| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Downloader in Registry KeyWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.06.2012, 18:18
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojan.Downloader in Registry Key Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.06.2012, 13:13
| #17 |
 | Trojan.Downloader in Registry Key ich hoffe mal, dass es das richtige log ist
__________________Code:
ATTFilter 14:09:32.0888 5432 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
14:09:33.0060 5432 ============================================================
14:09:33.0060 5432 Current date / time: 2012/06/25 14:09:33.0060
14:09:33.0060 5432 SystemInfo:
14:09:33.0060 5432
14:09:33.0060 5432 OS Version: 6.0.6002 ServicePack: 2.0
14:09:33.0060 5432 Product type: Workstation
14:09:33.0060 5432 ComputerName: TUAN-PC
14:09:33.0060 5432 UserName: Tuan
14:09:33.0060 5432 Windows directory: C:\Windows
14:09:33.0060 5432 System windows directory: C:\Windows
14:09:33.0060 5432 Processor architecture: Intel x86
14:09:33.0060 5432 Number of processors: 4
14:09:33.0060 5432 Page size: 0x1000
14:09:33.0060 5432 Boot type: Normal boot
14:09:33.0060 5432 ============================================================
14:09:33.0637 5432 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:09:33.0637 5432 ============================================================
14:09:33.0637 5432 \Device\Harddisk0\DR0:
14:09:33.0637 5432 MBR partitions:
14:09:33.0637 5432 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48E08A0D
14:09:33.0637 5432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x48E08A4C, BlocksNum 0x1A4E475
14:09:33.0637 5432 ============================================================
14:09:33.0653 5432 C: <-> \Device\Harddisk0\DR0\Partition0
14:09:33.0715 5432 D: <-> \Device\Harddisk0\DR0\Partition1
14:09:33.0715 5432 ============================================================
14:09:33.0715 5432 Initialize success
14:09:33.0715 5432 ============================================================
14:10:33.0092 5220 ============================================================
14:10:33.0092 5220 Scan started
14:10:33.0092 5220 Mode: Manual; SigCheck; TDLFS;
14:10:33.0092 5220 ============================================================
14:10:33.0560 5220 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:10:33.0731 5220 ACPI - ok
14:10:33.0950 5220 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:10:33.0965 5220 AdobeARMservice - ok
14:10:34.0012 5220 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:10:34.0028 5220 AdobeFlashPlayerUpdateSvc - ok
14:10:34.0090 5220 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:10:34.0168 5220 adp94xx - ok
14:10:34.0386 5220 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:10:34.0449 5220 adpahci - ok
14:10:34.0948 5220 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:10:34.0964 5220 adpu160m - ok
14:10:34.0995 5220 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:10:35.0026 5220 adpu320 - ok
14:10:35.0057 5220 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:10:35.0198 5220 AeLookupSvc - ok
14:10:35.0603 5220 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:10:35.0712 5220 AFD - ok
14:10:35.0759 5220 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:10:35.0790 5220 agp440 - ok
14:10:35.0837 5220 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:10:35.0853 5220 aic78xx - ok
14:10:35.0993 5220 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:10:36.0102 5220 ALG - ok
14:10:36.0149 5220 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:10:36.0180 5220 aliide - ok
14:10:36.0898 5220 AMD External Events Utility (50ebbb86e493bd9ab7ddf914a90eef8e) C:\Windows\system32\atiesrxx.exe
14:10:37.0007 5220 AMD External Events Utility - ok
14:10:37.0272 5220 AMD FUEL Service - ok
14:10:37.0335 5220 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:10:37.0350 5220 amdagp - ok
14:10:37.0366 5220 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:10:37.0397 5220 amdide - ok
14:10:37.0428 5220 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
14:10:37.0460 5220 amdiox86 - ok
14:10:37.0631 5220 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:10:37.0725 5220 AmdK7 - ok
14:10:37.0740 5220 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:10:37.0787 5220 AmdK8 - ok
14:10:40.0283 5220 amdkmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
14:10:40.0954 5220 amdkmdag - ok
14:10:41.0110 5220 amdkmdap (ba99833bbde9c4ff389fc8114fb14843) C:\Windows\system32\DRIVERS\atikmpag.sys
14:10:41.0328 5220 amdkmdap - ok
14:10:41.0438 5220 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:10:41.0453 5220 AntiVirSchedulerService - ok
14:10:41.0547 5220 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:10:41.0562 5220 AntiVirService - ok
14:10:41.0625 5220 AODDriver4.01 (40c15ce1b832b78cc2a2f61807058763) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
14:10:41.0640 5220 AODDriver4.01 - ok
14:10:41.0656 5220 AODDriver4.1 (40c15ce1b832b78cc2a2f61807058763) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
14:10:41.0672 5220 AODDriver4.1 - ok
14:10:41.0703 5220 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:10:41.0781 5220 Appinfo - ok
14:10:41.0843 5220 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:10:41.0874 5220 Apple Mobile Device - ok
14:10:41.0937 5220 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:10:41.0952 5220 arc - ok
14:10:41.0999 5220 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:10:42.0030 5220 arcsas - ok
14:10:42.0140 5220 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:10:42.0140 5220 aspnet_state - ok
14:10:42.0171 5220 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:10:42.0218 5220 AsyncMac - ok
14:10:42.0233 5220 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:10:42.0249 5220 atapi - ok
14:10:42.0311 5220 AtiHDAudioService (35290682dbdb9cede934b73369f3cede) C:\Windows\system32\drivers\AtihdLH3.sys
14:10:42.0327 5220 AtiHDAudioService - ok
14:10:43.0169 5220 atikmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
14:10:43.0778 5220 atikmdag - ok
14:10:43.0980 5220 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
14:10:44.0074 5220 atksgt ( UnsignedFile.Multi.Generic ) - warning
14:10:44.0074 5220 atksgt - detected UnsignedFile.Multi.Generic (1)
14:10:44.0121 5220 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:10:44.0183 5220 AudioEndpointBuilder - ok
14:10:44.0183 5220 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:10:44.0230 5220 Audiosrv - ok
14:10:44.0261 5220 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
14:10:44.0277 5220 avgntflt - ok
14:10:44.0292 5220 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
14:10:44.0324 5220 avipbb - ok
14:10:44.0370 5220 AVK Tuner Service - ok
14:10:44.0386 5220 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
14:10:44.0402 5220 avkmgr - ok
14:10:44.0417 5220 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:10:44.0464 5220 Beep - ok
14:10:44.0511 5220 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:10:44.0573 5220 BFE - ok
14:10:44.0667 5220 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
14:10:44.0792 5220 BITS - ok
14:10:44.0854 5220 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:10:44.0901 5220 blbdrive - ok
14:10:44.0979 5220 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:10:45.0010 5220 Bonjour Service - ok
14:10:45.0072 5220 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:10:45.0104 5220 bowser - ok
14:10:45.0135 5220 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:10:45.0182 5220 BrFiltLo - ok
14:10:45.0228 5220 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:10:45.0275 5220 BrFiltUp - ok
14:10:45.0306 5220 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:10:45.0369 5220 Browser - ok
14:10:45.0416 5220 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:10:45.0603 5220 Brserid - ok
14:10:45.0618 5220 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:10:45.0728 5220 BrSerWdm - ok
14:10:45.0743 5220 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:10:45.0806 5220 BrUsbMdm - ok
14:10:45.0806 5220 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:10:45.0852 5220 BrUsbSer - ok
14:10:45.0884 5220 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:10:45.0930 5220 BTHMODEM - ok
14:10:45.0962 5220 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:10:46.0008 5220 cdfs - ok
14:10:46.0040 5220 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:10:46.0055 5220 cdrom - ok
14:10:46.0086 5220 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:10:46.0118 5220 CertPropSvc - ok
14:10:46.0149 5220 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:10:46.0180 5220 circlass - ok
14:10:46.0211 5220 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:10:46.0242 5220 CLFS - ok
14:10:46.0289 5220 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:10:46.0305 5220 clr_optimization_v2.0.50727_32 - ok
14:10:46.0398 5220 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:10:46.0414 5220 clr_optimization_v4.0.30319_32 - ok
14:10:46.0430 5220 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:10:46.0461 5220 cmdide - ok
14:10:46.0476 5220 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
14:10:46.0492 5220 Compbatt - ok
14:10:46.0508 5220 COMSysApp - ok
14:10:46.0508 5220 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:10:46.0539 5220 crcdisk - ok
14:10:46.0554 5220 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:10:46.0601 5220 Crusoe - ok
14:10:46.0664 5220 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
14:10:46.0742 5220 CryptSvc - ok
14:10:46.0788 5220 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:10:46.0820 5220 DcomLaunch - ok
14:10:46.0882 5220 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:10:46.0929 5220 DfsC - ok
14:10:47.0085 5220 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:10:47.0288 5220 DFSR - ok
14:10:47.0490 5220 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:10:47.0537 5220 Dhcp - ok
14:10:47.0568 5220 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:10:47.0600 5220 disk - ok
14:10:47.0662 5220 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:10:47.0724 5220 Dnscache - ok
14:10:47.0756 5220 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:10:47.0802 5220 dot3svc - ok
14:10:47.0834 5220 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
14:10:47.0912 5220 Dot4 - ok
14:10:47.0943 5220 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:10:48.0005 5220 Dot4Print - ok
14:10:48.0036 5220 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
14:10:48.0114 5220 dot4usb - ok
14:10:48.0146 5220 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:10:48.0192 5220 DPS - ok
14:10:48.0224 5220 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:10:48.0270 5220 drmkaud - ok
14:10:48.0333 5220 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:10:48.0395 5220 DXGKrnl - ok
14:10:48.0473 5220 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:10:48.0504 5220 E1G60 - ok
14:10:48.0504 5220 EagleNT - ok
14:10:48.0536 5220 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:10:48.0567 5220 EapHost - ok
14:10:48.0598 5220 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:10:48.0629 5220 Ecache - ok
14:10:48.0676 5220 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:10:48.0707 5220 ehRecvr - ok
14:10:48.0723 5220 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:10:48.0785 5220 ehSched - ok
14:10:48.0801 5220 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:10:48.0832 5220 ehstart - ok
14:10:48.0910 5220 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
14:10:48.0941 5220 ElbyCDIO - ok
14:10:48.0972 5220 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:10:49.0019 5220 elxstor - ok
14:10:49.0082 5220 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:10:49.0175 5220 EMDMgmt - ok
14:10:49.0191 5220 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:10:49.0253 5220 ErrDev - ok
14:10:49.0284 5220 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:10:49.0362 5220 EventSystem - ok
14:10:49.0409 5220 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:10:49.0503 5220 exfat - ok
14:10:49.0550 5220 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
14:10:49.0581 5220 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
14:10:49.0581 5220 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
14:10:49.0612 5220 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:10:49.0674 5220 fastfat - ok
14:10:49.0706 5220 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:10:49.0752 5220 fdc - ok
14:10:49.0768 5220 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:10:49.0815 5220 fdPHost - ok
14:10:49.0830 5220 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:10:49.0908 5220 FDResPub - ok
14:10:49.0940 5220 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:10:49.0955 5220 FileInfo - ok
14:10:49.0971 5220 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:10:50.0018 5220 Filetrace - ok
14:10:50.0033 5220 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:10:50.0064 5220 flpydisk - ok
14:10:50.0080 5220 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:10:50.0096 5220 FltMgr - ok
14:10:50.0205 5220 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:10:50.0267 5220 FontCache - ok
14:10:50.0330 5220 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:10:50.0345 5220 FontCache3.0.0.0 - ok
14:10:50.0408 5220 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:10:50.0454 5220 Fs_Rec - ok
14:10:50.0470 5220 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:10:50.0486 5220 gagp30kx - ok
14:10:50.0501 5220 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:10:50.0532 5220 GEARAspiWDM - ok
14:10:50.0564 5220 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
14:10:50.0579 5220 ggflt - ok
14:10:50.0595 5220 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
14:10:50.0610 5220 ggsemc - ok
14:10:50.0673 5220 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:10:50.0751 5220 gpsvc - ok
14:10:50.0829 5220 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:10:50.0844 5220 gupdate - ok
14:10:50.0860 5220 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:10:50.0876 5220 gupdatem - ok
14:10:50.0922 5220 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
14:10:50.0985 5220 HdAudAddService - ok
14:10:51.0032 5220 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:10:51.0141 5220 HDAudBus - ok
14:10:51.0172 5220 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:10:51.0266 5220 HidBth - ok
14:10:51.0297 5220 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:10:51.0375 5220 HidIr - ok
14:10:51.0406 5220 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
14:10:51.0437 5220 hidserv - ok
14:10:51.0453 5220 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:10:51.0484 5220 HidUsb - ok
14:10:51.0515 5220 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:10:51.0562 5220 hkmsvc - ok
14:10:51.0609 5220 HP Health Check Service (a3a30438c48d2d71556e120c9c7ba7a0) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
14:10:51.0609 5220 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
14:10:51.0609 5220 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
14:10:51.0640 5220 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:10:51.0656 5220 HpCISSs - ok
14:10:51.0718 5220 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:10:51.0827 5220 HTTP - ok
14:10:51.0890 5220 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:10:51.0921 5220 i2omp - ok
14:10:51.0952 5220 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:10:51.0999 5220 i8042prt - ok
14:10:52.0030 5220 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:10:52.0077 5220 iaStorV - ok
14:10:52.0186 5220 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:10:52.0202 5220 IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:10:52.0202 5220 IDriverT - detected UnsignedFile.Multi.Generic (1)
14:10:52.0311 5220 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:10:52.0404 5220 idsvc - ok
14:10:52.0451 5220 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:10:52.0482 5220 iirsp - ok
14:10:52.0529 5220 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:10:52.0638 5220 IKEEXT - ok
14:10:52.0826 5220 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
14:10:53.0013 5220 IntcAzAudAddService - ok
14:10:53.0106 5220 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:10:53.0122 5220 intelide - ok
14:10:53.0153 5220 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:10:53.0216 5220 intelppm - ok
14:10:53.0231 5220 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:10:53.0294 5220 IPBusEnum - ok
14:10:53.0325 5220 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:10:53.0372 5220 IpFilterDriver - ok
14:10:53.0403 5220 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:10:53.0434 5220 iphlpsvc - ok
14:10:53.0450 5220 IpInIp - ok
14:10:53.0465 5220 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:10:53.0481 5220 IPMIDRV - ok
14:10:53.0496 5220 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:10:53.0528 5220 IPNAT - ok
14:10:53.0668 5220 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
14:10:53.0730 5220 iPod Service - ok
14:10:53.0762 5220 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:10:53.0808 5220 IRENUM - ok
14:10:53.0824 5220 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:10:53.0855 5220 isapnp - ok
14:10:53.0886 5220 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:10:53.0918 5220 iScsiPrt - ok
14:10:53.0964 5220 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:10:53.0996 5220 iteatapi - ok
14:10:54.0011 5220 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:10:54.0042 5220 iteraid - ok
14:10:54.0058 5220 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:10:54.0074 5220 kbdclass - ok
14:10:54.0105 5220 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:10:54.0152 5220 kbdhid - ok
14:10:54.0198 5220 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:10:54.0245 5220 KeyIso - ok
14:10:54.0292 5220 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:10:54.0354 5220 KSecDD - ok
14:10:54.0432 5220 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:10:54.0510 5220 KtmRm - ok
14:10:54.0557 5220 L8042Kbd (58759156a6918913edd368f995be3e53) C:\Windows\system32\DRIVERS\L8042Kbd.sys
14:10:54.0573 5220 L8042Kbd - ok
14:10:54.0588 5220 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\Windows\system32\DRIVERS\L8042mou.Sys
14:10:54.0604 5220 L8042mou - ok
14:10:54.0635 5220 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
14:10:54.0698 5220 LanmanServer - ok
14:10:54.0729 5220 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:10:54.0760 5220 LanmanWorkstation - ok
14:10:54.0869 5220 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
14:10:54.0900 5220 LBTServ - ok
14:10:54.0916 5220 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:10:54.0932 5220 LHidFilt - ok
14:10:54.0978 5220 LightScribeService (e75adcfafdef3f4c3af3332928d59926) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:10:55.0010 5220 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:10:55.0010 5220 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:10:55.0041 5220 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
14:10:55.0072 5220 lirsgt ( UnsignedFile.Multi.Generic ) - warning
14:10:55.0072 5220 lirsgt - detected UnsignedFile.Multi.Generic (1)
14:10:55.0088 5220 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:10:55.0134 5220 lltdio - ok
14:10:55.0166 5220 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:10:55.0228 5220 lltdsvc - ok
14:10:55.0244 5220 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:10:55.0322 5220 lmhosts - ok
14:10:55.0353 5220 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:10:55.0368 5220 LMouFilt - ok
14:10:55.0384 5220 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\Windows\system32\DRIVERS\LMouKE.Sys
14:10:55.0400 5220 LMouKE - ok
14:10:55.0415 5220 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:10:55.0431 5220 LSI_FC - ok
14:10:55.0446 5220 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:10:55.0462 5220 LSI_SAS - ok
14:10:55.0478 5220 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:10:55.0493 5220 LSI_SCSI - ok
14:10:55.0524 5220 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:10:55.0540 5220 luafv - ok
14:10:55.0602 5220 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
14:10:55.0602 5220 MBAMProtector - ok
14:10:55.0712 5220 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:10:55.0790 5220 MBAMService - ok
14:10:55.0836 5220 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:10:55.0868 5220 Mcx2Svc - ok
14:10:55.0914 5220 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:10:55.0930 5220 megasas - ok
14:10:55.0977 5220 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:10:56.0024 5220 MegaSR - ok
14:10:56.0070 5220 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:10:56.0117 5220 MMCSS - ok
14:10:56.0133 5220 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:10:56.0195 5220 Modem - ok
14:10:56.0211 5220 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:10:56.0242 5220 monitor - ok
14:10:56.0273 5220 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:10:56.0289 5220 mouclass - ok
14:10:56.0289 5220 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:10:56.0320 5220 mouhid - ok
14:10:56.0351 5220 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:10:56.0367 5220 MountMgr - ok
14:10:56.0460 5220 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:10:56.0460 5220 MozillaMaintenance - ok
14:10:56.0507 5220 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:10:56.0523 5220 mpio - ok
14:10:56.0538 5220 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:10:56.0585 5220 mpsdrv - ok
14:10:56.0616 5220 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:10:56.0741 5220 MpsSvc - ok
14:10:56.0788 5220 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:10:56.0804 5220 Mraid35x - ok
14:10:56.0835 5220 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:10:56.0866 5220 MRxDAV - ok
14:10:56.0897 5220 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:10:56.0928 5220 mrxsmb - ok
14:10:56.0960 5220 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:10:57.0006 5220 mrxsmb10 - ok
14:10:57.0038 5220 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:10:57.0069 5220 mrxsmb20 - ok
14:10:57.0084 5220 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:10:57.0116 5220 msahci - ok
14:10:57.0194 5220 MSCamSvc (31e023681015c35ebfe1498b07813b87) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
14:10:57.0209 5220 MSCamSvc - ok
14:10:57.0240 5220 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:10:57.0256 5220 msdsm - ok
14:10:57.0303 5220 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:10:57.0365 5220 MSDTC - ok
14:10:57.0381 5220 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:10:57.0443 5220 Msfs - ok
14:10:57.0459 5220 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:10:57.0459 5220 msisadrv - ok
14:10:57.0490 5220 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:10:57.0552 5220 MSiSCSI - ok
14:10:57.0552 5220 msiserver - ok
14:10:57.0584 5220 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:10:57.0615 5220 MSKSSRV - ok
14:10:57.0646 5220 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:10:57.0677 5220 MSPCLOCK - ok
14:10:57.0693 5220 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:10:57.0724 5220 MSPQM - ok
14:10:57.0740 5220 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:10:57.0755 5220 MsRPC - ok
14:10:57.0771 5220 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:10:57.0786 5220 mssmbios - ok
14:10:57.0802 5220 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:10:57.0849 5220 MSTEE - ok
14:10:57.0864 5220 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:10:57.0880 5220 Mup - ok
14:10:57.0911 5220 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:10:57.0942 5220 napagent - ok
14:10:57.0989 5220 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:10:58.0020 5220 NativeWifiP - ok
14:10:58.0067 5220 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:10:58.0145 5220 NDIS - ok
14:10:58.0208 5220 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:10:58.0239 5220 NdisTapi - ok
14:10:58.0254 5220 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:10:58.0301 5220 Ndisuio - ok
14:10:58.0332 5220 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:10:58.0364 5220 NdisWan - ok
14:10:58.0364 5220 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:10:58.0379 5220 NDProxy - ok
14:10:58.0426 5220 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
14:10:58.0442 5220 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:10:58.0442 5220 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:10:58.0457 5220 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:10:58.0488 5220 NetBIOS - ok
14:10:58.0520 5220 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:10:58.0566 5220 netbt - ok
14:10:58.0613 5220 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:10:58.0629 5220 Netlogon - ok
14:10:58.0676 5220 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:10:58.0722 5220 Netman - ok
14:10:58.0785 5220 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:10:58.0816 5220 NetMsmqActivator - ok
14:10:58.0816 5220 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:10:58.0847 5220 NetPipeActivator - ok
14:10:58.0863 5220 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:10:58.0925 5220 netprofm - ok
14:10:58.0941 5220 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:10:58.0956 5220 NetTcpActivator - ok
14:10:58.0972 5220 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:10:58.0972 5220 NetTcpPortSharing - ok
14:10:58.0988 5220 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:10:59.0003 5220 nfrd960 - ok
14:10:59.0019 5220 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:10:59.0050 5220 NlaSvc - ok
14:10:59.0066 5220 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:10:59.0097 5220 Npfs - ok
14:10:59.0097 5220 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:10:59.0144 5220 nsi - ok
14:10:59.0175 5220 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:10:59.0237 5220 nsiproxy - ok
14:10:59.0315 5220 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:10:59.0424 5220 Ntfs - ok
14:10:59.0471 5220 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:10:59.0549 5220 ntrigdigi - ok
14:10:59.0565 5220 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:10:59.0612 5220 Null - ok
14:10:59.0721 5220 NVENETFD (de3fcf6a5aaca198b22998330c3c64d9) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:10:59.0799 5220 NVENETFD - ok
14:10:59.0814 5220 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:10:59.0830 5220 nvraid - ok
14:10:59.0877 5220 nvrd32 (6934105ecc6a19570160d794e301e595) C:\Windows\system32\drivers\nvrd32.sys
14:10:59.0892 5220 nvrd32 - ok
14:10:59.0908 5220 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
14:10:59.0939 5220 nvsmu - ok
14:10:59.0955 5220 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:10:59.0970 5220 nvstor - ok
14:10:59.0986 5220 nvstor32 (d7b213299852d2026dbc90dab77ef06c) C:\Windows\system32\drivers\nvstor32.sys
14:11:00.0002 5220 nvstor32 - ok
14:11:00.0017 5220 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:11:00.0033 5220 nv_agp - ok
14:11:00.0033 5220 NwlnkFlt - ok
14:11:00.0048 5220 NwlnkFwd - ok
14:11:00.0095 5220 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:11:00.0111 5220 ohci1394 - ok
14:11:00.0173 5220 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:11:00.0251 5220 p2pimsvc - ok
14:11:00.0267 5220 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:11:00.0329 5220 p2psvc - ok
14:11:00.0376 5220 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:11:00.0423 5220 Parport - ok
14:11:00.0485 5220 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:11:00.0501 5220 partmgr - ok
14:11:00.0516 5220 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:11:00.0563 5220 Parvdm - ok
14:11:00.0594 5220 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:11:00.0626 5220 PcaSvc - ok
14:11:00.0641 5220 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:11:00.0657 5220 pci - ok
14:11:00.0688 5220 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:11:00.0704 5220 pciide - ok
14:11:00.0735 5220 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:11:00.0750 5220 pcmcia - ok
14:11:00.0813 5220 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:11:00.0969 5220 PEAUTH - ok
14:11:01.0078 5220 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:11:01.0203 5220 pla - ok
14:11:01.0312 5220 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:11:01.0343 5220 PlugPlay - ok
14:11:01.0359 5220 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
14:11:01.0390 5220 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:11:01.0390 5220 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:11:01.0421 5220 PnkBstrA (205e1b699fd3f2f9b036eea2ec30c620) C:\Windows\system32\PnkBstrA.exe
14:11:01.0437 5220 PnkBstrA - ok
14:11:01.0484 5220 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:11:01.0530 5220 PNRPAutoReg - ok
14:11:01.0546 5220 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:11:01.0640 5220 PNRPsvc - ok
14:11:01.0702 5220 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:11:01.0811 5220 PolicyAgent - ok
14:11:01.0858 5220 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:11:01.0920 5220 PptpMiniport - ok
14:11:01.0936 5220 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
14:11:01.0967 5220 Processor - ok
14:11:01.0983 5220 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:11:01.0998 5220 ProfSvc - ok
14:11:02.0045 5220 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:11:02.0061 5220 ProtectedStorage - ok
14:11:02.0092 5220 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
14:11:02.0123 5220 Ps2 - ok
14:11:02.0139 5220 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:11:02.0170 5220 PSched - ok
14:11:02.0248 5220 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:11:02.0342 5220 ql2300 - ok
14:11:02.0404 5220 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:11:02.0435 5220 ql40xx - ok
14:11:02.0498 5220 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:11:02.0529 5220 QWAVE - ok
14:11:02.0544 5220 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:11:02.0560 5220 QWAVEdrv - ok
14:11:02.0576 5220 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:11:02.0622 5220 RasAcd - ok
14:11:02.0638 5220 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:11:02.0716 5220 RasAuto - ok
14:11:02.0732 5220 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:11:02.0778 5220 Rasl2tp - ok
14:11:02.0825 5220 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:11:02.0872 5220 RasMan - ok
14:11:02.0919 5220 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:11:02.0934 5220 RasPppoe - ok
14:11:02.0950 5220 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:11:02.0966 5220 RasSstp - ok
14:11:02.0981 5220 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:11:03.0012 5220 rdbss - ok
14:11:03.0028 5220 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:11:03.0059 5220 RDPCDD - ok
14:11:03.0106 5220 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:11:03.0137 5220 rdpdr - ok
14:11:03.0137 5220 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:11:03.0168 5220 RDPENCDD - ok
14:11:03.0231 5220 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
14:11:03.0278 5220 RDPWD - ok
14:11:03.0324 5220 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:11:03.0387 5220 RemoteAccess - ok
14:11:03.0418 5220 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:11:03.0449 5220 RemoteRegistry - ok
14:11:03.0480 5220 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:11:03.0512 5220 RpcLocator - ok
14:11:03.0558 5220 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:11:03.0590 5220 RpcSs - ok
14:11:03.0621 5220 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:11:03.0652 5220 rspndr - ok
14:11:03.0699 5220 RTSTOR (52532a4ca8b251775decc87c4813abfb) C:\Windows\system32\drivers\RTSTOR.SYS
14:11:03.0730 5220 RTSTOR - ok
14:11:03.0777 5220 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:11:03.0792 5220 SamSs - ok
14:11:03.0824 5220 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:11:03.0839 5220 sbp2port - ok
14:11:03.0870 5220 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:11:03.0886 5220 SCardSvr - ok
14:11:03.0933 5220 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:11:04.0026 5220 Schedule - ok
14:11:04.0104 5220 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:11:04.0136 5220 SCPolicySvc - ok
14:11:04.0198 5220 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:11:04.0276 5220 SDRSVC - ok
14:11:04.0292 5220 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:11:04.0385 5220 secdrv - ok
14:11:04.0401 5220 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:11:04.0448 5220 seclogon - ok
14:11:04.0479 5220 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
14:11:04.0510 5220 seehcri - ok
14:11:04.0541 5220 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
14:11:04.0572 5220 SENS - ok
14:11:04.0588 5220 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:11:04.0635 5220 Serenum - ok
14:11:04.0650 5220 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:11:04.0713 5220 Serial - ok
14:11:04.0744 5220 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:11:04.0775 5220 sermouse - ok
14:11:04.0822 5220 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:11:04.0853 5220 SessionEnv - ok
14:11:04.0884 5220 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:11:04.0916 5220 sffdisk - ok
14:11:04.0931 5220 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:11:04.0978 5220 sffp_mmc - ok
14:11:04.0994 5220 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:11:05.0025 5220 sffp_sd - ok
14:11:05.0040 5220 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:11:05.0103 5220 sfloppy - ok
14:11:05.0134 5220 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:11:05.0181 5220 SharedAccess - ok
14:11:05.0243 5220 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:11:05.0290 5220 ShellHWDetection - ok
14:11:05.0290 5220 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:11:05.0306 5220 sisagp - ok
14:11:05.0321 5220 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:11:05.0352 5220 SiSRaid2 - ok
14:11:05.0384 5220 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:11:05.0399 5220 SiSRaid4 - ok
14:11:05.0602 5220 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:11:05.0836 5220 slsvc - ok
14:11:06.0008 5220 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:11:06.0039 5220 SLUINotify - ok
14:11:06.0117 5220 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:11:06.0148 5220 Smb - ok
14:11:06.0179 5220 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:11:06.0210 5220 SNMPTRAP - ok
14:11:06.0242 5220 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:11:06.0242 5220 spldr - ok
14:11:06.0273 5220 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:11:06.0320 5220 Spooler - ok
14:11:06.0382 5220 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:11:06.0413 5220 srv - ok
14:11:06.0429 5220 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:11:06.0460 5220 srv2 - ok
14:11:06.0507 5220 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:11:06.0538 5220 srvnet - ok
14:11:06.0569 5220 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:11:06.0600 5220 SSDPSRV - ok
14:11:06.0616 5220 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:11:06.0632 5220 ssmdrv - ok
14:11:06.0678 5220 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:11:06.0678 5220 SstpSvc - ok
14:11:06.0741 5220 Steam Client Service - ok
14:11:06.0772 5220 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
14:11:06.0803 5220 StillCam - ok
14:11:06.0850 5220 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:11:06.0912 5220 stisvc - ok
14:11:06.0959 5220 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:11:07.0006 5220 swenum - ok
14:11:07.0084 5220 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:11:07.0162 5220 swprv - ok
14:11:07.0178 5220 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:11:07.0193 5220 Symc8xx - ok
14:11:07.0209 5220 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:11:07.0240 5220 Sym_hi - ok
14:11:07.0256 5220 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:11:07.0271 5220 Sym_u3 - ok
14:11:07.0334 5220 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:11:07.0380 5220 SysMain - ok
14:11:07.0427 5220 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:11:07.0458 5220 TabletInputService - ok
14:11:07.0490 5220 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:11:07.0568 5220 TapiSrv - ok
14:11:07.0599 5220 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:11:07.0661 5220 TBS - ok
14:11:07.0786 5220 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
14:11:07.0848 5220 Tcpip - ok
14:11:07.0864 5220 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
14:11:07.0911 5220 Tcpip6 - ok
14:11:07.0958 5220 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:11:08.0036 5220 tcpipreg - ok
14:11:08.0051 5220 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:11:08.0114 5220 TDPIPE - ok
14:11:08.0129 5220 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:11:08.0192 5220 TDTCP - ok
14:11:08.0254 5220 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:11:08.0332 5220 tdx - ok
14:11:08.0363 5220 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:11:08.0394 5220 TermDD - ok
14:11:08.0472 5220 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:11:08.0535 5220 TermService - ok
14:11:08.0613 5220 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:11:08.0644 5220 Themes - ok
14:11:08.0706 5220 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:11:08.0753 5220 THREADORDER - ok
14:11:08.0800 5220 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:11:08.0847 5220 TrkWks - ok
14:11:08.0940 5220 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:11:08.0987 5220 TrustedInstaller - ok
14:11:09.0081 5220 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:11:09.0128 5220 tssecsrv - ok
14:11:09.0190 5220 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:11:09.0221 5220 tunmp - ok
14:11:09.0284 5220 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:11:09.0299 5220 tunnel - ok
14:11:09.0362 5220 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:11:09.0377 5220 uagp35 - ok
14:11:09.0408 5220 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:11:09.0455 5220 udfs - ok
14:11:09.0486 5220 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:11:09.0549 5220 UI0Detect - ok
14:11:09.0580 5220 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:11:09.0596 5220 uliagpkx - ok
14:11:09.0627 5220 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:11:09.0658 5220 uliahci - ok
14:11:09.0674 5220 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:11:09.0705 5220 UlSata - ok
14:11:09.0720 5220 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:11:09.0767 5220 ulsata2 - ok
14:11:09.0783 5220 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:11:09.0830 5220 umbus - ok
14:11:09.0861 5220 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:11:09.0923 5220 upnphost - ok
14:11:09.0970 5220 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
14:11:10.0032 5220 USBAAPL - ok
14:11:10.0079 5220 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
14:11:10.0126 5220 usbaudio - ok
14:11:10.0173 5220 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:11:10.0204 5220 usbccgp - ok
14:11:10.0235 5220 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:11:10.0344 5220 usbcir - ok
14:11:10.0376 5220 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:11:10.0407 5220 usbehci - ok
14:11:10.0454 5220 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:11:10.0500 5220 usbhub - ok
14:11:10.0500 5220 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:11:10.0547 5220 usbohci - ok
14:11:10.0594 5220 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:11:10.0641 5220 usbprint - ok
14:11:10.0688 5220 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:11:10.0719 5220 usbscan - ok
14:11:10.0750 5220 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:11:10.0797 5220 USBSTOR - ok
14:11:10.0812 5220 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:11:10.0859 5220 usbuhci - ok
14:11:10.0890 5220 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:11:10.0937 5220 UxSms - ok
14:11:11.0000 5220 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
14:11:11.0046 5220 VClone - ok
14:11:11.0078 5220 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:11:11.0156 5220 vds - ok
14:11:11.0202 5220 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:11:11.0249 5220 vga - ok
14:11:11.0265 5220 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:11:11.0312 5220 VgaSave - ok
14:11:11.0327 5220 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:11:11.0343 5220 viaagp - ok
14:11:11.0358 5220 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:11:11.0390 5220 ViaC7 - ok
14:11:11.0405 5220 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:11:11.0421 5220 viaide - ok
14:11:11.0436 5220 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:11:11.0452 5220 volmgr - ok
14:11:11.0483 5220 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:11:11.0499 5220 volmgrx - ok
14:11:11.0530 5220 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:11:11.0546 5220 volsnap - ok
14:11:11.0608 5220 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:11:11.0624 5220 vsmraid - ok
14:11:11.0686 5220 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:11:11.0733 5220 VSS - ok
14:11:11.0936 5220 VX3000 (42870675b4d84acd81a9da69b83f14c5) C:\Windows\system32\DRIVERS\VX3000.sys
14:11:12.0092 5220 VX3000 - ok
14:11:12.0216 5220 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:11:12.0263 5220 W32Time - ok
14:11:12.0310 5220 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:11:12.0404 5220 WacomPen - ok
14:11:12.0419 5220 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:11:12.0466 5220 Wanarp - ok
14:11:12.0466 5220 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:11:12.0497 5220 Wanarpv6 - ok
14:11:12.0544 5220 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:11:12.0606 5220 wcncsvc - ok
14:11:12.0669 5220 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:11:12.0700 5220 WcsPlugInService - ok
14:11:12.0716 5220 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:11:12.0747 5220 Wd - ok
14:11:12.0794 5220 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:11:12.0825 5220 Wdf01000 - ok
14:11:12.0856 5220 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:11:12.0887 5220 WdiServiceHost - ok
14:11:12.0903 5220 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:11:12.0934 5220 WdiSystemHost - ok
14:11:12.0965 5220 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:11:12.0996 5220 WebClient - ok
14:11:13.0028 5220 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:11:13.0074 5220 Wecsvc - ok
14:11:13.0106 5220 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:11:13.0152 5220 wercplsupport - ok
14:11:13.0184 5220 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:11:13.0230 5220 WerSvc - ok
14:11:13.0324 5220 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:11:13.0340 5220 WinDefend - ok
14:11:13.0355 5220 WinHttpAutoProxySvc - ok
14:11:13.0402 5220 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:11:13.0449 5220 Winmgmt - ok
14:11:13.0527 5220 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:11:13.0683 5220 WinRM - ok
14:11:13.0776 5220 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:11:13.0901 5220 Wlansvc - ok
14:11:14.0151 5220 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:11:14.0244 5220 wlidsvc - ok
14:11:14.0385 5220 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:11:14.0416 5220 WmiAcpi - ok
14:11:14.0525 5220 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:11:14.0588 5220 wmiApSrv - ok
14:11:14.0712 5220 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:11:14.0837 5220 WMPNetworkSvc - ok
14:11:14.0900 5220 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:11:14.0946 5220 WPCSvc - ok
14:11:14.0978 5220 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:11:15.0024 5220 WPDBusEnum - ok
14:11:15.0071 5220 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:11:15.0087 5220 WpdUsb - ok
14:11:15.0212 5220 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:11:15.0274 5220 WPFFontCache_v0400 - ok
14:11:15.0336 5220 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:11:15.0368 5220 ws2ifsl - ok
14:11:15.0399 5220 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
14:11:15.0430 5220 wscsvc - ok
14:11:15.0430 5220 WSearch - ok
14:11:15.0602 5220 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
14:11:15.0804 5220 wuauserv - ok
14:11:15.0945 5220 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:11:16.0007 5220 WUDFRd - ok
14:11:16.0023 5220 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:11:16.0085 5220 wudfsvc - ok
14:11:16.0210 5220 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:11:16.0288 5220 YahooAUService - ok
14:11:16.0350 5220 {22D78859-9CE9-4B77-BF18-AC83E81A9263} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\HP\DVDPlay\000.fcl
14:11:16.0366 5220 {22D78859-9CE9-4B77-BF18-AC83E81A9263} - ok
14:11:16.0382 5220 MBR (0x1B8) (125a9efb00805296e689c06cf6020c43) \Device\Harddisk0\DR0
14:11:16.0662 5220 \Device\Harddisk0\DR0 - ok
14:11:16.0678 5220 Boot (0x1200) (bf38b5bd45a4edbd65e5e3a98e0d0f32) \Device\Harddisk0\DR0\Partition0
14:11:16.0678 5220 \Device\Harddisk0\DR0\Partition0 - ok
14:11:16.0678 5220 Boot (0x1200) (fe26d57e3d36bac50c8d2c4b4bcf6fd4) \Device\Harddisk0\DR0\Partition1
14:11:16.0694 5220 \Device\Harddisk0\DR0\Partition1 - ok
14:11:16.0694 5220 ============================================================
14:11:16.0694 5220 Scan finished
14:11:16.0694 5220 ============================================================
14:11:16.0709 3264 Detected object count: 8
14:11:16.0709 3264 Actual detected object count: 8
14:11:44.0524 3264 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:44.0524 3264 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:44.0524 3264 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:44.0524 3264 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:44.0524 3264 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:44.0524 3264 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:44.0524 3264 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:44.0524 3264 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:44.0524 3264 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:44.0524 3264 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:44.0524 3264 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:44.0524 3264 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:44.0540 3264 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:44.0540 3264 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:11:44.0540 3264 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:44.0540 3264 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
25.06.2012, 14:46
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry Key Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
25.06.2012, 15:48
| #19 |
| | Trojan.Downloader in Registry Key [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-06-25.03 - Tuan 25.06.2012 16:19:30.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1874 [GMT 2:00]
ausgeführt von:: c:\users\Tuan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-25 bis 2012-06-25 ))))))))))))))))))))))))))))))
.
.
2012-06-25 14:32 . 2012-06-25 14:33 -------- d-----w- c:\users\Tuan\AppData\Local\temp
2012-06-25 14:32 . 2012-06-25 14:32 -------- d-----w- c:\users\Tran Trong Chinh\AppData\Local\temp
2012-06-25 14:32 . 2012-06-25 14:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-25 14:32 . 2012-06-25 14:32 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-06-25 14:32 . 2012-06-25 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 16:32 . 2012-06-24 17:13 -------- d-----w- C:\_OTL
2012-06-22 14:23 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D90C47D-611F-4D84-83AD-D4FD26510E7B}\mpengine.dll
2012-06-22 14:10 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 14:10 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 14:10 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 14:10 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 14:10 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 14:10 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 14:10 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 14:10 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 14:10 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 21:16 . 2012-06-19 21:16 -------- d-----w- c:\program files\ESET
2012-06-18 11:50 . 2012-06-18 11:50 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-18 11:50 . 2012-06-18 11:50 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-15 16:10 . 2012-06-15 16:10 -------- d-----w- c:\users\Tuan\AppData\Local\Macromedia
2012-06-14 14:08 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 14:08 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 14:08 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 14:07 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 14:03 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 13:27 . 2012-06-13 13:27 -------- d-----w- c:\program files\iPod
2012-06-13 13:27 . 2012-06-13 13:29 -------- d-----w- c:\program files\iTunes
2012-06-10 15:00 . 2012-06-10 15:01 -------- d-----w- c:\users\Tuan\AppData\Local\Ubisoft Game Launcher
2012-06-05 16:54 . 2012-06-05 17:04 -------- d-----w- c:\users\Tuan\AppData\Roaming\pdfforge
2012-06-05 16:54 . 2012-05-14 07:17 79360 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-05 16:54 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-06-05 16:54 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-06-05 16:54 . 2012-06-05 16:54 -------- d-----w- c:\program files\PDFCreator
2012-06-05 16:54 . 1998-07-06 16:56 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2012-06-05 16:54 . 1998-07-06 16:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2012-06-05 16:54 . 1998-07-06 16:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
2012-06-05 16:54 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-06-01 18:11 . 2012-03-22 11:43 2557952 ----a-w- c:\windows\system32\QtCore4.dll
2012-06-01 18:11 . 2012-05-22 13:47 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-05-29 17:04 . 2012-06-01 18:33 -------- d-----w- c:\users\Tuan\AppData\Roaming\redsn0w
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 14:03 . 2009-04-01 15:24 139048 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-24 14:02 . 2009-04-01 15:28 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-24 14:02 . 2009-04-01 15:24 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-24 14:01 . 2009-04-01 15:24 280736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-24 13:13 . 2012-04-01 14:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-24 13:13 . 2011-05-15 13:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 16:30 . 2009-04-01 15:23 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-08 14:01 . 2011-10-14 17:02 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 14:01 . 2011-10-14 17:02 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-08 15:50 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-06 05:21 . 2012-04-06 05:21 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2010-09-17 10:04 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 451072 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:15 . 2012-04-06 02:15 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-04-06 02:14 . 2012-04-06 02:14 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\system32\atidxx32.dll
2012-04-06 02:00 . 2010-09-17 10:05 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:34 . 2008-10-28 00:21 6203392 ----a-w- c:\windows\system32\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\system32\aticaldd.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\system32\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09 . 2010-09-17 10:05 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-04-06 01:09 . 2010-09-17 10:05 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\system32\amdocl.dll
2012-04-04 13:56 . 2012-01-23 20:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-11 14:14 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 14:14 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-01 15:31 . 2010-05-07 14:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-30 12:39 . 2012-05-11 14:15 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-18 11:50 . 2011-04-25 11:52 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-4 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Tuan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-449065279-793341504-1815772316-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 45195557
*Deregistered* - 45195557
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:13]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 18:36]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 18:36]
.
2012-05-29 c:\windows\Tasks\HPCeeScheduleForTuan.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-10-27 19:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yahoo.com/?p=us
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Free YouTube Download - c:\users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to iPhone Converter - c:\users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-25 16:33
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\DVDPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\SecuROM\License information*]
"datasecu"=hex:52,56,3d,c6,d7,d5,93,74,ba,a6,f6,e0,5f,08,79,62,29,8c,dc,eb,5e,
eb,a0,21,1c,5d,56,7d,3e,57,68,0f,d0,45,be,32,e0,6d,51,69,5a,d2,94,74,aa,20,\
"rkeysecu"=hex:66,d5,3f,d0,e1,ce,5a,a9,17,2e,78,dc,1a,8f,57,7c
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5688)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Zeit der Fertigstellung: 2012-06-25 16:37:21
ComboFix-quarantined-files.txt 2012-06-25 14:37
.
Vor Suchlauf: 16 Verzeichnis(se), 333.664.276.480 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 333.623.406.592 Bytes frei
.
- - End Of File - - C2C57F51C698F3DA6A8E1A039ABA9079
|
|
25.06.2012, 19:13
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry Key Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Firefox::
FF - ProfilePath - c:\users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://de.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2012, 16:01
| #21 |
| | Trojan.Downloader in Registry Key [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-06-26.01 - Tuan 26.06.2012 16:33:36.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1959 [GMT 2:00]
ausgeführt von:: c:\users\Tuan\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Tuan\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-26 bis 2012-06-26 ))))))))))))))))))))))))))))))
.
.
2012-06-26 14:48 . 2012-06-26 14:48 -------- d-----w- c:\users\Tuan\AppData\Local\temp
2012-06-26 14:48 . 2012-06-26 14:48 -------- d-----w- c:\users\Tran Trong Chinh\AppData\Local\temp
2012-06-26 14:48 . 2012-06-26 14:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-26 14:48 . 2012-06-26 14:48 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-06-26 14:48 . 2012-06-26 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 14:24 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8289125F-C0AD-4355-BCB1-DF26E5BC6A0D}\mpengine.dll
2012-06-24 16:32 . 2012-06-24 17:13 -------- d-----w- C:\_OTL
2012-06-22 14:10 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 14:10 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 14:10 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 14:10 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 14:10 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 14:10 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 14:10 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 14:10 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 14:10 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 21:16 . 2012-06-19 21:16 -------- d-----w- c:\program files\ESET
2012-06-18 11:50 . 2012-06-18 11:50 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-18 11:50 . 2012-06-18 11:50 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-15 16:10 . 2012-06-15 16:10 -------- d-----w- c:\users\Tuan\AppData\Local\Macromedia
2012-06-14 14:08 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 14:08 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 14:08 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 14:07 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 14:03 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 13:27 . 2012-06-13 13:27 -------- d-----w- c:\program files\iPod
2012-06-13 13:27 . 2012-06-13 13:29 -------- d-----w- c:\program files\iTunes
2012-06-10 15:00 . 2012-06-10 15:01 -------- d-----w- c:\users\Tuan\AppData\Local\Ubisoft Game Launcher
2012-06-05 16:54 . 2012-06-05 17:04 -------- d-----w- c:\users\Tuan\AppData\Roaming\pdfforge
2012-06-05 16:54 . 2012-05-14 07:17 79360 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-05 16:54 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-06-05 16:54 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-06-05 16:54 . 2012-06-05 16:54 -------- d-----w- c:\program files\PDFCreator
2012-06-05 16:54 . 1998-07-06 16:56 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2012-06-05 16:54 . 1998-07-06 16:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2012-06-05 16:54 . 1998-07-06 16:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
2012-06-05 16:54 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-06-01 18:11 . 2012-03-22 11:43 2557952 ----a-w- c:\windows\system32\QtCore4.dll
2012-06-01 18:11 . 2012-05-22 13:47 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-05-29 17:04 . 2012-06-01 18:33 -------- d-----w- c:\users\Tuan\AppData\Roaming\redsn0w
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 14:03 . 2009-04-01 15:24 139048 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-24 14:02 . 2009-04-01 15:28 282296 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-06-24 14:02 . 2009-04-01 15:24 282296 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-24 14:01 . 2009-04-01 15:24 280736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-24 13:13 . 2012-04-01 14:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-24 13:13 . 2011-05-15 13:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 16:30 . 2009-04-01 15:23 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-08 14:01 . 2011-10-14 17:02 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 14:01 . 2011-10-14 17:02 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-08 15:50 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-06 05:21 . 2012-04-06 05:21 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2010-09-17 10:04 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 451072 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:15 . 2012-04-06 02:15 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-04-06 02:14 . 2012-04-06 02:14 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\system32\atidxx32.dll
2012-04-06 02:00 . 2010-09-17 10:05 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:34 . 2008-10-28 00:21 6203392 ----a-w- c:\windows\system32\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\system32\aticaldd.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\system32\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09 . 2010-09-17 10:05 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-04-06 01:09 . 2010-09-17 10:05 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\system32\amdocl.dll
2012-04-04 13:56 . 2012-01-23 20:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-11 14:14 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 14:14 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-01 15:31 . 2010-05-07 14:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-30 12:39 . 2012-05-11 14:15 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-18 11:50 . 2011-04-25 11:52 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-4 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Tuan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-449065279-793341504-1815772316-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:13]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 18:36]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 18:36]
.
2012-05-29 c:\windows\Tasks\HPCeeScheduleForTuan.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-10-27 19:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yahoo.com/?p=us
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: Free YouTube Download - c:\users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to iPhone Converter - c:\users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-26 16:48
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\DVDPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-449065279-793341504-1815772316-1000\Software\SecuROM\License information*]
"datasecu"=hex:52,56,3d,c6,d7,d5,93,74,ba,a6,f6,e0,5f,08,79,62,29,8c,dc,eb,5e,
eb,a0,21,1c,5d,56,7d,3e,57,68,0f,d0,45,be,32,e0,6d,51,69,5a,d2,94,74,aa,20,\
"rkeysecu"=hex:66,d5,3f,d0,e1,ce,5a,a9,17,2e,78,dc,1a,8f,57,7c
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4124)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Zeit der Fertigstellung: 2012-06-26 16:50:55
ComboFix-quarantined-files.txt 2012-06-26 14:50
ComboFix2.txt 2012-06-25 14:37
.
Vor Suchlauf: 16 Verzeichnis(se), 334.229.594.112 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 334.204.600.320 Bytes frei
.
- - End Of File - - 85B8ED4F74C825A262BFB0C7D9C55EA2
|
|
26.06.2012, 18:05
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry Key Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2012, 15:59
| #23 |
| | Trojan.Downloader in Registry Key Beim erstem Mal ist GMER abgestürzt, haz aber beim zweitem Mal geklappt [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-27 15:43:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000059 WDC_WD64 rev.01.0
Running: w71gow08.exe; Driver: C:\Users\Tuan\AppData\Local\Temp\kwldipog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F803000, 0x3DBAA0, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA2E0F300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA2E52300, 0x1B7E, 0xE8000020]
C:\Program Files\HP\DVDPlay\000.fcl entry point in "" section [0xA2F6A41C]
.clc C:\Program Files\HP\DVDPlay\000.fcl unknown last code section [0xA2F6B000, 0x1000, 0xE0000020]
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-27 15:53:18
-----------------------------
15:53:18.942 OS Version: Windows 6.0.6002 Service Pack 2
15:53:18.942 Number of processors: 4 586 0x203
15:53:18.942 ComputerName: TUAN-PC UserName: Tuan
15:53:21.048 Initialize success
15:54:25.282 AVAST engine defs: 12062700
15:55:27.043 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
15:55:27.059 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
15:55:27.464 Disk 0 MBR read successfully
15:55:27.464 Disk 0 MBR scan
15:55:27.464 Disk 0 unknown MBR code
15:55:27.589 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 597009 MB offset 63
15:55:27.698 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13468 MB offset 1222675020
15:55:28.135 Disk 0 scanning sectors +1250258625
15:55:29.102 Disk 0 scanning C:\Windows\system32\drivers
15:57:13.812 Service scanning
15:57:36.603 Modules scanning
15:59:42.762 Disk 0 trace - called modules:
15:59:42.887 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys dxgkrnl.sys atikmpag.sys atikmdag.sys watchdog.sys
15:59:42.903 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87245ac8]
15:59:42.903 3 CLASSPNP.SYS[8073b8b3] -> nt!IofCallDriver -> [0x861b3360]
15:59:42.903 5 acpi.sys[806176bc] -> nt!IofCallDriver -> \Device\00000059[0x861b8928]
15:59:44.244 AVAST engine scan C:\Windows
16:02:54.487 AVAST engine scan C:\Windows\system32
16:04:33.529 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
16:08:52.708 AVAST engine scan C:\Windows\system32\drivers
16:09:12.536 AVAST engine scan C:\Users\Tuan
16:50:49.116 AVAST engine scan C:\ProgramData
16:53:28.798 Scan finished successfully
16:54:40.090 Disk 0 MBR has been saved successfully to "C:\Users\Tuan\Desktop\MBR.dat"
16:54:40.090 The log file has been saved successfully to "C:\Users\Tuan\Desktop\aswMBR.txt"
|
|
28.06.2012, 09:53
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry KeyCode:
ATTFilter C:\Windows\system32\jureg.exe
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 14:15
| #25 |
| | Trojan.Downloader in Registry Key so gemacht. ich weiß nicht ob du was damit anfangen kannst, aber hier. Code:
ATTFilter SHA256: eadfe05a413aed21d31f051cd81daefef70d303e811a359a621795ca7351119c
SHA1: 9c6fe613d5b3353962d58fa8af82fbb06d4e5f9c
MD5: 4f89dd4ea74c66916e15a6e7d74a50b5
File size: 53.6 KB ( 54936 bytes )
File name: jureg.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-06-29 13:11:44 UTC ( 0 Minuten ago )
Code:
ATTFilter ssdeep
768:PwyOzv3OyCIqkLJVJfS3VEgrB5li5ZnMTL35tb1:PwyKv367kLJVJWm6li5ZnMTD1
TrID
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ExifTool
SubsystemVersion.........: 4.0
FileDescription..........: Java(TM) Platform SE binary
InitializedDataSize......: 24576
ImageVersion.............: 0.0
ProductName..............: Java(TM) Platform SE 6 U1
FileVersionNumber........: 6.0.10.7
LanguageCode.............: Neutral
FileFlagsMask............: 0x003f
FullVersion..............: 1.6.0_01-b07
CharacterSet.............: Unicode
LinkerVersion............: 7.1
OriginalFilename.........: jureg.exe
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 6.0.10.7
TimeStamp................: 2007:04:07 10:12:47+02:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: Java(TM) Update RegisterTask
ProductVersion...........: 6.0.10.7
UninitializedDataSize....: 0
OSVersion................: 4.0
FileOS...................: Win32
LegalCopyright...........: Copyright 2004
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Sun Microsystems, Inc.
CodeSize.................: 24576
FileSubtype..............: 0
ProductVersionNumber.....: 6.0.10.7
EntryPoint...............: 0x16af
ObjectFileType...........: Executable application
Sigcheck
publisher................: Sun Microsystems, Inc.
product..................: Java(TM) Platform SE 6 U1
internal name............: Java(TM) Update RegisterTask
copyright................: Copyright (c) 2004
original name............: jureg.exe
signing date.............: 11:56 PM 4/6/2007
signers..................: Sun Microsystems, Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
file version.............: 6.0.10.7
description..............: Java(TM) Platform SE binary
Portable Executable structural information
Compilation timedatestamp.....: 2007-04-07 08:12:47
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x000016AF
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 21052 24576 6.09 9396df4bf3b53d52ea8148004e18630a
.rdata 28672 6816 8192 4.47 29493b378bbcc13fe9f4c418e0a53358
.data 36864 4540 4096 1.52 4949e527f08d12460bec8c96f89e313b
.rsrc 45056 4856 8192 3.18 a51ff8a51076dbac7d88ee6be23ee602
PE Imports....................:
KERNEL32.dll
InterlockedExchange, GetACP, GetLocaleInfoA, GetVersionExA, InitializeCriticalSection, DeleteCriticalSection, GetLastError, CloseHandle, GetExitCodeProcess, CreateProcessA, lstrcatA, GetEnvironmentVariableA, GetSystemDirectoryA, lstrcpyA, GetCommandLineA, EnterCriticalSection, LeaveCriticalSection, GetSystemInfo, HeapFree, GetModuleHandleA, GetStartupInfoA, ExitProcess, HeapReAlloc, HeapAlloc, RtlUnwind, VirtualQuery, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, GetProcAddress, TerminateProcess, GetCurrentProcess, HeapSize, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, TlsAlloc, SetLastError, GetCurrentThreadId, TlsFree, TlsSetValue, TlsGetValue, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LoadLibraryA, GetOEMCP, GetCPInfo, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, VirtualProtect
USER32.dll
wsprintfA
PE Exports....................:
|
|
29.06.2012, 14:46
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry Key Das ist ein Fehlalarm von aswMBR die Datei hat was mit Java zu tun Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 14:03
| #27 |
| | Trojan.Downloader in Registry Key tut mir Leid für die verspätete Antwort.  Ich kam in den letzten Tagen nicht an den Rechner ran. Wie sichere ich mir die Daten? |
|
02.07.2012, 14:30
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry Key Willst du mir jetzt echt erzählen, du hast noch nie deine wichtigen Dateien auf eine externe Platte oder ein anderem externes Medium kopiert?  Oder willst du wissen wie man möglichst ein gesamtes Backup (Image) seines Systems macht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 18:51
| #29 |
| | Trojan.Downloader in Registry Key Oh sehe schon, habe die Frage etwas schlecht formuliert^^ Natürlich habe ich schon mal wichtige Daten gesichert. Nur das war vor knapp 2 Jahren. Ich wollte wissen, wie man ein gesamtes Backup eines Systems macht. Oder reichen schon die gesicherte Daten, die ich vor 2 Jahren gemacht hatte? Ich meine aktuellere gesicherte Daten wären besser oder? |
|
03.07.2012, 11:59
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Downloader in Registry Key Da gibt es mehrere Möglichkeiten. Das einfachste wäre es wohl alle Dateien und wichtigen persönlichen Ordner auf eine ext. Platte zu kopieren. Dann hast du deine Daten gesichert, zB nach einem Systemcrash kannst du Windows dann manuell sauber neu installieren und die Daten aus der einfachen manuellen Backupmethode einfach wieder zurückkopieren Man kann aber auch Abbilder eines gesamten System (besser gesagt der gesamten Platte oder von einzelnen oder auch mehreren Partitionen erstellen), Denkanstoß hier => http://www.trojaner-board.de/115678-...r-backups.html Wenn du eine Festplatte von WesternDigital oder Seagate hast, bekommst du ein AcronisTrueImage für lau (das aber ohne SecureZone soweit ich weiß, ich empfehle aber eh Images auf externe Platten, diese sollten nur angesteckt sein wenn man das Backup braucht bzw. ein Backup erstellen muss!)WesternDigtal => http://filepony.de/download-acronis_...ge_wd_edition/ Seagate => http://filepony.de/download-seagate_discwizard/ Mit Windows7 hat man auch ein Bordmitteln für die Imageerstellung zB hier => [Anleitung] Komplettes Image-Backup (Systemabbild) von Windows 7 erstellen - Anleitungen / Tutorials / FAQ (Windows 7) Gibt auch andere Programme, wie zB Drive Snapshot - Disk Image Backup leicht gemacht
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan.Downloader in Registry Key |
| administrator, anti-malware, appdata, autostart, browser, code, dateien, dateisystem, entfernen, explorer, gen, helper, heuristiks/extra, heuristiks/shuriken, infizierte, malwarebytes, microsoft, programm, quarantäne, rechner, registry, registry key, roaming, service pack 2, software, speicher, viren, vista |
Linear-Darstellung
