716  iphlpsvc - ok
02:02:46.0005 2716  IpInIp - ok
02:02:46.0021 2716  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
02:02:46.0083 2716  IPMIDRV - ok
02:02:46.0115 2716  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
02:02:46.0146 2716  IPNAT - ok
02:02:46.0161 2716  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
02:02:46.0208 2716  IRENUM - ok
02:02:46.0224 2716  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
02:02:46.0255 2716  isapnp - ok
02:02:46.0302 2716  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
02:02:46.0317 2716  iScsiPrt - ok
02:02:46.0333 2716  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
02:02:46.0364 2716  iteatapi - ok
02:02:46.0380 2716  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
02:02:46.0395 2716  iteraid - ok
02:02:46.0427 2716  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
02:02:46.0458 2716  kbdclass - ok
02:02:46.0473 2716  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
02:02:46.0536 2716  kbdhid - ok
02:02:46.0567 2716  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
02:02:46.0598 2716  KeyIso - ok
02:02:46.0629 2716  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
02:02:46.0676 2716  KSecDD - ok
02:02:46.0707 2716  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
02:02:46.0770 2716  KtmRm - ok
02:02:46.0801 2716  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
02:02:46.0863 2716  LanmanServer - ok
02:02:46.0910 2716  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:02:46.0988 2716  LanmanWorkstation - ok
02:02:47.0019 2716  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
02:02:47.0082 2716  lltdio - ok
02:02:47.0129 2716  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
02:02:47.0191 2716  lltdsvc - ok
02:02:47.0222 2716  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
02:02:47.0316 2716  lmhosts - ok
02:02:47.0331 2716  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
02:02:47.0378 2716  LSI_FC - ok
02:02:47.0378 2716  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
02:02:47.0425 2716  LSI_SAS - ok
02:02:47.0441 2716  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
02:02:47.0472 2716  LSI_SCSI - ok
02:02:47.0503 2716  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
02:02:47.0550 2716  luafv - ok
02:02:47.0643 2716  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
02:02:47.0690 2716  McComponentHostService - ok
02:02:47.0706 2716  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
02:02:47.0768 2716  Mcx2Svc - ok
02:02:47.0784 2716  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
02:02:47.0815 2716  megasas - ok
02:02:47.0831 2716  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
02:02:47.0893 2716  MegaSR - ok
02:02:47.0924 2716  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
02:02:47.0987 2716  MMCSS - ok
02:02:48.0018 2716  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
02:02:48.0065 2716  Modem - ok
02:02:48.0080 2716  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
02:02:48.0143 2716  monitor - ok
02:02:48.0158 2716  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
02:02:48.0189 2716  mouclass - ok
02:02:48.0221 2716  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
02:02:48.0252 2716  mouhid - ok
02:02:48.0267 2716  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
02:02:48.0299 2716  MountMgr - ok
02:02:48.0314 2716  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
02:02:48.0361 2716  mpio - ok
02:02:48.0392 2716  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
02:02:48.0423 2716  mpsdrv - ok
02:02:48.0470 2716  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
02:02:48.0548 2716  MpsSvc - ok
02:02:48.0579 2716  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
02:02:48.0611 2716  Mraid35x - ok
02:02:48.0657 2716  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
02:02:48.0704 2716  MRxDAV - ok
02:02:48.0735 2716  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
02:02:48.0798 2716  mrxsmb - ok
02:02:48.0813 2716  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:02:48.0891 2716  mrxsmb10 - ok
02:02:48.0923 2716  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:02:48.0969 2716  mrxsmb20 - ok
02:02:48.0985 2716  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
02:02:49.0032 2716  msahci - ok
02:02:49.0047 2716  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
02:02:49.0094 2716  msdsm - ok
02:02:49.0125 2716  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
02:02:49.0188 2716  MSDTC - ok
02:02:49.0219 2716  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
02:02:49.0281 2716  Msfs - ok
02:02:49.0313 2716  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
02:02:49.0344 2716  msisadrv - ok
02:02:49.0375 2716  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
02:02:49.0453 2716  MSiSCSI - ok
02:02:49.0453 2716  msiserver - ok
02:02:49.0484 2716  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
02:02:49.0562 2716  MSKSSRV - ok
02:02:49.0640 2716  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
02:02:49.0703 2716  MSPCLOCK - ok
02:02:49.0734 2716  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
02:02:49.0781 2716  MSPQM - ok
02:02:49.0812 2716  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
02:02:49.0890 2716  MsRPC - ok
02:02:49.0905 2716  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
02:02:49.0952 2716  mssmbios - ok
02:02:49.0983 2716  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
02:02:50.0046 2716  MSTEE - ok
02:02:50.0061 2716  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
02:02:50.0108 2716  Mup - ok
02:02:50.0139 2716  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
02:02:50.0217 2716  napagent - ok
02:02:50.0264 2716  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
02:02:50.0311 2716  NativeWifiP - ok
02:02:50.0342 2716  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
02:02:50.0420 2716  NDIS - ok
02:02:50.0436 2716  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
02:02:50.0483 2716  NdisTapi - ok
02:02:50.0514 2716  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
02:02:50.0576 2716  Ndisuio - ok
02:02:50.0623 2716  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
02:02:50.0685 2716  NdisWan - ok
02:02:50.0701 2716  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
02:02:50.0732 2716  NDProxy - ok
02:02:50.0841 2716  [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
02:02:50.0966 2716  Nero BackItUp Scheduler 3 - ok
02:02:50.0982 2716  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
02:02:51.0044 2716  NetBIOS - ok
02:02:51.0091 2716  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
02:02:51.0153 2716  netbt - ok
02:02:51.0169 2716  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
02:02:51.0185 2716  Netlogon - ok
02:02:51.0216 2716  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
02:02:51.0294 2716  Netman - ok
02:02:51.0325 2716  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
02:02:51.0372 2716  netprofm - ok
02:02:51.0419 2716  [ DF938648626332E830A9BD153110AA75 ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
02:02:51.0481 2716  netr28u - ok
02:02:51.0528 2716  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:02:51.0575 2716  NetTcpPortSharing - ok
02:02:51.0590 2716  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
02:02:51.0637 2716  nfrd960 - ok
02:02:51.0653 2716  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
02:02:51.0731 2716  NlaSvc - ok
02:02:51.0793 2716  [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
02:02:51.0871 2716  NMIndexingService - ok
02:02:51.0918 2716  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
02:02:51.0965 2716  Npfs - ok
02:02:51.0996 2716  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
02:02:52.0043 2716  nsi - ok
02:02:52.0074 2716  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
02:02:52.0136 2716  nsiproxy - ok
02:02:52.0199 2716  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
02:02:52.0386 2716  Ntfs - ok
02:02:52.0417 2716  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
02:02:52.0511 2716  ntrigdigi - ok
02:02:52.0526 2716  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
02:02:52.0573 2716  Null - ok
02:02:52.0760 2716  [ 0A19680CA54D262534F8A2F4CF79E271 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:02:53.0150 2716  nvlddmkm - ok
02:02:53.0181 2716  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
02:02:53.0244 2716  nvraid - ok
02:02:53.0259 2716  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
02:02:53.0306 2716  nvstor - ok
02:02:53.0337 2716  [ 342FCBF0B293DBEC54B055418DF1EE7E ] nvsvc           C:\Windows\system32\nvvsvc.exe
02:02:53.0337 2716  nvsvc - ok
02:02:53.0369 2716  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
02:02:53.0400 2716  nv_agp - ok
02:02:53.0415 2716  NwlnkFlt - ok
02:02:53.0431 2716  NwlnkFwd - ok
02:02:53.0493 2716  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:02:53.0587 2716  odserv - ok
02:02:53.0634 2716  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
02:02:53.0681 2716  ohci1394 - ok
02:02:53.0727 2716  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:02:53.0790 2716  ose - ok
02:02:53.0852 2716  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
02:02:53.0915 2716  p2pimsvc - ok
02:02:53.0930 2716  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
02:02:53.0961 2716  p2psvc - ok
02:02:53.0993 2716  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
02:02:54.0055 2716  Parport - ok
02:02:54.0071 2716  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
02:02:54.0102 2716  partmgr - ok
02:02:54.0117 2716  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
02:02:54.0164 2716  Parvdm - ok
02:02:54.0195 2716  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
02:02:54.0242 2716  PcaSvc - ok
02:02:54.0273 2716  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
02:02:54.0320 2716  pci - ok
02:02:54.0336 2716  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
02:02:54.0383 2716  pciide - ok
02:02:54.0398 2716  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
02:02:54.0461 2716  pcmcia - ok
02:02:54.0492 2716  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
02:02:54.0663 2716  PEAUTH - ok
02:02:54.0913 2716  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
02:02:55.0038 2716  pla - ok
02:02:55.0069 2716  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
02:02:55.0085 2716  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
02:02:55.0085 2716  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
02:02:55.0147 2716  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
02:02:55.0194 2716  PlugPlay - ok
02:02:55.0225 2716  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
02:02:55.0256 2716  PNRPAutoReg - ok
02:02:55.0287 2716  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
02:02:55.0303 2716  PNRPsvc - ok
02:02:55.0350 2716  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
02:02:55.0428 2716  PolicyAgent - ok
02:02:55.0443 2716  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
02:02:55.0490 2716  PptpMiniport - ok
02:02:55.0521 2716  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\DRIVERS\processr.sys
02:02:55.0584 2716  Processor - ok
02:02:55.0615 2716  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
02:02:55.0693 2716  ProfSvc - ok
02:02:55.0709 2716  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
02:02:55.0724 2716  ProtectedStorage - ok
02:02:55.0755 2716  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
02:02:55.0787 2716  PSched - ok
02:02:55.0833 2716  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
02:02:55.0958 2716  ql2300 - ok
02:02:55.0974 2716  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
02:02:56.0036 2716  ql40xx - ok
02:02:56.0067 2716  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
02:02:56.0099 2716  QWAVE - ok
02:02:56.0130 2716  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
02:02:56.0177 2716  QWAVEdrv - ok
02:02:56.0177 2716  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
02:02:56.0223 2716  RasAcd - ok
02:02:56.0239 2716  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
02:02:56.0270 2716  RasAuto - ok
02:02:56.0286 2716  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
02:02:56.0333 2716  Rasl2tp - ok
02:02:56.0364 2716  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
02:02:56.0411 2716  RasMan - ok
02:02:56.0426 2716  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
02:02:56.0473 2716  RasPppoe - ok
02:02:56.0489 2716  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
02:02:56.0504 2716  RasSstp - ok
02:02:56.0535 2716  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
02:02:56.0598 2716  rdbss - ok
02:02:56.0613 2716  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
02:02:56.0645 2716  RDPCDD - ok
02:02:56.0676 2716  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
02:02:56.0738 2716  rdpdr - ok
02:02:56.0754 2716  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
02:02:56.0801 2716  RDPENCDD - ok
02:02:56.0847 2716  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
02:02:56.0910 2716  RDPWD - ok
02:02:56.0941 2716  [ 7528B6F193D76A7183271E44F04A7905 ] Reconn          C:\Program Files\BullGuard Software\BullGuard\reconn.sys
02:02:56.0988 2716  Reconn - ok
02:02:57.0019 2716  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
02:02:57.0081 2716  RemoteAccess - ok
02:02:57.0113 2716  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
02:02:57.0175 2716  RemoteRegistry - ok
02:02:57.0237 2716  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
02:02:57.0300 2716  RichVideo - ok
02:02:57.0315 2716  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
02:02:57.0362 2716  RpcLocator - ok
02:02:57.0393 2716  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
02:02:57.0471 2716  RpcSs - ok
02:02:57.0503 2716  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
02:02:57.0581 2716  rspndr - ok
02:02:57.0596 2716  [ ABBE0F54BA3A378262C9CB86CF7D91F8 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
02:02:57.0705 2716  RTL8169 - ok
02:02:57.0721 2716  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
02:02:57.0752 2716  SamSs - ok
02:02:57.0768 2716  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
02:02:57.0815 2716  sbp2port - ok
02:02:57.0846 2716  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
02:02:57.0893 2716  SCardSvr - ok
02:02:57.0939 2716  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
02:02:58.0002 2716  Schedule - ok
02:02:58.0033 2716  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
02:02:58.0064 2716  SCPolicySvc - ok
02:02:58.0080 2716  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
02:02:58.0158 2716  SDRSVC - ok
02:02:58.0158 2716  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
02:02:58.0251 2716  secdrv - ok
02:02:58.0283 2716  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
02:02:58.0361 2716  seclogon - ok
02:02:58.0376 2716  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
02:02:58.0439 2716  SENS - ok
02:02:58.0454 2716  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
02:02:58.0501 2716  Serenum - ok
02:02:58.0532 2716  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
02:02:58.0563 2716  Serial - ok
02:02:58.0579 2716  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
02:02:58.0626 2716  sermouse - ok
02:02:58.0657 2716  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
02:02:58.0688 2716  SessionEnv - ok
02:02:58.0719 2716  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
02:02:58.0766 2716  sffdisk - ok
02:02:58.0766 2716  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
02:02:58.0813 2716  sffp_mmc - ok
02:02:58.0829 2716  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
02:02:58.0875 2716  sffp_sd - ok
02:02:58.0907 2716  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
02:02:58.0953 2716  sfloppy - ok
02:02:58.0985 2716  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
02:02:59.0063 2716  SharedAccess - ok
02:02:59.0094 2716  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:02:59.0141 2716  ShellHWDetection - ok
02:02:59.0172 2716  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
02:02:59.0203 2716  sisagp - ok
02:02:59.0219 2716  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
02:02:59.0250 2716  SiSRaid2 - ok
02:02:59.0265 2716  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
02:02:59.0297 2716  SiSRaid4 - ok
02:02:59.0484 2716  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
02:02:59.0999 2716  slsvc - ok
02:03:00.0061 2716  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
02:03:00.0123 2716  SLUINotify - ok
02:03:00.0170 2716  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
02:03:00.0233 2716  Smb - ok
02:03:00.0264 2716  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
02:03:00.0295 2716  SNMPTRAP - ok
02:03:00.0326 2716  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
02:03:00.0389 2716  spldr - ok
02:03:00.0420 2716  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
02:03:00.0482 2716  Spooler - ok
02:03:00.0545 2716  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
02:03:00.0654 2716  srv - ok
02:03:00.0685 2716  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
02:03:00.0747 2716  srv2 - ok
02:03:00.0857 2716  [ 71DB619F4068D7C70D447D73617CDFAC ] srvcPVR         C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
02:03:01.0137 2716  srvcPVR ( UnsignedFile.Multi.Generic ) - warning
02:03:01.0137 2716  srvcPVR - detected UnsignedFile.Multi.Generic (1)
02:03:01.0184 2716  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
02:03:01.0231 2716  srvnet - ok
02:03:01.0247 2716  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
02:03:01.0293 2716  SSDPSRV - ok
02:03:01.0309 2716  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
02:03:01.0356 2716  SstpSvc - ok
02:03:01.0387 2716  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
02:03:01.0449 2716  stisvc - ok
02:03:01.0481 2716  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
02:03:01.0512 2716  swenum - ok
02:03:01.0559 2716  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
02:03:01.0605 2716  swprv - ok
02:03:01.0621 2716  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
02:03:01.0652 2716  Symc8xx - ok
02:03:01.0668 2716  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
02:03:01.0699 2716  Sym_hi - ok
02:03:01.0730 2716  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
02:03:01.0761 2716  Sym_u3 - ok
02:03:01.0808 2716  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
02:03:01.0886 2716  SysMain - ok
02:03:01.0902 2716  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:03:01.0949 2716  TabletInputService - ok
02:03:01.0995 2716  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
02:03:02.0058 2716  TapiSrv - ok
02:03:02.0073 2716  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
02:03:02.0136 2716  TBS - ok
02:03:02.0198 2716  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
02:03:02.0292 2716  Tcpip - ok
02:03:02.0307 2716  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
02:03:02.0339 2716  Tcpip6 - ok
02:03:02.0370 2716  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
02:03:02.0417 2716  tcpipreg - ok
02:03:02.0432 2716  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
02:03:02.0479 2716  TDPIPE - ok
02:03:02.0510 2716  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
02:03:02.0557 2716  TDTCP - ok
02:03:02.0588 2716  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
02:03:02.0635 2716  tdx - ok
02:03:02.0651 2716  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
02:03:02.0682 2716  TermDD - ok
02:03:02.0713 2716  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
02:03:02.0791 2716  TermService - ok
02:03:02.0807 2716  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
02:03:02.0838 2716  Themes - ok
02:03:02.0853 2716  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
02:03:02.0900 2716  THREADORDER - ok
02:03:02.0916 2716  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
02:03:02.0978 2716  TrkWks - ok
02:03:03.0009 2716  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:03:03.0041 2716  TrustedInstaller - ok
02:03:03.0072 2716  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
02:03:03.0119 2716  tssecsrv - ok
02:03:03.0150 2716  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
02:03:03.0181 2716  tunmp - ok
02:03:03.0212 2716  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
02:03:03.0243 2716  tunnel - ok
02:03:03.0243 2716  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
02:03:03.0275 2716  uagp35 - ok
02:03:03.0321 2716  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
02:03:03.0384 2716  udfs - ok
02:03:03.0415 2716  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
02:03:03.0477 2716  UI0Detect - ok
02:03:03.0493 2716  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
02:03:03.0540 2716  uliagpkx - ok
02:03:03.0555 2716  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
02:03:03.0602 2716  uliahci - ok
02:03:03.0618 2716  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
02:03:03.0665 2716  UlSata - ok
02:03:03.0680 2716  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
02:03:03.0711 2716  ulsata2 - ok
02:03:03.0727 2716  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
02:03:03.0789 2716  umbus - ok
02:03:03.0805 2716  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
02:03:03.0852 2716  upnphost - ok
02:03:03.0899 2716  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
02:03:03.0930 2716  usbccgp - ok
02:03:03.0945 2716  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
02:03:04.0023 2716  usbcir - ok
02:03:04.0055 2716  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
02:03:04.0117 2716  usbehci - ok
02:03:04.0133 2716  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
02:03:04.0179 2716  usbhub - ok
02:03:04.0211 2716  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
02:03:04.0257 2716  usbohci - ok
02:03:04.0273 2716  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
02:03:04.0320 2716  usbprint - ok
02:03:04.0335 2716  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
02:03:04.0382 2716  usbscan - ok
02:03:04.0398 2716  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:03:04.0429 2716  USBSTOR - ok
02:03:04.0445 2716  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
02:03:04.0491 2716  usbuhci - ok
02:03:04.0523 2716  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
02:03:04.0554 2716  UxSms - ok
02:03:04.0585 2716  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
02:03:04.0647 2716  vds - ok
02:03:04.0663 2716  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
02:03:04.0725 2716  vga - ok
02:03:04.0741 2716  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
02:03:04.0819 2716  VgaSave - ok
02:03:04.0835 2716  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
02:03:04.0881 2716  viaagp - ok
02:03:04.0897 2716  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
02:03:04.0959 2716  ViaC7 - ok
02:03:04.0975 2716  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
02:03:05.0006 2716  viaide - ok
02:03:05.0006 2716  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
02:03:05.0037 2716  volmgr - ok
02:03:05.0069 2716  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
02:03:05.0162 2716  volmgrx - ok
02:03:05.0193 2716  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
02:03:05.0209 2716  volsnap - ok
02:03:05.0225 2716  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
02:03:05.0271 2716  vsmraid - ok
02:03:05.0318 2716  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
02:03:05.0459 2716  VSS - ok
02:03:05.0474 2716  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
02:03:05.0552 2716  W32Time - ok
02:03:05.0568 2716  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
02:03:05.0630 2716  WacomPen - ok
02:03:05.0646 2716  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
02:03:05.0677 2716  Wanarp - ok
02:03:05.0693 2716  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
02:03:05.0708 2716  Wanarpv6 - ok
02:03:05.0755 2716  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
02:03:05.0833 2716  wcncsvc - ok
02:03:05.0864 2716  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:03:05.0927 2716  WcsPlugInService - ok
02:03:05.0927 2716  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
02:03:05.0973 2716  Wd - ok
02:03:06.0036 2716  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
02:03:06.0083 2716  Wdf01000 - ok
02:03:06.0098 2716  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
02:03:06.0161 2716  WdiServiceHost - ok
02:03:06.0161 2716  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
02:03:06.0192 2716  WdiSystemHost - ok
02:03:06.0239 2716  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
02:03:06.0285 2716  WebClient - ok
02:03:06.0317 2716  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
02:03:06.0363 2716  Wecsvc - ok
02:03:06.0395 2716  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
02:03:06.0441 2716  wercplsupport - ok
02:03:06.0473 2716  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
02:03:06.0535 2716  WerSvc - ok
02:03:06.0582 2716  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
02:03:06.0644 2716  WinDefend - ok
02:03:06.0660 2716  WinHttpAutoProxySvc - ok
02:03:06.0753 2716  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
02:03:06.0800 2716  Winmgmt - ok
02:03:06.0863 2716  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
02:03:07.0003 2716  WinRM - ok
02:03:07.0065 2716  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
02:03:07.0175 2716  Wlansvc - ok
02:03:07.0206 2716  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
02:03:07.0268 2716  WmiAcpi - ok
02:03:07.0284 2716  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
02:03:07.0362 2716  wmiApSrv - ok
02:03:07.0409 2716  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
02:03:07.0565 2716  WMPNetworkSvc - ok
02:03:07.0596 2716  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
02:03:07.0658 2716  WPCSvc - ok
02:03:07.0689 2716  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
02:03:07.0721 2716  WPDBusEnum - ok
02:03:07.0799 2716  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:03:07.0970 2716  WPFFontCache_v0400 - ok
02:03:07.0986 2716  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
02:03:08.0048 2716  ws2ifsl - ok
02:03:08.0079 2716  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
02:03:08.0095 2716  wscsvc - ok
02:03:08.0111 2716  WSearch - ok
02:03:08.0189 2716  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
02:03:08.0282 2716  wuauserv - ok
02:03:08.0313 2716  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
02:03:08.0360 2716  WudfPf - ok
02:03:08.0391 2716  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
02:03:08.0454 2716  WUDFRd - ok
02:03:08.0485 2716  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
02:03:08.0547 2716  wudfsvc - ok
02:03:08.0610 2716  [ 5867CE254625645345C833510D24F124 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\HomeCinema\PlayMovie\000.fcl
02:03:08.0625 2716  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
02:03:08.0657 2716  [ 5867CE254625645345C833510D24F124 ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files\HomeCinema\PowerDVD\000.fcl
02:03:08.0672 2716  {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
02:03:08.0672 2716  ================ Scan global ===============================
02:03:08.0688 2716  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
02:03:08.0750 2716  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
02:03:08.0797 2716  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
02:03:08.0844 2716  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
02:03:08.0891 2716  [Global] - ok
02:03:08.0891 2716  ================ Scan MBR ==================================
02:03:08.0906 2716  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
02:03:09.0593 2716  \Device\Harddisk0\DR0 - ok
02:03:09.0608 2716  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk5\DR6
02:03:12.0681 2716  \Device\Harddisk5\DR6 - ok
02:03:12.0681 2716  ================ Scan VBR ==================================
02:03:12.0697 2716  [ E1FFAC0ED44E81D1648E4BBEE67E039C ] \Device\Harddisk0\DR0\Partition1
02:03:12.0713 2716  \Device\Harddisk0\DR0\Partition1 - ok
02:03:12.0728 2716  [ 314C26040FBA5E36A543A7F96EE50FC8 ] \Device\Harddisk0\DR0\Partition2
02:03:12.0728 2716  \Device\Harddisk0\DR0\Partition2 - ok
02:03:12.0744 2716  [ 835A21A48AC124522F60FFE932CD7044 ] \Device\Harddisk5\DR6\Partition1
02:03:12.0744 2716  \Device\Harddisk5\DR6\Partition1 - ok
02:03:12.0744 2716  ============================================================
02:03:12.0744 2716  Scan finished
02:03:12.0744 2716  ============================================================
02:03:12.0759 0460  Detected object count: 5
02:03:12.0759 0460  Actual detected object count: 5
02:04:04.0411 0460  BGLiveSvc ( UnsignedFile.Multi.Generic ) - skipped by user
02:04:04.0411 0460  BGLiveSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:04:04.0411 0460  ElgTaDrv ( UnsignedFile.Multi.Generic ) - skipped by user
02:04:04.0411 0460  ElgTaDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:04:04.0411 0460  GnabService ( UnsignedFile.Multi.Generic ) - skipped by user
02:04:04.0411 0460  GnabService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:04:04.0411 0460  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:04:04.0411 0460  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:04:04.0427 0460  srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
02:04:04.0427 0460  srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
02:04:10.0823 1136  Deinitialize success
         
doc

Alt 27.05.2013, 23:12   #14
markusg
/// Malware-holic
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



Hi,
wird dieses Gerät für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem genutzt?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.05.2013, 23:23   #15
doc_jochim
 
GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Standard

GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?



Zitat:
Zitat von markusg Beitrag anzeigen
für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem genutzt?
Ja...

Antwort

Themen zu GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?
erbarmt, falsches, gvu-trojaner, kaffee, kostet, leiste, profis, schonmal, vista, überhaupt, zwischen, öfter



Ähnliche Themen: GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?


  1. wenn ich meinen Rechner hochfahre (Windows 8.1) komme ich bis zur Passwort-Abfrage. Der Monitor meines Pavilion Netbooks wird schwarz.
    Log-Analyse und Auswertung - 08.02.2015 (9)
  2. Win8-Rechner noch so infiziert, dass dieser neu aufgesetzt werden muss ?
    Log-Analyse und Auswertung - 04.11.2014 (12)
  3. yahoo account meines Vaters versendet laut den Bekannten öfter Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 18.06.2014 (5)
  4. Vista32 - Malwarebytes Check - Babylon (PUP.Optional.Babylon.A)
    Log-Analyse und Auswertung - 16.08.2013 (9)
  5. GVU Trojaner mit Webcam, kein abgesicherter Modus, Vista32
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (19)
  6. USA und China richten Arbeitsgruppen für Internet-Sicherheit ein
    Nachrichten - 14.04.2013 (0)
  7. Trojan.Agent auf dem PC meines Vaters
    Log-Analyse und Auswertung - 04.12.2012 (2)
  8. Loganalyse meines Trojaner (Firefoxproblem)
    Mülltonne - 08.10.2012 (1)
  9. Gvu-Trojaner 2.07 auf dem Pc meines Vaters (Win 7 32Bit)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (9)
  10. Anscheinend Bundespolizei-Trojaner auf Rechner meines Freundes
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (2)
  11. Suisa Virus blockiert meinen Windows 7 Rechner in jedem Modus meines Laptops
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (23)
  12. Viren: alkomat.exe ; viagra.exe ; ComputerSchock.exe was richten sie an?
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  13. Auswertung meines Logfiles nach Trojaner
    Log-Analyse und Auswertung - 16.12.2010 (4)
  14. Trojaner auf Lappi meines Schwagers
    Plagegeister aller Art und deren Bekämpfung - 13.09.2009 (1)
  15. Trojaner+Antivirus2008 auf Rechner meines Vaters
    Plagegeister aller Art und deren Bekämpfung - 24.07.2008 (10)
  16. hab verdacht von befall meines rechner's
    Plagegeister aller Art und deren Bekämpfung - 05.06.2007 (7)
  17. Vaters rechner
    Log-Analyse und Auswertung - 21.11.2006 (28)

Zum Thema GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? - Hallo, der Vista-Rechner meines Vaters hat jetzt den hier inzwischen schon öfter behandelten GVU-Trojaner eingefangen. Da hat wohl jemand irgendwo was falsches angeklickt... Und wer soll es jetzt wieder richten? - GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?...
Archiv
Du betrachtest: GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.