| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
27.05.2013, 20:58
| #1 |
 |  GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? Hallo, der Vista-Rechner meines Vaters hat jetzt den hier inzwischen schon öfter behandelten GVU-Trojaner eingefangen. Da hat wohl jemand irgendwo was falsches angeklickt...  Und wer soll es jetzt wieder richten? Das kostet mich sicher tage- und nächtelange Arbeit...  Es sei denn, einer von Euch Profis erbarmt sich und kann mir vielleicht Hilfe leisten.  Erschwerend kommt hinzu, daß ich mich mit Vista überhaupt gar nicht auskenne. Danke hiermit schonmal im Voraus für Eure Hilfe doc |
|
27.05.2013, 21:01
| #2 |
| /// Malware-holic   | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? Hi,
__________________kommst du an nen pc mit brenner? download: ISO Burner - Download - Filepony isoburner anleitung: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html • Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die  Textbox. Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ |
|
27.05.2013, 21:50
| #3 | |||
| | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?Zitat:
Zitat:
Zitat:
Muß ich da etwas in dem CD-Betriebssystem REATOGO-X-PE einstellen? doc |
|
27.05.2013, 21:54
| #4 |
| /// Malware-holic | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? dann mal text speichern, stick raus, neustarten von der CD stick rein und speichern
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.05.2013, 22:02
| #5 |
| | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? So, jetzt hat der befallene Rechner wieder das Netzwerkkabel. Nur noch kurz die Frage: Wie geht das mit der Textbox? doc |
|
27.05.2013, 22:05
| #6 |
| /// Malware-holic | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? einfach das aus der textbox kopieren in das otl eingabefeld du kannnst es entweder mit der Maus markieren, rechtsklick kopieren und dann rechtsklick in otl und einfügen bzw strg+v oder bei der Textbox auf alles auswählen, dann sparst du dir das Markieren.
__________________ --> GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? |
|
27.05.2013, 22:07
| #7 |
| | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? Ich probiere es mal mit dem Code... Code:
ATTFilter OTL logfile created on: 5/27/2013 11:43:17 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445.76 Gb Total Space | 341.54 Gb Free Space | 76.62% Space Free | Partition Type: NTFS
Drive D: | 19.99 Gb Total Space | 10.40 Gb Free Space | 52.01% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/02/10 06:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 06:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2008/09/30 15:23:10 | 000,058,696 | ---- | M] (BullGuard Ltd.) [Auto] -- C:\Program Files\BullGuard Software\BullGuard\BsMailProxy.dll -- (BsMailProxy)
SRV - [2008/09/30 15:22:37 | 000,107,848 | ---- | M] (BullGuard Ltd.) [Auto] -- C:\Program Files\BullGuard Software\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2008/09/30 15:22:31 | 000,718,152 | ---- | M] (BullGuard Software) [Auto] -- C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe -- (BGLiveSvc)
SRV - [2008/09/30 15:22:16 | 000,083,272 | ---- | M] (BullGuard, Ltd.) [On_Demand] -- C:\Program Files\BullGuard Software\BullGuard\BsMain.dll -- (BgMainSvc)
SRV - [2008/02/28 12:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/13 12:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto] -- C:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | Auto] -- -- (elcapi20)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2008/09/30 15:22:42 | 000,050,896 | ---- | M] (BullGuard Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy)
DRV - [2008/04/03 06:56:00 | 007,444,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/15 10:17:14 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/02/14 09:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/17 16:35:30 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\HomeCinema\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2008/01/16 12:27:56 | 000,174,600 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/11/21 06:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/10/11 21:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2007/05/16 07:07:58 | 000,016,984 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand] -- C:\Program Files\BullGuard Software\BullGuard\Reconn.sys -- (Reconn)
DRV - [2006/10/30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2002/07/15 06:43:06 | 000,073,660 | ---- | M] (elmeg Kommunikationstechnik) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ElgTaDrv.sys -- (ElgTaDrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Horst_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Horst_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Horst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\System32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2008/10/05 07:35:00 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\bullguard.exe (BullGuard Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Horst_ON_C..\Run: [AdobeUpdater] File not found
O4 - HKU\Horst_ON_C..\Run: [Bateittuy] C:\Users\Horst\AppData\Roaming\Itko\liobb.exe (Sysinternals)
O4 - HKU\Horst_ON_C..\Run: [IExplorer Util] C:\Users\Horst\AppData\Roaming\ie_util.exe (Sysinternals)
O4 - HKU\Horst_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\Horst_ON_C..\Run: [Reqitoi] C:\Users\Horst\AppData\Roaming\Unze\okpy.exe (Sysinternals)
O4 - Startup: C:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Horst_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Horst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Horst_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Horst_ON_C Winlogon: Shell - (C:\Users\Horst\AppData\Roaming\skype.dat) - C:\Users\Horst\AppData\Roaming\skype.dat ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9cb123c9-063b-11e1-aabf-001d92b5bf74}\Shell - "" = AutoRun
O33 - MountPoints2\{9cb123c9-063b-11e1-aabf-001d92b5bf74}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/05/27 12:41:14 | 000,059,392 | ---- | C] (Sysinternals) -- C:\Users\Horst\AppData\Roaming\ie_util.exe
[2013/05/27 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Itko
[2013/05/27 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Ikxu
[2013/05/27 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Deym
[2013/05/27 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Unze
[2013/05/27 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Quxuru
[2013/05/27 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Kogycu
[2013/05/16 07:28:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/16 07:17:01 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/05/16 07:16:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/16 07:16:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/16 07:16:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/16 07:16:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/16 07:16:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/05/16 07:16:35 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/16 07:16:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/16 07:16:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/15 08:45:24 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 08:45:17 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
========== Files - Modified Within 30 Days ==========
[2013/05/27 16:29:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/27 16:29:00 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 16:29:00 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 16:28:53 | 000,000,004 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\skype.ini
[2013/05/27 16:19:15 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/27 16:19:15 | 000,634,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/27 16:19:15 | 000,146,266 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/27 16:19:15 | 000,120,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/27 16:13:46 | 000,007,592 | ---- | M] () -- C:\Users\Horst\AppData\Local\d3d9caps.dat
[2013/05/27 16:12:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/27 16:11:33 | 3219,316,736 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/27 15:12:57 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/27 12:41:13 | 000,059,392 | ---- | M] (Sysinternals) -- C:\Users\Horst\AppData\Roaming\ie_util.exe
[2013/05/24 06:12:27 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/23 12:05:51 | 000,016,463 | ---- | M] () -- C:\Users\Horst\Documents\Wibbing u. Laucht Mietforderungen 15.01.13.odt
[2013/05/22 13:52:11 | 000,016,555 | ---- | M] () -- C:\Users\Horst\Documents\Beihilfe.odt
[2013/05/17 06:14:57 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/05/16 08:32:52 | 000,373,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/05 15:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/01 20:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/29 06:47:57 | 000,013,656 | ---- | M] () -- C:\Users\Horst\Documents\NK-Anschreiben.odt
========== Files Created - No Company Name ==========
[2013/05/27 16:11:33 | 3219,316,736 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/27 12:45:33 | 000,000,004 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\skype.ini
[2013/01/14 06:38:27 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/01/09 17:38:48 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2013/01/09 17:38:47 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2013/01/09 17:38:47 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2013/01/09 17:38:47 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2013/01/09 17:38:47 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2013/01/09 17:38:47 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2013/01/09 17:38:47 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2013/01/09 17:38:47 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2013/01/09 17:38:47 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2013/01/09 17:38:47 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2013/01/09 17:38:47 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2013/01/09 17:38:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2013/01/09 17:38:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2013/01/09 17:38:47 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2013/01/09 17:38:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2013/01/09 17:38:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2013/01/09 17:38:47 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2013/01/09 17:38:47 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2013/01/09 17:38:47 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/06/03 16:55:10 | 000,000,950 | ---- | C] () -- C:\Windows\XI420Ke.INI
[2012/01/11 04:27:45 | 000,060,928 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\skype.dat
[2011/10/27 04:19:18 | 000,000,540 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\wklnhst.dat
[2011/03/14 15:29:04 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini
[2009/08/18 19:19:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/18 19:19:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/15 09:19:21 | 000,216,064 | ---- | C] () -- C:\Windows\PEV.exe
[2009/08/15 09:19:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/08/15 09:19:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/08/15 09:19:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/06/30 15:53:26 | 000,024,206 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\UserTile.png
[2009/06/30 14:38:31 | 000,007,592 | ---- | C] () -- C:\Users\Horst\AppData\Local\d3d9caps.dat
[2008/10/27 14:00:06 | 000,000,574 | ---- | C] () -- C:\Users\Horst\AppData\default.pls
[2008/10/16 13:52:05 | 000,030,208 | ---- | C] () -- C:\Users\Horst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/05 08:23:01 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/10/05 08:23:01 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/10/05 07:44:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/22 16:10:26 | 000,000,093 | ---- | C] () -- C:\Users\Horst\AppData\Local\fusioncache.dat
[2008/04/21 07:34:30 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008/04/21 07:34:30 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008/04/21 04:47:19 | 000,000,052 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008/03/31 09:47:15 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008/03/31 09:24:19 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008/03/31 09:24:18 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008/01/21 03:15:58 | 000,674,582 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,146,266 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,373,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,634,440 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,120,004 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2008/09/22 16:14:15 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Buhl Data Service GmbH
[2009/09/02 06:54:25 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\BullGuard
[2013/05/27 16:28:56 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Deym
[2012/01/29 06:46:56 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Hemera
[2013/05/27 12:40:24 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Ikxu
[2013/05/27 12:40:24 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Itko
[2013/05/27 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Kogycu
[2011/11/03 14:15:27 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\OpenOffice.org
[2013/05/27 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Quxuru
[2013/02/14 08:06:25 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Sommer Informatik GmbH
[2013/02/14 09:30:58 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\TeamViewer
[2011/10/27 04:19:25 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Template
[2009/01/02 13:40:44 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Ulead Systems
[2009/08/15 10:37:53 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Uniblue
[2013/05/27 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Horst\AppData\Roaming\Unze
[2008/09/22 15:49:30 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/09/22 16:14:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2012/08/28 15:39:49 | 000,000,000 | ---D | M] -- C:\ProgramData\BullGuard
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/09/22 15:49:30 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/09/22 15:49:30 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/03/31 09:45:39 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2008/03/31 09:39:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Gnab
[2008/03/31 10:31:14 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2009/01/04 17:17:10 | 000,000,000 | ---D | M] -- C:\ProgramData\OLYMPUS
[2013/01/09 18:35:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Panasonic
[2009/02/03 15:20:49 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayMovie
[2008/04/21 07:35:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonavis
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/09/22 15:49:30 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/03/28 09:35:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008/09/22 15:49:30 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/04/01 04:48:38 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2013/05/27 16:29:00 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 912 bytes -> C:\Users\Horst\Documents\Sommer-Informatik Kosten2_weg.eml:OECustomProperty
@Alternate Data Stream - 880 bytes -> C:\Users\Horst\Documents\Fachberatung für Elektrogroßgeräte.eml:OECustomProperty
@Alternate Data Stream - 574 bytes -> C:\Users\Horst\Documents\Entwürfe.eml:OECustomProperty
< End of report >
Wer lesen kann, ist klar im Vorteil. Also nochmal...: Er scannt und scannt und scannt... doc |
|
27.05.2013, 22:20
| #8 |
| /// Malware-holic | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? Hi, auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O4 - HKU\Horst_ON_C..\Run: [Reqitoi] C:\Users\Horst\AppData\Roaming\Unze\okpy.exe (Sysinternals)
O4 - HKU\Horst_ON_C..\Run: [IExplorer Util] C:\Users\Horst\AppData\Roaming\ie_util.exe (Sysinternals)
O4 - HKU\Horst_ON_C..\Run: [Bateittuy] C:\Users\Horst\AppData\Roaming\Itko\liobb.exe (Sysinternals)
O20 - HKU\Horst_ON_C Winlogon: Shell - (C:\Users\Horst\AppData\Roaming\skype.dat) - C:\Users\Horst\AppData\Roaming\skype.dat ()
[2013/05/27 12:41:14 | 000,059,392 | ---- | C] (Sysinternals) -- C:\Users\Horst\AppData\Roaming\ie_util.exe
[2013/05/27 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Itko
[2013/05/27 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Ikxu
[2013/05/27 12:40:24 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Deym
[2013/05/27 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Unze
[2013/05/27 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Quxuru
[2013/05/27 12:40:11 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Kogycu
[2013/05/27 16:28:53 | 000,000,004 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\skype.ini
:Files
C:\Users\Horst\AppData\Roaming\Unze
C:\Users\Horst\AppData\Roaming\Itko
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 b
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.05.2013, 22:31
| #9 |
| | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? So, das mit dem Txt-file ist in Arbeit. Nachdem ich das mit dem Custom Scan verstanden habe, hatte ich den Scan nochmal gestartet. Allerdings mit dem Ergebnis: Out of Memory... ?! |
|
27.05.2013, 22:43
| #10 |
| /// Malware-holic | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? kannst trotzdem mit dem fix weitermachen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.05.2013, 22:55
| #11 |
| | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? So, das mit dem Upload hat geklappt. doc |
|
27.05.2013, 22:55
| #12 |
| /// Malware-holic | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? Danke fürs hochladen. Wenn du in den normalen modus kommst, folgenes. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.05.2013, 23:06
| #13 |
| | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? Hallo, hier das Ergebnis: Code:
ATTFilter 02:02:07.0349 3424 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:02:07.0364 3424 ============================================================
02:02:07.0364 3424 Current date / time: 2013/05/28 02:02:07.0364
02:02:07.0364 3424 SystemInfo:
02:02:07.0364 3424
02:02:07.0364 3424 OS Version: 6.0.6002 ServicePack: 2.0
02:02:07.0364 3424 Product type: Workstation
02:02:07.0364 3424 ComputerName: PAPSNEU
02:02:07.0364 3424 UserName: Horst
02:02:07.0364 3424 Windows directory: C:\Windows
02:02:07.0364 3424 System windows directory: C:\Windows
02:02:07.0364 3424 Processor architecture: Intel x86
02:02:07.0364 3424 Number of processors: 4
02:02:07.0364 3424 Page size: 0x1000
02:02:07.0364 3424 Boot type: Normal boot
02:02:07.0364 3424 ============================================================
02:02:08.0690 3424 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:02:08.0768 3424 Drive \Device\Harddisk5\DR6 - Size: 0x3D2DFE00 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:02:08.0768 3424 ============================================================
02:02:08.0768 3424 \Device\Harddisk0\DR0:
02:02:08.0768 3424 MBR partitions:
02:02:08.0768 3424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37B83000
02:02:08.0784 3424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x37B8383F, BlocksNum 0x2801402
02:02:08.0784 3424 \Device\Harddisk5\DR6:
02:02:08.0784 3424 MBR partitions:
02:02:08.0784 3424 \Device\Harddisk5\DR6\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E96DF
02:02:08.0784 3424 ============================================================
02:02:08.0831 3424 C: <-> \Device\Harddisk0\DR0\Partition1
02:02:08.0831 3424 D: <-> \Device\Harddisk0\DR0\Partition2
02:02:08.0831 3424 ============================================================
02:02:08.0831 3424 Initialize success
02:02:08.0831 3424 ============================================================
02:02:33.0151 2716 ============================================================
02:02:33.0151 2716 Scan started
02:02:33.0151 2716 Mode: Manual; SigCheck; TDLFS;
02:02:33.0151 2716 ============================================================
02:02:33.0728 2716 ================ Scan system memory ========================
02:02:33.0728 2716 System memory - ok
02:02:33.0728 2716 ================ Scan services =============================
02:02:33.0931 2716 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
02:02:34.0103 2716 ACPI - ok
02:02:34.0196 2716 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:02:34.0243 2716 AdobeARMservice - ok
02:02:34.0274 2716 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
02:02:34.0321 2716 adp94xx - ok
02:02:34.0352 2716 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
02:02:34.0399 2716 adpahci - ok
02:02:34.0415 2716 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
02:02:34.0461 2716 adpu160m - ok
02:02:34.0477 2716 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
02:02:34.0524 2716 adpu320 - ok
02:02:34.0555 2716 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:02:34.0602 2716 AeLookupSvc - ok
02:02:34.0649 2716 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
02:02:34.0711 2716 AFD - ok
02:02:34.0742 2716 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
02:02:34.0789 2716 agp440 - ok
02:02:34.0805 2716 [ 8DC09F3B54DDCAEB52E0DCFA1D55B26A ] ahcix86s C:\Windows\system32\DRIVERS\ahcix86s.sys
02:02:34.0851 2716 ahcix86s - ok
02:02:34.0883 2716 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
02:02:34.0929 2716 aic78xx - ok
02:02:34.0945 2716 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
02:02:35.0070 2716 ALG - ok
02:02:35.0101 2716 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
02:02:35.0148 2716 aliide - ok
02:02:35.0195 2716 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
02:02:35.0241 2716 amdagp - ok
02:02:35.0273 2716 [ F12456AD77B1C32D8C5CA51927872850 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
02:02:35.0304 2716 amdide - ok
02:02:35.0335 2716 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
02:02:35.0397 2716 AmdK7 - ok
02:02:35.0413 2716 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
02:02:35.0475 2716 AmdK8 - ok
02:02:35.0507 2716 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
02:02:35.0569 2716 Appinfo - ok
02:02:35.0600 2716 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
02:02:35.0631 2716 arc - ok
02:02:35.0647 2716 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
02:02:35.0678 2716 arcsas - ok
02:02:35.0803 2716 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:02:35.0850 2716 aspnet_state - ok
02:02:35.0865 2716 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:02:35.0912 2716 AsyncMac - ok
02:02:35.0928 2716 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
02:02:35.0959 2716 atapi - ok
02:02:35.0990 2716 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
02:02:36.0037 2716 AtiPcie - ok
02:02:36.0084 2716 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:02:36.0146 2716 AudioEndpointBuilder - ok
02:02:36.0146 2716 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
02:02:36.0177 2716 Audiosrv - ok
02:02:36.0287 2716 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
02:02:36.0349 2716 BBSvc - ok
02:02:36.0365 2716 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
02:02:36.0443 2716 BBUpdate - ok
02:02:36.0489 2716 [ 49EA1829AD8FE3BC7E56B81EC4922BE5 ] BdFileSpy C:\Windows\system32\drivers\BdFileSpy.sys
02:02:36.0521 2716 BdFileSpy - ok
02:02:36.0552 2716 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
02:02:36.0614 2716 Beep - ok
02:02:36.0645 2716 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
02:02:36.0723 2716 BFE - ok
02:02:36.0801 2716 [ A657A7530574B823DC680101ED69B04F ] BGLiveSvc C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
02:02:36.0957 2716 BGLiveSvc ( UnsignedFile.Multi.Generic ) - warning
02:02:36.0957 2716 BGLiveSvc - detected UnsignedFile.Multi.Generic (1)
02:02:36.0989 2716 [ 99473441BDB18EC05B3A0704857ED107 ] BgMainSvc C:\Program Files\BullGuard Software\BullGuard\BsMain.dll
02:02:37.0035 2716 BgMainSvc - ok
02:02:37.0082 2716 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
02:02:37.0191 2716 BITS - ok
02:02:37.0207 2716 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
02:02:37.0269 2716 blbdrive - ok
02:02:37.0285 2716 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:02:37.0332 2716 bowser - ok
02:02:37.0347 2716 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
02:02:37.0379 2716 BrFiltLo - ok
02:02:37.0394 2716 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
02:02:37.0441 2716 BrFiltUp - ok
02:02:37.0457 2716 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
02:02:37.0503 2716 Browser - ok
02:02:37.0519 2716 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
02:02:37.0675 2716 Brserid - ok
02:02:37.0691 2716 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
02:02:37.0753 2716 BrSerWdm - ok
02:02:37.0800 2716 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
02:02:37.0862 2716 BrUsbMdm - ok
02:02:37.0878 2716 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
02:02:37.0940 2716 BrUsbSer - ok
02:02:37.0971 2716 [ 14097ADFB42C1C2A1C1BF04EE165125B ] BsFileScan C:\Program Files\BullGuard Software\BullGuard\BsFileScan.dll
02:02:37.0987 2716 BsFileScan - ok
02:02:38.0018 2716 [ 951BA32E312C68EC8FD725EEE7DB5D60 ] BsMailProxy C:\Program Files\BullGuard Software\BullGuard\BsMailProxy.dll
02:02:38.0049 2716 BsMailProxy - ok
02:02:38.0065 2716 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
02:02:38.0127 2716 BTHMODEM - ok
02:02:38.0268 2716 catchme - ok
02:02:38.0283 2716 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:02:38.0361 2716 cdfs - ok
02:02:38.0408 2716 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
02:02:38.0455 2716 cdrom - ok
02:02:38.0486 2716 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
02:02:38.0549 2716 CertPropSvc - ok
02:02:38.0564 2716 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
02:02:38.0642 2716 circlass - ok
02:02:38.0673 2716 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
02:02:38.0720 2716 CLFS - ok
02:02:38.0767 2716 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:02:38.0814 2716 clr_optimization_v2.0.50727_32 - ok
02:02:38.0876 2716 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:02:38.0939 2716 clr_optimization_v4.0.30319_32 - ok
02:02:38.0954 2716 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
02:02:38.0985 2716 cmdide - ok
02:02:39.0017 2716 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
02:02:39.0157 2716 Compbatt - ok
02:02:39.0235 2716 COMSysApp - ok
02:02:39.0297 2716 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
02:02:39.0329 2716 crcdisk - ok
02:02:39.0360 2716 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
02:02:39.0422 2716 Crusoe - ok
02:02:39.0469 2716 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:02:39.0516 2716 CryptSvc - ok
02:02:39.0578 2716 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
02:02:39.0625 2716 DcomLaunch - ok
02:02:39.0672 2716 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:02:39.0734 2716 DfsC - ok
02:02:39.0812 2716 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
02:02:40.0031 2716 DFSR - ok
02:02:40.0077 2716 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
02:02:40.0140 2716 Dhcp - ok
02:02:40.0155 2716 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
02:02:40.0202 2716 disk - ok
02:02:40.0249 2716 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:02:40.0296 2716 Dnscache - ok
02:02:40.0343 2716 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
02:02:40.0405 2716 dot3svc - ok
02:02:40.0483 2716 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
02:02:40.0561 2716 DPS - ok
02:02:40.0577 2716 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:02:40.0639 2716 drmkaud - ok
02:02:40.0717 2716 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:02:40.0748 2716 DXGKrnl - ok
02:02:40.0779 2716 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
02:02:40.0826 2716 E1G60 - ok
02:02:40.0873 2716 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
02:02:40.0920 2716 EapHost - ok
02:02:40.0982 2716 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
02:02:41.0029 2716 Ecache - ok
02:02:41.0091 2716 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:02:41.0169 2716 ehRecvr - ok
02:02:41.0201 2716 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
02:02:41.0263 2716 ehSched - ok
02:02:41.0294 2716 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
02:02:41.0341 2716 ehstart - ok
02:02:41.0357 2716 elcapi20 - ok
02:02:41.0388 2716 [ B687F79CB390E103AF36DCBB5C417044 ] ElgTaDrv C:\Windows\system32\Drivers\ElgTaDrv.sys
02:02:41.0435 2716 ElgTaDrv ( UnsignedFile.Multi.Generic ) - warning
02:02:41.0435 2716 ElgTaDrv - detected UnsignedFile.Multi.Generic (1)
02:02:41.0466 2716 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
02:02:41.0544 2716 elxstor - ok
02:02:41.0591 2716 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
02:02:41.0669 2716 EMDMgmt - ok
02:02:41.0700 2716 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
02:02:41.0762 2716 ErrDev - ok
02:02:41.0809 2716 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
02:02:41.0871 2716 EventSystem - ok
02:02:41.0918 2716 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
02:02:41.0981 2716 exfat - ok
02:02:42.0012 2716 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:02:42.0074 2716 fastfat - ok
02:02:42.0105 2716 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:02:42.0168 2716 fdc - ok
02:02:42.0183 2716 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
02:02:42.0215 2716 fdPHost - ok
02:02:42.0246 2716 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
02:02:42.0308 2716 FDResPub - ok
02:02:42.0324 2716 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:02:42.0355 2716 FileInfo - ok
02:02:42.0371 2716 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:02:42.0449 2716 Filetrace - ok
02:02:42.0464 2716 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:02:42.0511 2716 flpydisk - ok
02:02:42.0542 2716 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:02:42.0573 2716 FltMgr - ok
02:02:42.0651 2716 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
02:02:42.0792 2716 FontCache - ok
02:02:42.0854 2716 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:02:42.0885 2716 FontCache3.0.0.0 - ok
02:02:42.0948 2716 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:02:42.0995 2716 Fs_Rec - ok
02:02:43.0010 2716 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
02:02:43.0057 2716 gagp30kx - ok
02:02:43.0119 2716 [ 51B2D8629E1A0F463682F365D56325CB ] GnabService c:\program files\common files\gnab\service\servicecontroller.exe
02:02:43.0151 2716 GnabService ( UnsignedFile.Multi.Generic ) - warning
02:02:43.0151 2716 GnabService - detected UnsignedFile.Multi.Generic (1)
02:02:43.0197 2716 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
02:02:43.0260 2716 gpsvc - ok
02:02:43.0338 2716 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
02:02:43.0400 2716 gupdate - ok
02:02:43.0416 2716 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
02:02:43.0416 2716 gupdatem - ok
02:02:43.0494 2716 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
02:02:43.0556 2716 gusvc - ok
02:02:43.0587 2716 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:02:43.0697 2716 HdAudAddService - ok
02:02:43.0743 2716 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
02:02:43.0775 2716 HDAudBus - ok
02:02:43.0790 2716 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
02:02:43.0868 2716 HidBth - ok
02:02:43.0899 2716 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
02:02:43.0962 2716 HidIr - ok
02:02:43.0993 2716 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
02:02:44.0040 2716 hidserv - ok
02:02:44.0071 2716 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
02:02:44.0102 2716 HidUsb - ok
02:02:44.0133 2716 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:02:44.0211 2716 hkmsvc - ok
02:02:44.0243 2716 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
02:02:44.0274 2716 HpCISSs - ok
02:02:44.0305 2716 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:02:44.0586 2716 HTTP - ok
02:02:44.0617 2716 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
02:02:44.0648 2716 i2omp - ok
02:02:44.0695 2716 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
02:02:44.0742 2716 i8042prt - ok
02:02:44.0757 2716 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
02:02:44.0835 2716 iaStorV - ok
02:02:44.0929 2716 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:02:45.0085 2716 idsvc - ok
02:02:45.0116 2716 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
02:02:45.0147 2716 iirsp - ok
02:02:45.0194 2716 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
02:02:45.0288 2716 IKEEXT - ok
02:02:45.0397 2716 [ 4C01298060CF930D26A75A86B874B6AE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
02:02:45.0569 2716 IntcAzAudAddService - ok
02:02:45.0600 2716 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
02:02:45.0647 2716 intelide - ok
02:02:45.0662 2716 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:02:45.0725 2716 intelppm - ok
02:02:45.0756 2716 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:02:45.0803 2716 IPBusEnum - ok
02:02:45.0834 2716 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:02:45.0881 2716 IpFilterDriver - ok
02:02:45.0927 2716 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:02:46.0005 2716 iphlpsvc - ok
02:02:46.0005 2716 IpInIp - ok
02:02:46.0021 2716 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
02:02:46.0083 2716 IPMIDRV - ok
02:02:46.0115 2716 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
02:02:46.0146 2716 IPNAT - ok
02:02:46.0161 2716 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:02:46.0208 2716 IRENUM - ok
02:02:46.0224 2716 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
02:02:46.0255 2716 isapnp - ok
02:02:46.0302 2716 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
02:02:46.0317 2716 iScsiPrt - ok
02:02:46.0333 2716 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
02:02:46.0364 2716 iteatapi - ok
02:02:46.0380 2716 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
02:02:46.0395 2716 iteraid - ok
02:02:46.0427 2716 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
02:02:46.0458 2716 kbdclass - ok
02:02:46.0473 2716 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
02:02:46.0536 2716 kbdhid - ok
02:02:46.0567 2716 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
02:02:46.0598 2716 KeyIso - ok
02:02:46.0629 2716 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:02:46.0676 2716 KSecDD - ok
02:02:46.0707 2716 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
02:02:46.0770 2716 KtmRm - ok
02:02:46.0801 2716 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
02:02:46.0863 2716 LanmanServer - ok
02:02:46.0910 2716 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:02:46.0988 2716 LanmanWorkstation - ok
02:02:47.0019 2716 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:02:47.0082 2716 lltdio - ok
02:02:47.0129 2716 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:02:47.0191 2716 lltdsvc - ok
02:02:47.0222 2716 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
02:02:47.0316 2716 lmhosts - ok
02:02:47.0331 2716 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
02:02:47.0378 2716 LSI_FC - ok
02:02:47.0378 2716 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
02:02:47.0425 2716 LSI_SAS - ok
02:02:47.0441 2716 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
02:02:47.0472 2716 LSI_SCSI - ok
02:02:47.0503 2716 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
02:02:47.0550 2716 luafv - ok
02:02:47.0643 2716 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
02:02:47.0690 2716 McComponentHostService - ok
02:02:47.0706 2716 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:02:47.0768 2716 Mcx2Svc - ok
02:02:47.0784 2716 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
02:02:47.0815 2716 megasas - ok
02:02:47.0831 2716 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
02:02:47.0893 2716 MegaSR - ok
02:02:47.0924 2716 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
02:02:47.0987 2716 MMCSS - ok
02:02:48.0018 2716 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
02:02:48.0065 2716 Modem - ok
02:02:48.0080 2716 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:02:48.0143 2716 monitor - ok
02:02:48.0158 2716 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
02:02:48.0189 2716 mouclass - ok
02:02:48.0221 2716 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:02:48.0252 2716 mouhid - ok
02:02:48.0267 2716 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
02:02:48.0299 2716 MountMgr - ok
02:02:48.0314 2716 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
02:02:48.0361 2716 mpio - ok
02:02:48.0392 2716 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:02:48.0423 2716 mpsdrv - ok
02:02:48.0470 2716 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
02:02:48.0548 2716 MpsSvc - ok
02:02:48.0579 2716 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
02:02:48.0611 2716 Mraid35x - ok
02:02:48.0657 2716 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:02:48.0704 2716 MRxDAV - ok
02:02:48.0735 2716 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:02:48.0798 2716 mrxsmb - ok
02:02:48.0813 2716 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:02:48.0891 2716 mrxsmb10 - ok
02:02:48.0923 2716 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:02:48.0969 2716 mrxsmb20 - ok
02:02:48.0985 2716 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
02:02:49.0032 2716 msahci - ok
02:02:49.0047 2716 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
02:02:49.0094 2716 msdsm - ok
02:02:49.0125 2716 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
02:02:49.0188 2716 MSDTC - ok
02:02:49.0219 2716 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:02:49.0281 2716 Msfs - ok
02:02:49.0313 2716 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
02:02:49.0344 2716 msisadrv - ok
02:02:49.0375 2716 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:02:49.0453 2716 MSiSCSI - ok
02:02:49.0453 2716 msiserver - ok
02:02:49.0484 2716 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:02:49.0562 2716 MSKSSRV - ok
02:02:49.0640 2716 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:02:49.0703 2716 MSPCLOCK - ok
02:02:49.0734 2716 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:02:49.0781 2716 MSPQM - ok
02:02:49.0812 2716 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:02:49.0890 2716 MsRPC - ok
02:02:49.0905 2716 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
02:02:49.0952 2716 mssmbios - ok
02:02:49.0983 2716 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:02:50.0046 2716 MSTEE - ok
02:02:50.0061 2716 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
02:02:50.0108 2716 Mup - ok
02:02:50.0139 2716 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
02:02:50.0217 2716 napagent - ok
02:02:50.0264 2716 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:02:50.0311 2716 NativeWifiP - ok
02:02:50.0342 2716 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:02:50.0420 2716 NDIS - ok
02:02:50.0436 2716 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:02:50.0483 2716 NdisTapi - ok
02:02:50.0514 2716 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:02:50.0576 2716 Ndisuio - ok
02:02:50.0623 2716 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:02:50.0685 2716 NdisWan - ok
02:02:50.0701 2716 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:02:50.0732 2716 NDProxy - ok
02:02:50.0841 2716 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
02:02:50.0966 2716 Nero BackItUp Scheduler 3 - ok
02:02:50.0982 2716 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:02:51.0044 2716 NetBIOS - ok
02:02:51.0091 2716 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
02:02:51.0153 2716 netbt - ok
02:02:51.0169 2716 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
02:02:51.0185 2716 Netlogon - ok
02:02:51.0216 2716 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
02:02:51.0294 2716 Netman - ok
02:02:51.0325 2716 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
02:02:51.0372 2716 netprofm - ok
02:02:51.0419 2716 [ DF938648626332E830A9BD153110AA75 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
02:02:51.0481 2716 netr28u - ok
02:02:51.0528 2716 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:02:51.0575 2716 NetTcpPortSharing - ok
02:02:51.0590 2716 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
02:02:51.0637 2716 nfrd960 - ok
02:02:51.0653 2716 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
02:02:51.0731 2716 NlaSvc - ok
02:02:51.0793 2716 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
02:02:51.0871 2716 NMIndexingService - ok
02:02:51.0918 2716 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:02:51.0965 2716 Npfs - ok
02:02:51.0996 2716 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
02:02:52.0043 2716 nsi - ok
02:02:52.0074 2716 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:02:52.0136 2716 nsiproxy - ok
02:02:52.0199 2716 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:02:52.0386 2716 Ntfs - ok
02:02:52.0417 2716 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
02:02:52.0511 2716 ntrigdigi - ok
02:02:52.0526 2716 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
02:02:52.0573 2716 Null - ok
02:02:52.0760 2716 [ 0A19680CA54D262534F8A2F4CF79E271 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:02:53.0150 2716 nvlddmkm - ok
02:02:53.0181 2716 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:02:53.0244 2716 nvraid - ok
02:02:53.0259 2716 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:02:53.0306 2716 nvstor - ok
02:02:53.0337 2716 [ 342FCBF0B293DBEC54B055418DF1EE7E ] nvsvc C:\Windows\system32\nvvsvc.exe
02:02:53.0337 2716 nvsvc - ok
02:02:53.0369 2716 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
02:02:53.0400 2716 nv_agp - ok
02:02:53.0415 2716 NwlnkFlt - ok
02:02:53.0431 2716 NwlnkFwd - ok
02:02:53.0493 2716 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:02:53.0587 2716 odserv - ok
02:02:53.0634 2716 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
02:02:53.0681 2716 ohci1394 - ok
02:02:53.0727 2716 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:02:53.0790 2716 ose - ok
02:02:53.0852 2716 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
02:02:53.0915 2716 p2pimsvc - ok
02:02:53.0930 2716 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
02:02:53.0961 2716 p2psvc - ok
02:02:53.0993 2716 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
02:02:54.0055 2716 Parport - ok
02:02:54.0071 2716 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:02:54.0102 2716 partmgr - ok
02:02:54.0117 2716 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
02:02:54.0164 2716 Parvdm - ok
02:02:54.0195 2716 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
02:02:54.0242 2716 PcaSvc - ok
02:02:54.0273 2716 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
02:02:54.0320 2716 pci - ok
02:02:54.0336 2716 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
02:02:54.0383 2716 pciide - ok
02:02:54.0398 2716 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
02:02:54.0461 2716 pcmcia - ok
02:02:54.0492 2716 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:02:54.0663 2716 PEAUTH - ok
02:02:54.0913 2716 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
02:02:55.0038 2716 pla - ok
02:02:55.0069 2716 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
02:02:55.0085 2716 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
02:02:55.0085 2716 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
02:02:55.0147 2716 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:02:55.0194 2716 PlugPlay - ok
02:02:55.0225 2716 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
02:02:55.0256 2716 PNRPAutoReg - ok
02:02:55.0287 2716 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
02:02:55.0303 2716 PNRPsvc - ok
02:02:55.0350 2716 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:02:55.0428 2716 PolicyAgent - ok
02:02:55.0443 2716 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:02:55.0490 2716 PptpMiniport - ok
02:02:55.0521 2716 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:02:55.0584 2716 Processor - ok
02:02:55.0615 2716 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
02:02:55.0693 2716 ProfSvc - ok
02:02:55.0709 2716 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
02:02:55.0724 2716 ProtectedStorage - ok
02:02:55.0755 2716 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
02:02:55.0787 2716 PSched - ok
02:02:55.0833 2716 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
02:02:55.0958 2716 ql2300 - ok
02:02:55.0974 2716 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
02:02:56.0036 2716 ql40xx - ok
02:02:56.0067 2716 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
02:02:56.0099 2716 QWAVE - ok
02:02:56.0130 2716 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:02:56.0177 2716 QWAVEdrv - ok
02:02:56.0177 2716 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:02:56.0223 2716 RasAcd - ok
02:02:56.0239 2716 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
02:02:56.0270 2716 RasAuto - ok
02:02:56.0286 2716 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:02:56.0333 2716 Rasl2tp - ok
02:02:56.0364 2716 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
02:02:56.0411 2716 RasMan - ok
02:02:56.0426 2716 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:02:56.0473 2716 RasPppoe - ok
02:02:56.0489 2716 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:02:56.0504 2716 RasSstp - ok
02:02:56.0535 2716 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:02:56.0598 2716 rdbss - ok
02:02:56.0613 2716 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:02:56.0645 2716 RDPCDD - ok
02:02:56.0676 2716 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
02:02:56.0738 2716 rdpdr - ok
02:02:56.0754 2716 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:02:56.0801 2716 RDPENCDD - ok
02:02:56.0847 2716 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:02:56.0910 2716 RDPWD - ok
02:02:56.0941 2716 [ 7528B6F193D76A7183271E44F04A7905 ] Reconn C:\Program Files\BullGuard Software\BullGuard\reconn.sys
02:02:56.0988 2716 Reconn - ok
02:02:57.0019 2716 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
02:02:57.0081 2716 RemoteAccess - ok
02:02:57.0113 2716 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:02:57.0175 2716 RemoteRegistry - ok
02:02:57.0237 2716 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
02:02:57.0300 2716 RichVideo - ok
02:02:57.0315 2716 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
02:02:57.0362 2716 RpcLocator - ok
02:02:57.0393 2716 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
02:02:57.0471 2716 RpcSs - ok
02:02:57.0503 2716 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:02:57.0581 2716 rspndr - ok
02:02:57.0596 2716 [ ABBE0F54BA3A378262C9CB86CF7D91F8 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
02:02:57.0705 2716 RTL8169 - ok
02:02:57.0721 2716 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
02:02:57.0752 2716 SamSs - ok
02:02:57.0768 2716 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
02:02:57.0815 2716 sbp2port - ok
02:02:57.0846 2716 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:02:57.0893 2716 SCardSvr - ok
02:02:57.0939 2716 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
02:02:58.0002 2716 Schedule - ok
02:02:58.0033 2716 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
02:02:58.0064 2716 SCPolicySvc - ok
02:02:58.0080 2716 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:02:58.0158 2716 SDRSVC - ok
02:02:58.0158 2716 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:02:58.0251 2716 secdrv - ok
02:02:58.0283 2716 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
02:02:58.0361 2716 seclogon - ok
02:02:58.0376 2716 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
02:02:58.0439 2716 SENS - ok
02:02:58.0454 2716 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:02:58.0501 2716 Serenum - ok
02:02:58.0532 2716 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:02:58.0563 2716 Serial - ok
02:02:58.0579 2716 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
02:02:58.0626 2716 sermouse - ok
02:02:58.0657 2716 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
02:02:58.0688 2716 SessionEnv - ok
02:02:58.0719 2716 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
02:02:58.0766 2716 sffdisk - ok
02:02:58.0766 2716 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
02:02:58.0813 2716 sffp_mmc - ok
02:02:58.0829 2716 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
02:02:58.0875 2716 sffp_sd - ok
02:02:58.0907 2716 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
02:02:58.0953 2716 sfloppy - ok
02:02:58.0985 2716 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:02:59.0063 2716 SharedAccess - ok
02:02:59.0094 2716 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:02:59.0141 2716 ShellHWDetection - ok
02:02:59.0172 2716 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
02:02:59.0203 2716 sisagp - ok
02:02:59.0219 2716 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
02:02:59.0250 2716 SiSRaid2 - ok
02:02:59.0265 2716 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
02:02:59.0297 2716 SiSRaid4 - ok
02:02:59.0484 2716 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
02:02:59.0999 2716 slsvc - ok
02:03:00.0061 2716 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
02:03:00.0123 2716 SLUINotify - ok
02:03:00.0170 2716 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:03:00.0233 2716 Smb - ok
02:03:00.0264 2716 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:03:00.0295 2716 SNMPTRAP - ok
02:03:00.0326 2716 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
02:03:00.0389 2716 spldr - ok
02:03:00.0420 2716 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
02:03:00.0482 2716 Spooler - ok
02:03:00.0545 2716 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
02:03:00.0654 2716 srv - ok
02:03:00.0685 2716 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:03:00.0747 2716 srv2 - ok
02:03:00.0857 2716 [ 71DB619F4068D7C70D447D73617CDFAC ] srvcPVR C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
02:03:01.0137 2716 srvcPVR ( UnsignedFile.Multi.Generic ) - warning
02:03:01.0137 2716 srvcPVR - detected UnsignedFile.Multi.Generic (1)
02:03:01.0184 2716 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:03:01.0231 2716 srvnet - ok
02:03:01.0247 2716 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:03:01.0293 2716 SSDPSRV - ok
02:03:01.0309 2716 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:03:01.0356 2716 SstpSvc - ok
02:03:01.0387 2716 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
02:03:01.0449 2716 stisvc - ok
02:03:01.0481 2716 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
02:03:01.0512 2716 swenum - ok
02:03:01.0559 2716 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
02:03:01.0605 2716 swprv - ok
02:03:01.0621 2716 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
02:03:01.0652 2716 Symc8xx - ok
02:03:01.0668 2716 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
02:03:01.0699 2716 Sym_hi - ok
02:03:01.0730 2716 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
02:03:01.0761 2716 Sym_u3 - ok
02:03:01.0808 2716 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
02:03:01.0886 2716 SysMain - ok
02:03:01.0902 2716 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:03:01.0949 2716 TabletInputService - ok
02:03:01.0995 2716 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
02:03:02.0058 2716 TapiSrv - ok
02:03:02.0073 2716 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
02:03:02.0136 2716 TBS - ok
02:03:02.0198 2716 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:03:02.0292 2716 Tcpip - ok
02:03:02.0307 2716 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
02:03:02.0339 2716 Tcpip6 - ok
02:03:02.0370 2716 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:03:02.0417 2716 tcpipreg - ok
02:03:02.0432 2716 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:03:02.0479 2716 TDPIPE - ok
02:03:02.0510 2716 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:03:02.0557 2716 TDTCP - ok
02:03:02.0588 2716 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:03:02.0635 2716 tdx - ok
02:03:02.0651 2716 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
02:03:02.0682 2716 TermDD - ok
02:03:02.0713 2716 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
02:03:02.0791 2716 TermService - ok
02:03:02.0807 2716 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
02:03:02.0838 2716 Themes - ok
02:03:02.0853 2716 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
02:03:02.0900 2716 THREADORDER - ok
02:03:02.0916 2716 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
02:03:02.0978 2716 TrkWks - ok
02:03:03.0009 2716 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:03:03.0041 2716 TrustedInstaller - ok
02:03:03.0072 2716 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:03:03.0119 2716 tssecsrv - ok
02:03:03.0150 2716 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
02:03:03.0181 2716 tunmp - ok
02:03:03.0212 2716 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:03:03.0243 2716 tunnel - ok
02:03:03.0243 2716 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
02:03:03.0275 2716 uagp35 - ok
02:03:03.0321 2716 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:03:03.0384 2716 udfs - ok
02:03:03.0415 2716 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:03:03.0477 2716 UI0Detect - ok
02:03:03.0493 2716 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
02:03:03.0540 2716 uliagpkx - ok
02:03:03.0555 2716 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
02:03:03.0602 2716 uliahci - ok
02:03:03.0618 2716 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
02:03:03.0665 2716 UlSata - ok
02:03:03.0680 2716 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
02:03:03.0711 2716 ulsata2 - ok
02:03:03.0727 2716 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
02:03:03.0789 2716 umbus - ok
02:03:03.0805 2716 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
02:03:03.0852 2716 upnphost - ok
02:03:03.0899 2716 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:03:03.0930 2716 usbccgp - ok
02:03:03.0945 2716 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
02:03:04.0023 2716 usbcir - ok
02:03:04.0055 2716 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
02:03:04.0117 2716 usbehci - ok
02:03:04.0133 2716 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:03:04.0179 2716 usbhub - ok
02:03:04.0211 2716 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
02:03:04.0257 2716 usbohci - ok
02:03:04.0273 2716 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:03:04.0320 2716 usbprint - ok
02:03:04.0335 2716 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
02:03:04.0382 2716 usbscan - ok
02:03:04.0398 2716 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:03:04.0429 2716 USBSTOR - ok
02:03:04.0445 2716 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
02:03:04.0491 2716 usbuhci - ok
02:03:04.0523 2716 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
02:03:04.0554 2716 UxSms - ok
02:03:04.0585 2716 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
02:03:04.0647 2716 vds - ok
02:03:04.0663 2716 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:03:04.0725 2716 vga - ok
02:03:04.0741 2716 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
02:03:04.0819 2716 VgaSave - ok
02:03:04.0835 2716 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
02:03:04.0881 2716 viaagp - ok
02:03:04.0897 2716 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
02:03:04.0959 2716 ViaC7 - ok
02:03:04.0975 2716 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
02:03:05.0006 2716 viaide - ok
02:03:05.0006 2716 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
02:03:05.0037 2716 volmgr - ok
02:03:05.0069 2716 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:03:05.0162 2716 volmgrx - ok
02:03:05.0193 2716 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
02:03:05.0209 2716 volsnap - ok
02:03:05.0225 2716 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
02:03:05.0271 2716 vsmraid - ok
02:03:05.0318 2716 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
02:03:05.0459 2716 VSS - ok
02:03:05.0474 2716 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
02:03:05.0552 2716 W32Time - ok
02:03:05.0568 2716 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
02:03:05.0630 2716 WacomPen - ok
02:03:05.0646 2716 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
02:03:05.0677 2716 Wanarp - ok
02:03:05.0693 2716 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:03:05.0708 2716 Wanarpv6 - ok
02:03:05.0755 2716 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:03:05.0833 2716 wcncsvc - ok
02:03:05.0864 2716 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:03:05.0927 2716 WcsPlugInService - ok
02:03:05.0927 2716 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
02:03:05.0973 2716 Wd - ok
02:03:06.0036 2716 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:03:06.0083 2716 Wdf01000 - ok
02:03:06.0098 2716 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:03:06.0161 2716 WdiServiceHost - ok
02:03:06.0161 2716 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:03:06.0192 2716 WdiSystemHost - ok
02:03:06.0239 2716 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
02:03:06.0285 2716 WebClient - ok
02:03:06.0317 2716 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:03:06.0363 2716 Wecsvc - ok
02:03:06.0395 2716 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:03:06.0441 2716 wercplsupport - ok
02:03:06.0473 2716 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
02:03:06.0535 2716 WerSvc - ok
02:03:06.0582 2716 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
02:03:06.0644 2716 WinDefend - ok
02:03:06.0660 2716 WinHttpAutoProxySvc - ok
02:03:06.0753 2716 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:03:06.0800 2716 Winmgmt - ok
02:03:06.0863 2716 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
02:03:07.0003 2716 WinRM - ok
02:03:07.0065 2716 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
02:03:07.0175 2716 Wlansvc - ok
02:03:07.0206 2716 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
02:03:07.0268 2716 WmiAcpi - ok
02:03:07.0284 2716 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:03:07.0362 2716 wmiApSrv - ok
02:03:07.0409 2716 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
02:03:07.0565 2716 WMPNetworkSvc - ok
02:03:07.0596 2716 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:03:07.0658 2716 WPCSvc - ok
02:03:07.0689 2716 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:03:07.0721 2716 WPDBusEnum - ok
02:03:07.0799 2716 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:03:07.0970 2716 WPFFontCache_v0400 - ok
02:03:07.0986 2716 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:03:08.0048 2716 ws2ifsl - ok
02:03:08.0079 2716 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
02:03:08.0095 2716 wscsvc - ok
02:03:08.0111 2716 WSearch - ok
02:03:08.0189 2716 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
02:03:08.0282 2716 wuauserv - ok
02:03:08.0313 2716 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
02:03:08.0360 2716 WudfPf - ok
02:03:08.0391 2716 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
02:03:08.0454 2716 WUDFRd - ok
02:03:08.0485 2716 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
02:03:08.0547 2716 wudfsvc - ok
02:03:08.0610 2716 [ 5867CE254625645345C833510D24F124 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\HomeCinema\PlayMovie\000.fcl
02:03:08.0625 2716 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
02:03:08.0657 2716 [ 5867CE254625645345C833510D24F124 ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files\HomeCinema\PowerDVD\000.fcl
02:03:08.0672 2716 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
02:03:08.0672 2716 ================ Scan global ===============================
02:03:08.0688 2716 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
02:03:08.0750 2716 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
02:03:08.0797 2716 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
02:03:08.0844 2716 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
02:03:08.0891 2716 [Global] - ok
02:03:08.0891 2716 ================ Scan MBR ==================================
02:03:08.0906 2716 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
02:03:09.0593 2716 \Device\Harddisk0\DR0 - ok
02:03:09.0608 2716 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk5\DR6
02:03:12.0681 2716 \Device\Harddisk5\DR6 - ok
02:03:12.0681 2716 ================ Scan VBR ==================================
02:03:12.0697 2716 [ E1FFAC0ED44E81D1648E4BBEE67E039C ] \Device\Harddisk0\DR0\Partition1
02:03:12.0713 2716 \Device\Harddisk0\DR0\Partition1 - ok
02:03:12.0728 2716 [ 314C26040FBA5E36A543A7F96EE50FC8 ] \Device\Harddisk0\DR0\Partition2
02:03:12.0728 2716 \Device\Harddisk0\DR0\Partition2 - ok
02:03:12.0744 2716 [ 835A21A48AC124522F60FFE932CD7044 ] \Device\Harddisk5\DR6\Partition1
02:03:12.0744 2716 \Device\Harddisk5\DR6\Partition1 - ok
02:03:12.0744 2716 ============================================================
02:03:12.0744 2716 Scan finished
02:03:12.0744 2716 ============================================================
02:03:12.0759 0460 Detected object count: 5
02:03:12.0759 0460 Actual detected object count: 5
02:04:04.0411 0460 BGLiveSvc ( UnsignedFile.Multi.Generic ) - skipped by user
02:04:04.0411 0460 BGLiveSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:04:04.0411 0460 ElgTaDrv ( UnsignedFile.Multi.Generic ) - skipped by user
02:04:04.0411 0460 ElgTaDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:04:04.0411 0460 GnabService ( UnsignedFile.Multi.Generic ) - skipped by user
02:04:04.0411 0460 GnabService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:04:04.0411 0460 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:04:04.0411 0460 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:04:04.0427 0460 srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
02:04:04.0427 0460 srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:04:10.0823 1136 Deinitialize success
|
|
27.05.2013, 23:12
| #14 |
| /// Malware-holic | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? Hi, wird dieses Gerät für onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem genutzt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.05.2013, 23:23
| #15 | |
| | GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...?Zitat:
|
|
| Themen zu GVU-Trojaner auf Vista32-Rechner meines Vaters - und wer muss es richten...? |
| erbarmt, falsches, gvu-trojaner, kaffee, kostet, leiste, profis, schonmal, vista, überhaupt, zwischen, öfter |
Hybrid-Darstellung
