| |
| |||||||
Log-Analyse und Auswertung: Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblocktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.07.2012, 10:34
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblocktCode:
ATTFilter \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.07.2012, 17:22
| #17 |
 | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt hi,
__________________Ich bekomme imemrnoch redirects von google aus und beim start von windows muss ich rundll 32 im task manager schliessen um microsoft SE zum laufen zu bringen hier das Log Code:
ATTFilter 18:15:35.0646 4948 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
18:15:35.0708 4948 ============================================================
18:15:35.0708 4948 Current date / time: 2012/07/02 18:15:35.0708
18:15:35.0708 4948 SystemInfo:
18:15:35.0708 4948
18:15:35.0708 4948 OS Version: 6.1.7601 ServicePack: 1.0
18:15:35.0708 4948 Product type: Workstation
18:15:35.0708 4948 ComputerName: FAB
18:15:35.0708 4948 UserName: Fab
18:15:35.0708 4948 Windows directory: C:\Windows
18:15:35.0708 4948 System windows directory: C:\Windows
18:15:35.0708 4948 Running under WOW64
18:15:35.0708 4948 Processor architecture: Intel x64
18:15:35.0708 4948 Number of processors: 2
18:15:35.0708 4948 Page size: 0x1000
18:15:35.0708 4948 Boot type: Normal boot
18:15:35.0708 4948 ============================================================
18:15:40.0404 4948 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:15:40.0562 4948 Drive \Device\Harddisk1\DR1 - Size: 0x3C3D12000 (15.06 Gb), SectorSize: 0x200, Cylinders: 0x7AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:15:40.0562 4948 ============================================================
18:15:40.0562 4948 \Device\Harddisk0\DR0:
18:15:40.0594 4948 MBR partitions:
18:15:40.0594 4948 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:15:40.0594 4948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192000
18:15:40.0594 4948 \Device\Harddisk1\DR1:
18:15:40.0594 4948 MBR partitions:
18:15:40.0594 4948 ============================================================
18:15:40.0968 4948 C: <-> \Device\Harddisk0\DR0\Partition1
18:15:40.0999 4948 B: <-> \Device\Harddisk0\DR0\Partition0
18:15:40.0999 4948 ============================================================
18:15:40.0999 4948 Initialize success
18:15:40.0999 4948 ============================================================
18:15:51.0992 4520 ============================================================
18:15:51.0992 4520 Scan started
18:15:51.0992 4520 Mode: Manual; SigCheck; TDLFS;
18:15:51.0992 4520 ============================================================
18:15:53.0939 4520 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:15:53.0969 4520 !SASCORE - ok
18:15:55.0064 4520 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:15:55.0111 4520 1394ohci - ok
18:15:55.0272 4520 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:15:55.0285 4520 ACPI - ok
18:15:55.0881 4520 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:15:56.0788 4520 AcpiPmi - ok
18:15:57.0031 4520 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:15:57.0044 4520 AdobeARMservice - ok
18:15:57.0456 4520 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:15:57.0491 4520 adp94xx - ok
18:15:57.0859 4520 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:15:57.0904 4520 adpahci - ok
18:15:57.0939 4520 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:15:57.0951 4520 adpu320 - ok
18:15:58.0044 4520 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:15:58.0336 4520 AeLookupSvc - ok
18:15:58.0524 4520 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:15:58.0777 4520 AFD - ok
18:15:58.0868 4520 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:15:58.0896 4520 agp440 - ok
18:15:58.0928 4520 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:15:59.0001 4520 ALG - ok
18:15:59.0023 4520 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:15:59.0033 4520 aliide - ok
18:15:59.0093 4520 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
18:15:59.0201 4520 AMD External Events Utility - ok
18:15:59.0303 4520 AMD FUEL Service - ok
18:15:59.0409 4520 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:15:59.0417 4520 amdide - ok
18:15:59.0482 4520 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:15:59.0494 4520 amdiox64 - ok
18:15:59.0778 4520 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:15:59.0858 4520 AmdK8 - ok
18:16:02.0181 4520 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
18:16:02.0495 4520 amdkmdag - ok
18:16:02.0735 4520 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
18:16:02.0795 4520 amdkmdap - ok
18:16:02.0860 4520 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:16:02.0907 4520 AmdPPM - ok
18:16:03.0147 4520 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:16:03.0180 4520 amdsata - ok
18:16:03.0293 4520 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:16:03.0311 4520 amdsbs - ok
18:16:03.0403 4520 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:16:03.0411 4520 amdxata - ok
18:16:03.0742 4520 AODDriver4.0 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:16:03.0807 4520 AODDriver4.0 - ok
18:16:03.0997 4520 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:16:05.0020 4520 AppID - ok
18:16:05.0048 4520 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:16:05.0108 4520 AppIDSvc - ok
18:16:05.0190 4520 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:16:05.0222 4520 Appinfo - ok
18:16:05.0407 4520 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:16:05.0417 4520 Apple Mobile Device - ok
18:16:07.0170 4520 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:16:07.0250 4520 AppMgmt - ok
18:16:07.0307 4520 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:16:07.0322 4520 arc - ok
18:16:07.0392 4520 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:16:07.0402 4520 arcsas - ok
18:16:07.0797 4520 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:16:08.0002 4520 aspnet_state - ok
18:16:08.0067 4520 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:16:08.0185 4520 AsyncMac - ok
18:16:08.0287 4520 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:16:08.0297 4520 atapi - ok
18:16:09.0537 4520 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
18:16:09.0655 4520 atikmdag - ok
18:16:10.0127 4520 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:16:10.0192 4520 AudioEndpointBuilder - ok
18:16:10.0197 4520 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:16:10.0230 4520 AudioSrv - ok
18:16:10.0282 4520 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:16:10.0577 4520 AxInstSV - ok
18:16:10.0695 4520 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:16:10.0790 4520 b06bdrv - ok
18:16:10.0827 4520 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:16:10.0870 4520 b57nd60a - ok
18:16:10.0915 4520 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:16:10.0970 4520 BDESVC - ok
18:16:10.0980 4520 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:16:11.0032 4520 Beep - ok
18:16:11.0120 4520 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:16:11.0167 4520 BFE - ok
18:16:11.0237 4520 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:16:11.0312 4520 BITS - ok
18:16:11.0375 4520 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:16:11.0402 4520 blbdrive - ok
18:16:11.0517 4520 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:16:11.0537 4520 Bonjour Service - ok
18:16:11.0602 4520 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:16:11.0655 4520 bowser - ok
18:16:11.0710 4520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:16:11.0740 4520 BrFiltLo - ok
18:16:11.0757 4520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:16:11.0770 4520 BrFiltUp - ok
18:16:11.0813 4520 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:16:11.0870 4520 Browser - ok
18:16:11.0903 4520 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:16:11.0968 4520 Brserid - ok
18:16:11.0985 4520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:16:12.0020 4520 BrSerWdm - ok
18:16:12.0045 4520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:16:12.0075 4520 BrUsbMdm - ok
18:16:12.0078 4520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:16:12.0095 4520 BrUsbSer - ok
18:16:12.0158 4520 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:16:12.0203 4520 BthEnum - ok
18:16:12.0220 4520 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:16:12.0250 4520 BTHMODEM - ok
18:16:12.0283 4520 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:16:12.0305 4520 BthPan - ok
18:16:12.0364 4520 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:16:12.0406 4520 BTHPORT - ok
18:16:12.0431 4520 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:16:12.0484 4520 bthserv - ok
18:16:12.0504 4520 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:16:12.0526 4520 BTHUSB - ok
18:16:12.0564 4520 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:16:12.0626 4520 cdfs - ok
18:16:12.0699 4520 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:16:12.0739 4520 cdrom - ok
18:16:12.0806 4520 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:16:12.0861 4520 CertPropSvc - ok
18:16:12.0901 4520 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:16:12.0936 4520 circlass - ok
18:16:12.0976 4520 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:16:12.0996 4520 CLFS - ok
18:16:13.0051 4520 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:16:13.0061 4520 clr_optimization_v2.0.50727_32 - ok
18:16:13.0104 4520 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:16:13.0114 4520 clr_optimization_v2.0.50727_64 - ok
18:16:13.0224 4520 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:16:13.0287 4520 clr_optimization_v4.0.30319_32 - ok
18:16:13.0347 4520 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:16:13.0362 4520 clr_optimization_v4.0.30319_64 - ok
18:16:13.0384 4520 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:16:13.0412 4520 CmBatt - ok
18:16:13.0439 4520 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:16:13.0447 4520 cmdide - ok
18:16:13.0502 4520 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:16:13.0529 4520 CNG - ok
18:16:13.0567 4520 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:16:13.0574 4520 Compbatt - ok
18:16:13.0634 4520 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:16:13.0664 4520 CompositeBus - ok
18:16:13.0707 4520 COMSysApp - ok
18:16:13.0722 4520 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:16:13.0732 4520 crcdisk - ok
18:16:13.0787 4520 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:16:13.0834 4520 CryptSvc - ok
18:16:13.0882 4520 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:16:13.0962 4520 CSC - ok
18:16:13.0999 4520 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
18:16:14.0049 4520 CscService - ok
18:16:14.0122 4520 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:16:14.0194 4520 DcomLaunch - ok
18:16:14.0239 4520 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:16:14.0302 4520 defragsvc - ok
18:16:14.0382 4520 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:16:14.0434 4520 DfsC - ok
18:16:14.0504 4520 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:16:14.0567 4520 Dhcp - ok
18:16:14.0649 4520 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:16:14.0702 4520 discache - ok
18:16:14.0747 4520 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:16:14.0757 4520 Disk - ok
18:16:14.0839 4520 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:16:14.0914 4520 Dnscache - ok
18:16:14.0974 4520 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:16:15.0042 4520 dot3svc - ok
18:16:15.0097 4520 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:16:15.0157 4520 DPS - ok
18:16:15.0192 4520 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:16:15.0204 4520 drmkaud - ok
18:16:15.0247 4520 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:16:15.0257 4520 dtsoftbus01 - ok
18:16:15.0604 4520 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:16:15.0624 4520 DXGKrnl - ok
18:16:15.0674 4520 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:16:15.0722 4520 E1G60 - ok
18:16:15.0814 4520 EagleX64 - ok
18:16:15.0927 4520 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:16:15.0979 4520 EapHost - ok
18:16:16.0149 4520 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:16:16.0272 4520 ebdrv - ok
18:16:16.0389 4520 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:16:16.0437 4520 EFS - ok
18:16:16.0522 4520 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:16:16.0604 4520 ehRecvr - ok
18:16:16.0679 4520 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:16:16.0729 4520 ehSched - ok
18:16:16.0817 4520 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:16:16.0847 4520 elxstor - ok
18:16:16.0909 4520 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:16:16.0937 4520 ErrDev - ok
18:16:17.0027 4520 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
18:16:17.0034 4520 etdrv - ok
18:16:17.0067 4520 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:16:17.0124 4520 EventSystem - ok
18:16:17.0159 4520 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:16:17.0214 4520 exfat - ok
18:16:17.0239 4520 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:16:17.0289 4520 fastfat - ok
18:16:17.0449 4520 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:16:17.0522 4520 Fax - ok
18:16:17.0560 4520 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:16:17.0570 4520 fdc - ok
18:16:17.0605 4520 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:16:17.0660 4520 fdPHost - ok
18:16:17.0687 4520 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:16:17.0737 4520 FDResPub - ok
18:16:17.0855 4520 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:16:17.0865 4520 FileInfo - ok
18:16:17.0890 4520 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:16:17.0942 4520 Filetrace - ok
18:16:17.0982 4520 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:16:17.0992 4520 flpydisk - ok
18:16:18.0042 4520 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:16:18.0062 4520 FltMgr - ok
18:16:18.0125 4520 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:16:18.0205 4520 FontCache - ok
18:16:18.0292 4520 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:16:18.0300 4520 FontCache3.0.0.0 - ok
18:16:18.0350 4520 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:16:18.0362 4520 FsDepends - ok
18:16:18.0392 4520 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:16:18.0400 4520 Fs_Rec - ok
18:16:18.0455 4520 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:16:18.0472 4520 fvevol - ok
18:16:18.0497 4520 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:16:18.0507 4520 gagp30kx - ok
18:16:18.0557 4520 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
18:16:18.0562 4520 gdrv - ok
18:16:18.0642 4520 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:16:18.0647 4520 GEARAspiWDM - ok
18:16:18.0750 4520 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:16:18.0822 4520 gpsvc - ok
18:16:18.0887 4520 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
18:16:18.0897 4520 GVTDrv64 - ok
18:16:18.0922 4520 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:16:18.0970 4520 hcw85cir - ok
18:16:19.0027 4520 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:16:19.0050 4520 HdAudAddService - ok
18:16:19.0082 4520 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:16:19.0122 4520 HDAudBus - ok
18:16:19.0155 4520 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:16:19.0187 4520 HidBatt - ok
18:16:19.0245 4520 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:16:19.0282 4520 HidBth - ok
18:16:19.0310 4520 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:16:19.0342 4520 HidIr - ok
18:16:19.0382 4520 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:16:19.0445 4520 hidserv - ok
18:16:19.0520 4520 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:16:19.0527 4520 HidUsb - ok
18:16:19.0585 4520 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:16:19.0642 4520 hkmsvc - ok
18:16:19.0695 4520 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:16:19.0755 4520 HomeGroupListener - ok
18:16:19.0805 4520 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:16:19.0827 4520 HomeGroupProvider - ok
18:16:19.0877 4520 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:16:19.0890 4520 HpSAMD - ok
18:16:19.0962 4520 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:16:20.0027 4520 HTTP - ok
18:16:20.0070 4520 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:16:20.0080 4520 hwpolicy - ok
18:16:20.0140 4520 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:16:20.0165 4520 i8042prt - ok
18:16:20.0230 4520 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:16:20.0250 4520 iaStorV - ok
18:16:20.0328 4520 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:16:20.0358 4520 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:16:20.0358 4520 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:16:20.0583 4520 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:16:20.0618 4520 idsvc - ok
18:16:20.0728 4520 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:16:20.0738 4520 iirsp - ok
18:16:20.0801 4520 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:16:20.0871 4520 IKEEXT - ok
18:16:20.0953 4520 IntcAzAudAddService (6bcd9505f0ab48edda1ee250987b0eb4) C:\Windows\system32\drivers\RTKVHD64.sys
18:16:20.0976 4520 IntcAzAudAddService - ok
18:16:21.0101 4520 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:16:21.0108 4520 intelide - ok
18:16:21.0146 4520 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:16:21.0176 4520 intelppm - ok
18:16:21.0206 4520 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:16:21.0256 4520 IPBusEnum - ok
18:16:21.0298 4520 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:16:21.0333 4520 IpFilterDriver - ok
18:16:21.0393 4520 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:16:21.0436 4520 iphlpsvc - ok
18:16:21.0478 4520 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:16:21.0508 4520 IPMIDRV - ok
18:16:21.0546 4520 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:16:21.0583 4520 IPNAT - ok
18:16:21.0700 4520 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:16:21.0732 4520 iPod Service - ok
18:16:21.0765 4520 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:16:21.0797 4520 IRENUM - ok
18:16:21.0855 4520 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:16:21.0865 4520 isapnp - ok
18:16:21.0923 4520 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:16:21.0943 4520 iScsiPrt - ok
18:16:21.0998 4520 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:16:22.0005 4520 kbdclass - ok
18:16:22.0030 4520 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:16:22.0038 4520 kbdhid - ok
18:16:22.0078 4520 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:22.0088 4520 KeyIso - ok
18:16:22.0098 4520 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:16:22.0113 4520 KSecDD - ok
18:16:22.0123 4520 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:16:22.0135 4520 KSecPkg - ok
18:16:22.0150 4520 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:16:22.0198 4520 ksthunk - ok
18:16:22.0233 4520 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:16:22.0306 4520 KtmRm - ok
18:16:22.0389 4520 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:16:22.0449 4520 LanmanServer - ok
18:16:22.0516 4520 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:16:22.0566 4520 LanmanWorkstation - ok
18:16:22.0634 4520 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
18:16:22.0641 4520 LGBusEnum - ok
18:16:22.0691 4520 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
18:16:22.0699 4520 LGVirHid - ok
18:16:22.0731 4520 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:16:22.0786 4520 lltdio - ok
18:16:22.0831 4520 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:16:22.0886 4520 lltdsvc - ok
18:16:22.0916 4520 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:16:22.0944 4520 lmhosts - ok
18:16:22.0979 4520 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:16:22.0994 4520 LSI_FC - ok
18:16:23.0011 4520 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:16:23.0026 4520 LSI_SAS - ok
18:16:23.0041 4520 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:16:23.0049 4520 LSI_SAS2 - ok
18:16:23.0084 4520 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:16:23.0101 4520 LSI_SCSI - ok
18:16:23.0124 4520 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:16:23.0184 4520 luafv - ok
18:16:23.0351 4520 McComponentHostService (485405de203e88b3fe4294a2ea48d7ee) C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe
18:16:23.0371 4520 McComponentHostService - ok
18:16:23.0409 4520 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:16:23.0444 4520 Mcx2Svc - ok
18:16:23.0476 4520 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:16:23.0486 4520 megasas - ok
18:16:23.0506 4520 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:16:23.0529 4520 MegaSR - ok
18:16:23.0554 4520 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:16:23.0604 4520 MMCSS - ok
18:16:23.0634 4520 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:16:23.0684 4520 Modem - ok
18:16:23.0711 4520 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:16:23.0746 4520 monitor - ok
18:16:23.0806 4520 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:16:23.0816 4520 mouclass - ok
18:16:23.0821 4520 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:16:23.0856 4520 mouhid - ok
18:16:23.0891 4520 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:16:23.0906 4520 mountmgr - ok
18:16:23.0961 4520 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:16:23.0976 4520 MpFilter - ok
18:16:24.0021 4520 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:16:24.0036 4520 mpio - ok
18:16:24.0066 4520 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:16:24.0094 4520 mpsdrv - ok
18:16:24.0159 4520 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:16:24.0216 4520 MpsSvc - ok
18:16:24.0256 4520 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:16:24.0299 4520 MRxDAV - ok
18:16:24.0336 4520 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:16:24.0389 4520 mrxsmb - ok
18:16:24.0441 4520 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:16:24.0479 4520 mrxsmb10 - ok
18:16:24.0506 4520 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:16:24.0544 4520 mrxsmb20 - ok
18:16:24.0589 4520 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:16:24.0596 4520 msahci - ok
18:16:24.0641 4520 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:16:24.0659 4520 msdsm - ok
18:16:24.0684 4520 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:16:24.0739 4520 MSDTC - ok
18:16:24.0779 4520 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:16:24.0816 4520 Msfs - ok
18:16:24.0831 4520 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:16:24.0881 4520 mshidkmdf - ok
18:16:24.0924 4520 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:16:24.0934 4520 msisadrv - ok
18:16:24.0961 4520 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:16:25.0014 4520 MSiSCSI - ok
18:16:25.0016 4520 msiserver - ok
18:16:25.0061 4520 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:16:25.0111 4520 MSKSSRV - ok
18:16:25.0226 4520 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:16:25.0236 4520 MsMpSvc - ok
18:16:25.0266 4520 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:16:25.0316 4520 MSPCLOCK - ok
18:16:25.0344 4520 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:16:25.0389 4520 MSPQM - ok
18:16:25.0456 4520 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:16:25.0476 4520 MsRPC - ok
18:16:25.0519 4520 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:16:25.0529 4520 mssmbios - ok
18:16:25.0559 4520 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:16:25.0609 4520 MSTEE - ok
18:16:25.0644 4520 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:16:25.0651 4520 MTConfig - ok
18:16:25.0671 4520 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:16:25.0681 4520 Mup - ok
18:16:25.0739 4520 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:16:25.0806 4520 napagent - ok
18:16:25.0849 4520 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:16:25.0899 4520 NativeWifiP - ok
18:16:25.0999 4520 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:16:26.0039 4520 NDIS - ok
18:16:26.0084 4520 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:16:26.0134 4520 NdisCap - ok
18:16:26.0169 4520 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:16:26.0214 4520 NdisTapi - ok
18:16:26.0261 4520 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:16:26.0309 4520 Ndisuio - ok
18:16:26.0361 4520 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:16:26.0394 4520 NdisWan - ok
18:16:26.0431 4520 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:16:26.0481 4520 NDProxy - ok
18:16:26.0509 4520 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:16:26.0557 4520 NetBIOS - ok
18:16:26.0612 4520 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:16:26.0667 4520 NetBT - ok
18:16:26.0719 4520 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:26.0727 4520 Netlogon - ok
18:16:26.0772 4520 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:16:26.0834 4520 Netman - ok
18:16:26.0967 4520 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:16:27.0012 4520 NetMsmqActivator - ok
18:16:27.0014 4520 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:16:27.0024 4520 NetPipeActivator - ok
18:16:27.0067 4520 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:16:27.0132 4520 netprofm - ok
18:16:27.0137 4520 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:16:27.0144 4520 NetTcpActivator - ok
18:16:27.0147 4520 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:16:27.0154 4520 NetTcpPortSharing - ok
18:16:27.0199 4520 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:16:27.0209 4520 nfrd960 - ok
18:16:27.0242 4520 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:16:27.0257 4520 NisDrv - ok
18:16:27.0359 4520 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:16:27.0382 4520 NisSrv - ok
18:16:27.0449 4520 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:16:27.0509 4520 NlaSvc - ok
18:16:27.0547 4520 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:16:27.0574 4520 Npfs - ok
18:16:27.0594 4520 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:16:27.0639 4520 nsi - ok
18:16:27.0679 4520 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:16:27.0724 4520 nsiproxy - ok
18:16:27.0809 4520 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:16:27.0872 4520 Ntfs - ok
18:16:27.0962 4520 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:16:28.0007 4520 Null - ok
18:16:28.0072 4520 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:16:28.0087 4520 nvraid - ok
18:16:28.0117 4520 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:16:28.0129 4520 nvstor - ok
18:16:28.0184 4520 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:16:28.0199 4520 nv_agp - ok
18:16:28.0212 4520 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:16:28.0239 4520 ohci1394 - ok
18:16:28.0282 4520 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:16:28.0344 4520 p2pimsvc - ok
18:16:28.0367 4520 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:16:28.0387 4520 p2psvc - ok
18:16:28.0409 4520 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:16:28.0424 4520 Parport - ok
18:16:28.0464 4520 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:16:28.0472 4520 partmgr - ok
18:16:28.0504 4520 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
18:16:28.0512 4520 pavboot - ok
18:16:28.0534 4520 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:16:28.0574 4520 PcaSvc - ok
18:16:28.0614 4520 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:16:28.0627 4520 pci - ok
18:16:28.0639 4520 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:16:28.0649 4520 pciide - ok
18:16:28.0699 4520 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:16:28.0724 4520 pcmcia - ok
18:16:28.0739 4520 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:16:28.0747 4520 pcw - ok
18:16:28.0787 4520 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:16:28.0857 4520 PEAUTH - ok
18:16:28.0929 4520 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:16:29.0014 4520 PeerDistSvc - ok
18:16:29.0069 4520 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:16:29.0094 4520 PerfHost - ok
18:16:29.0225 4520 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:16:29.0315 4520 pla - ok
18:16:29.0411 4520 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:16:29.0446 4520 PlugPlay - ok
18:16:29.0474 4520 PnkBstrA - ok
18:16:29.0510 4520 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:16:29.0510 4520 PNRPAutoReg - ok
18:16:29.0540 4520 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:16:29.0555 4520 PNRPsvc - ok
18:16:29.0611 4520 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
18:16:29.0618 4520 Point64 - ok
18:16:29.0729 4520 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:16:29.0817 4520 PolicyAgent - ok
18:16:29.0854 4520 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:16:29.0919 4520 Power - ok
18:16:29.0980 4520 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:16:30.0051 4520 PptpMiniport - ok
18:16:30.0081 4520 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:16:30.0114 4520 Processor - ok
18:16:30.0149 4520 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:16:30.0206 4520 ProfSvc - ok
18:16:30.0266 4520 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:30.0276 4520 ProtectedStorage - ok
18:16:30.0670 4520 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:16:30.0718 4520 Psched - ok
18:16:30.0790 4520 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:16:30.0836 4520 ql2300 - ok
18:16:30.0954 4520 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:16:30.0969 4520 ql40xx - ok
18:16:30.0992 4520 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:16:31.0039 4520 QWAVE - ok
18:16:31.0062 4520 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:16:31.0099 4520 QWAVEdrv - ok
18:16:31.0122 4520 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:16:31.0164 4520 RasAcd - ok
18:16:31.0207 4520 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:16:31.0234 4520 RasAgileVpn - ok
18:16:31.0257 4520 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:16:31.0309 4520 RasAuto - ok
18:16:31.0369 4520 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:16:31.0421 4520 Rasl2tp - ok
18:16:31.0464 4520 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:16:31.0504 4520 RasMan - ok
18:16:31.0551 4520 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:16:31.0604 4520 RasPppoe - ok
18:16:31.0641 4520 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:16:31.0676 4520 RasSstp - ok
18:16:31.0734 4520 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:16:31.0804 4520 rdbss - ok
18:16:31.0829 4520 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:16:31.0861 4520 rdpbus - ok
18:16:31.0889 4520 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:16:31.0931 4520 RDPCDD - ok
18:16:31.0971 4520 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:16:31.0989 4520 RDPDR - ok
18:16:32.0004 4520 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:16:32.0051 4520 RDPENCDD - ok
18:16:32.0079 4520 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:16:32.0106 4520 RDPREFMP - ok
18:16:32.0161 4520 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:16:32.0204 4520 RdpVideoMiniport - ok
18:16:32.0237 4520 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:16:32.0259 4520 RDPWD - ok
18:16:32.0317 4520 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:16:32.0329 4520 rdyboost - ok
18:16:32.0354 4520 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:16:32.0404 4520 RemoteAccess - ok
18:16:32.0442 4520 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:16:32.0474 4520 RemoteRegistry - ok
18:16:32.0507 4520 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:16:32.0542 4520 RFCOMM - ok
18:16:32.0572 4520 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:16:32.0627 4520 RpcEptMapper - ok
18:16:32.0664 4520 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:16:32.0694 4520 RpcLocator - ok
18:16:32.0742 4520 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:16:32.0774 4520 RpcSs - ok
18:16:32.0799 4520 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:16:32.0829 4520 rspndr - ok
18:16:32.0869 4520 RTHDMIAzAudService (730c8393dfc90386d5a1ecb24dd6c614) C:\Windows\system32\drivers\RtHDMIVX.sys
18:16:32.0877 4520 RTHDMIAzAudService - ok
18:16:32.0919 4520 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:16:32.0959 4520 RTL8167 - ok
18:16:32.0999 4520 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:16:33.0047 4520 s3cap - ok
18:16:33.0092 4520 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:33.0099 4520 SamSs - ok
18:16:33.0224 4520 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:16:33.0232 4520 SASDIFSV - ok
18:16:33.0249 4520 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:16:33.0257 4520 SASKUTIL - ok
18:16:33.0302 4520 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:16:33.0317 4520 sbp2port - ok
18:16:33.0360 4520 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:16:33.0418 4520 SCardSvr - ok
18:16:33.0450 4520 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:16:33.0495 4520 scfilter - ok
18:16:33.0553 4520 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:16:33.0603 4520 Schedule - ok
18:16:33.0655 4520 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:16:33.0683 4520 SCPolicySvc - ok
18:16:33.0728 4520 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:16:33.0753 4520 SDRSVC - ok
18:16:33.0795 4520 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:16:33.0845 4520 secdrv - ok
18:16:33.0873 4520 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:16:33.0918 4520 seclogon - ok
18:16:33.0943 4520 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:16:33.0990 4520 SENS - ok
18:16:34.0015 4520 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:16:34.0035 4520 SensrSvc - ok
18:16:34.0055 4520 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:16:34.0083 4520 Serenum - ok
18:16:34.0116 4520 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:16:34.0155 4520 Serial - ok
18:16:34.0192 4520 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:16:34.0200 4520 sermouse - ok
18:16:34.0252 4520 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:16:34.0307 4520 SessionEnv - ok
18:16:34.0330 4520 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:16:34.0360 4520 sffdisk - ok
18:16:34.0382 4520 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:16:34.0415 4520 sffp_mmc - ok
18:16:34.0440 4520 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:16:34.0472 4520 sffp_sd - ok
18:16:34.0502 4520 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:16:34.0512 4520 sfloppy - ok
18:16:34.0547 4520 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:16:34.0607 4520 SharedAccess - ok
18:16:34.0665 4520 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:16:34.0727 4520 ShellHWDetection - ok
18:16:34.0765 4520 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:16:34.0775 4520 SiSRaid2 - ok
18:16:34.0787 4520 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:16:34.0797 4520 SiSRaid4 - ok
18:16:34.0907 4520 sj (4523268768f70049ea95ffdf8354b4fa) C:\AeriaGames\EdenEternal\sjcs64.sys
18:16:34.0915 4520 sj - ok
18:16:34.0945 4520 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:16:34.0997 4520 Smb - ok
18:16:35.0067 4520 SNMP (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe
18:16:35.0087 4520 SNMP - ok
18:16:35.0102 4520 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:16:35.0130 4520 SNMPTRAP - ok
18:16:35.0175 4520 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:16:35.0182 4520 spldr - ok
18:16:35.0250 4520 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:16:35.0287 4520 Spooler - ok
18:16:35.0548 4520 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:16:35.0713 4520 sppsvc - ok
18:16:35.0810 4520 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:16:35.0860 4520 sppuinotify - ok
18:16:35.0945 4520 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:16:36.0013 4520 srv - ok
18:16:36.0063 4520 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:16:36.0103 4520 srv2 - ok
18:16:36.0133 4520 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:16:36.0165 4520 srvnet - ok
18:16:36.0210 4520 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:16:36.0273 4520 SSDPSRV - ok
18:16:36.0298 4520 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:16:36.0325 4520 SstpSvc - ok
18:16:36.0435 4520 Steam Client Service - ok
18:16:36.0468 4520 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:16:36.0475 4520 stexstor - ok
18:16:36.0533 4520 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:16:36.0580 4520 stisvc - ok
18:16:36.0610 4520 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:16:36.0618 4520 storflt - ok
18:16:36.0673 4520 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:16:36.0683 4520 storvsc - ok
18:16:36.0725 4520 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:16:36.0733 4520 swenum - ok
18:16:36.0783 4520 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:16:36.0848 4520 swprv - ok
18:16:36.0868 4520 Synth3dVsc - ok
18:16:36.0963 4520 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:16:37.0038 4520 SysMain - ok
18:16:37.0151 4520 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:16:37.0171 4520 TabletInputService - ok
18:16:37.0208 4520 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:16:37.0266 4520 TapiSrv - ok
18:16:37.0301 4520 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:16:37.0348 4520 TBS - ok
18:16:37.0463 4520 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:16:37.0526 4520 Tcpip - ok
18:16:37.0678 4520 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:16:37.0708 4520 TCPIP6 - ok
18:16:37.0798 4520 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:16:37.0843 4520 tcpipreg - ok
18:16:37.0873 4520 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:16:37.0924 4520 TDPIPE - ok
18:16:37.0956 4520 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:16:37.0981 4520 TDTCP - ok
18:16:38.0016 4520 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:16:38.0049 4520 tdx - ok
18:16:38.0219 4520 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:16:38.0256 4520 TeamViewer7 - ok
18:16:38.0389 4520 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
18:16:38.0396 4520 teamviewervpn - ok
18:16:38.0444 4520 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:16:38.0451 4520 TermDD - ok
18:16:38.0509 4520 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:16:38.0571 4520 TermService - ok
18:16:38.0614 4520 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:16:38.0651 4520 Themes - ok
18:16:38.0699 4520 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:16:38.0726 4520 THREADORDER - ok
18:16:38.0734 4520 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:16:38.0789 4520 TrkWks - ok
18:16:38.0856 4520 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:16:38.0904 4520 TrustedInstaller - ok
18:16:38.0941 4520 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:16:38.0966 4520 tssecsrv - ok
18:16:39.0021 4520 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:16:39.0041 4520 TsUsbFlt - ok
18:16:39.0046 4520 tsusbhub - ok
18:16:39.0101 4520 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:16:39.0149 4520 tunnel - ok
18:16:39.0181 4520 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:16:39.0189 4520 uagp35 - ok
18:16:39.0244 4520 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:16:39.0301 4520 udfs - ok
18:16:39.0341 4520 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:16:39.0376 4520 UI0Detect - ok
18:16:39.0441 4520 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:16:39.0451 4520 uliagpkx - ok
18:16:39.0469 4520 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:16:39.0474 4520 umbus - ok
18:16:39.0499 4520 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:16:39.0507 4520 UmPass - ok
18:16:39.0544 4520 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
18:16:39.0587 4520 UmRdpService - ok
18:16:39.0629 4520 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:16:39.0707 4520 upnphost - ok
18:16:39.0759 4520 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:16:39.0774 4520 USBAAPL64 - ok
18:16:39.0817 4520 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:16:39.0844 4520 usbccgp - ok
18:16:39.0899 4520 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:16:39.0914 4520 usbcir - ok
18:16:39.0932 4520 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:16:39.0959 4520 usbehci - ok
18:16:40.0007 4520 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:16:40.0047 4520 usbhub - ok
18:16:40.0069 4520 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:16:40.0097 4520 usbohci - ok
18:16:40.0132 4520 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:16:40.0164 4520 usbprint - ok
18:16:40.0204 4520 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
18:16:40.0244 4520 USBSTOR - ok
18:16:40.0269 4520 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:16:40.0297 4520 usbuhci - ok
18:16:40.0514 4520 usj (659ba43f61fc37609288a5340a8d37d4) C:\AeriaGames\EdenEternal\avital\ussjcs64.sys
18:16:40.0557 4520 usj - ok
18:16:40.0587 4520 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:16:40.0659 4520 UxSms - ok
18:16:40.0697 4520 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:16:40.0704 4520 VaultSvc - ok
18:16:40.0757 4520 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:16:40.0764 4520 vdrvroot - ok
18:16:40.0837 4520 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:16:40.0879 4520 vds - ok
18:16:40.0927 4520 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:16:40.0939 4520 vga - ok
18:16:40.0957 4520 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:16:41.0002 4520 VgaSave - ok
18:16:41.0004 4520 VGPU - ok
18:16:41.0047 4520 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:16:41.0059 4520 vhdmp - ok
18:16:41.0097 4520 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:16:41.0107 4520 viaide - ok
18:16:41.0127 4520 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:16:41.0139 4520 vmbus - ok
18:16:41.0152 4520 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:16:41.0182 4520 VMBusHID - ok
18:16:41.0214 4520 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:16:41.0222 4520 volmgr - ok
18:16:41.0269 4520 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:16:41.0289 4520 volmgrx - ok
18:16:41.0339 4520 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:16:41.0362 4520 volsnap - ok
18:16:41.0397 4520 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:16:41.0409 4520 vsmraid - ok
18:16:41.0495 4520 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:16:41.0585 4520 VSS - ok
18:16:41.0690 4520 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:16:41.0717 4520 vwifibus - ok
18:16:41.0767 4520 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:16:41.0810 4520 W32Time - ok
18:16:41.0830 4520 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:16:41.0840 4520 WacomPen - ok
18:16:41.0895 4520 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:16:41.0930 4520 WANARP - ok
18:16:41.0940 4520 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:16:41.0965 4520 Wanarpv6 - ok
18:16:42.0062 4520 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:16:42.0112 4520 wbengine - ok
18:16:42.0190 4520 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:16:42.0215 4520 WbioSrvc - ok
18:16:42.0270 4520 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:16:42.0295 4520 wcncsvc - ok
18:16:42.0305 4520 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:16:42.0357 4520 WcsPlugInService - ok
18:16:42.0385 4520 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:16:42.0395 4520 Wd - ok
18:16:42.0427 4520 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:16:42.0457 4520 Wdf01000 - ok
18:16:42.0470 4520 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:16:42.0537 4520 WdiServiceHost - ok
18:16:42.0542 4520 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:16:42.0555 4520 WdiSystemHost - ok
18:16:42.0612 4520 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:16:42.0687 4520 WebClient - ok
18:16:42.0732 4520 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:16:42.0790 4520 Wecsvc - ok
18:16:42.0817 4520 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:16:42.0852 4520 wercplsupport - ok
18:16:42.0865 4520 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:16:42.0917 4520 WerSvc - ok
18:16:42.0975 4520 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:16:43.0002 4520 WfpLwf - ok
18:16:43.0010 4520 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:16:43.0028 4520 WIMMount - ok
18:16:43.0058 4520 WinDefend - ok
18:16:43.0070 4520 WinHttpAutoProxySvc - ok
18:16:43.0108 4520 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:16:43.0173 4520 Winmgmt - ok
18:16:43.0263 4520 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:16:43.0343 4520 WinRM - ok
18:16:43.0459 4520 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:16:43.0492 4520 WinUsb - ok
18:16:43.0547 4520 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:16:43.0604 4520 Wlansvc - ok
18:16:43.0784 4520 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:16:43.0862 4520 wlidsvc - ok
18:16:43.0987 4520 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:16:44.0019 4520 WmiAcpi - ok
18:16:44.0079 4520 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:16:44.0112 4520 wmiApSrv - ok
18:16:44.0159 4520 WMPNetworkSvc - ok
18:16:44.0187 4520 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:16:44.0204 4520 WPCSvc - ok
18:16:44.0232 4520 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:16:44.0257 4520 WPDBusEnum - ok
18:16:44.0290 4520 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:16:44.0335 4520 ws2ifsl - ok
18:16:44.0340 4520 WSearch - ok
18:16:44.0450 4520 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:16:44.0547 4520 wuauserv - ok
18:16:44.0665 4520 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:16:44.0715 4520 WudfPf - ok
18:16:44.0800 4520 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:16:44.0872 4520 WUDFRd - ok
18:16:44.0902 4520 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:16:44.0932 4520 wudfsvc - ok
18:16:44.0955 4520 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:16:45.0000 4520 WwanSvc - ok
18:16:45.0057 4520 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:16:45.0210 4520 \Device\Harddisk0\DR0 - ok
18:16:45.0367 4520 MBR (0x1B8) (f00f65623ce0296e8ef44b4f7eecf685) \Device\Harddisk1\DR1
18:21:50.0086 4520 \Device\Harddisk1\DR1 - ok
18:21:50.0109 4520 Boot (0x1200) (f56491357f6ba883ce1f0c6a9a7e8391) \Device\Harddisk0\DR0\Partition0
18:21:50.0134 4520 \Device\Harddisk0\DR0\Partition0 - ok
18:21:50.0149 4520 Boot (0x1200) (ffaf2f3c9df2cba1da79bde988e03cc1) \Device\Harddisk0\DR0\Partition1
18:21:50.0191 4520 \Device\Harddisk0\DR0\Partition1 - ok
18:21:50.0191 4520 ============================================================
18:21:50.0191 4520 Scan finished
18:21:50.0191 4520 ============================================================
18:21:50.0199 4196 Detected object count: 1
18:21:50.0199 4196 Actual detected object count: 1
18:21:54.0986 4196 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:54.0986 4196 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:00.0397 5780 Deinitialize success
Geändert von danke (02.07.2012 um 18:06 Uhr) |
|
03.07.2012, 11:16
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
03.07.2012, 18:54
| #19 |
| | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Combofix Logfile: Code:
ATTFilter ComboFix 12-07-02.01 - Fab 03.07.2012 19:38:08.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4094.2605 [GMT 2:00]
ausgeführt von:: c:\users\Fab\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\483D\87B9.tmp
c:\users\Fab\AppData\Local\assembly\tmp
c:\users\Fab\AppData\Roaming\edxLabs
c:\users\Fab\AppData\Roaming\edxLabs\edxSilkroadLoader5\analyzer\log\242409.txt
c:\users\Fab\AppData\Roaming\edxLabs\edxSilkroadLoader5\edxSilkroadLoader5.ini
c:\users\Fab\AppData\Roaming\Microsoft\Google
c:\users\Fab\AppData\Roaming\Microsoft\Google\s.txt
c:\users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Internet Explorer.lnk
c:\windows\SysWow64\gmail.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-03 bis 2012-07-03 ))))))))))))))))))))))))))))))
.
.
2012-07-03 17:46 . 2012-07-03 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 17:16 . 2012-07-03 17:16 -------- d-----w- c:\program files\iPod
2012-07-03 17:16 . 2012-07-03 17:17 -------- d-----w- c:\program files\iTunes
2012-07-03 17:16 . 2012-07-03 17:17 -------- d-----w- c:\program files (x86)\iTunes
2012-07-03 16:39 . 2012-06-21 13:16 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-07-03 16:39 . 2012-06-21 13:16 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3CF40356-3E0D-4355-9EED-25F7E39E833E}\gapaengine.dll
2012-07-03 16:38 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62F42FB6-4614-45F4-8E6A-502739708E61}\mpengine.dll
2012-07-01 16:52 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-30 06:52 . 2012-06-30 06:52 -------- d-----w- c:\program files (x86)\Games
2012-06-30 04:29 . 2012-06-30 04:29 -------- d-----w- c:\users\Fab\AppData\Local\Macromedia
2012-06-28 04:01 . 2012-06-28 04:01 -------- d-----w- c:\program files (x86)\Drakensang Online
2012-06-22 07:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 07:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 07:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 07:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 07:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 07:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 07:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 07:56 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 07:56 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 22:45 . 2012-06-20 22:45 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-20 22:45 . 2012-06-20 22:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-20 14:25 . 2012-05-18 01:59 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-20 14:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-20 14:23 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-06-20 02:13 . 2012-06-20 02:13 -------- d-----w- c:\programdata\McAfee Security Scan
2012-06-20 02:12 . 2012-06-20 02:12 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-06-20 02:12 . 2012-06-20 02:12 -------- d-----w- c:\programdata\McAfee
2012-06-20 01:19 . 2012-06-20 01:19 -------- d-----w- c:\users\Fab\AppData\Roaming\f-secure
2012-06-20 01:18 . 2012-06-20 01:18 -------- d-----w- c:\programdata\F-Secure
2012-06-20 01:05 . 2012-06-20 01:05 -------- d-----w- c:\users\Fab\AppData\Roaming\QuickScan
2012-06-20 01:05 . 2009-06-30 08:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2012-06-20 01:04 . 2012-06-20 01:04 -------- d-----w- c:\program files (x86)\Panda Security
2012-06-19 23:41 . 2012-06-19 23:41 -------- d-----w- c:\program files\CCleaner
2012-06-19 21:12 . 2012-06-19 21:12 -------- d-----w- c:\users\Fab\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 21:11 . 2012-06-19 21:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-19 21:11 . 2012-06-19 21:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-19 21:01 . 2012-06-19 21:01 -------- d-----w- c:\program files (x86)\ESET
2012-06-19 00:12 . 2012-06-19 00:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-19 00:12 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-18 23:58 . 2012-07-02 15:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-18 22:48 . 2012-06-18 22:48 114688 --sha-r- c:\windows\SysWow64\fdBthk.dll
2012-06-14 15:52 . 2012-06-14 16:58 -------- d-----w- c:\program files (x86)\Silkroad
2012-06-14 15:45 . 2012-06-14 15:44 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:33 . 2011-03-29 20:00 20544 ----a-w- c:\windows\gdrv.sys
2012-06-30 03:51 . 2012-06-30 03:51 345256 ----a-w- C:\TDSS Killer Logs.zip
2012-06-27 08:34 . 2012-04-03 12:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-27 08:34 . 2011-05-14 19:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-17 22:11 . 2012-04-30 12:01 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-17 22:11 . 2012-04-30 11:42 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-14 15:44 . 2011-05-23 18:10 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-30 14:57 . 2011-03-29 20:17 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-05-29 08:47 . 2011-04-01 14:26 25640 ----a-w- c:\windows\etdrv.sys
2012-05-09 10:21 . 2012-04-27 12:11 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 10:21 . 2011-04-01 14:09 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-30 21:45 . 2012-04-30 11:42 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-30 11:42 . 2012-04-30 11:42 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2012-04-06 02:00 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-07-13 21:59 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-05-29 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-05-30 30528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe [2012-03-13 237272]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [2012-03-05 47224]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 usj;usj;c:\aeriagames\EdenEternal\avital\ussjcs64.sys [2012-06-07 89560]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-07 254528]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-04-01 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-04-01 16008]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-03 c:\windows\Tasks\fkykjgjgph.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000Core.job
- c:\users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 17:45]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000UA.job
- c:\users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 17:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-27 6471200]
"Skytel"="Skytel.exe" [2008-08-27 1833504]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.klassikradio.de/liveplayer.php
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Fab\AppData\Roaming\Mozilla\Firefox\Profiles\jiwpuw59.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-39480465.sys
SafeBoot-95626647.sys
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-G.O.M - c:\windows\system32\usetup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%I*ï*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%I*ï*\OpenWithList]
@Class="Shell"
"a"="WORDPAD.EXE"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%I*ï*\OpenWithProgids]
"¦Iï_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000_Classes\.*’%I*ï*]
@Allowed: (Read) (RestrictedCode)
@="¦Iï_auto_file"
.
[HKEY_USERS\S-1-5-21-2128012257-4040431425-2058212726-1000_Classes\’%I*ï*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@=expand:"\"%ProgramFiles%\\Windows NT\\Accessories\\WORDPAD.EXE\" \"%1\""
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-03 19:48:50
ComboFix-quarantined-files.txt 2012-07-03 17:48
.
Vor Suchlauf: 12 Verzeichnis(se), 37.046.099.968 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 38.885.548.032 Bytes frei
.
- - End Of File - - 0E11C4EB33DF6A0988CD800DC266D18D
|
|
04.07.2012, 16:12
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.07.2012, 17:41
| #21 |
| | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt hier die logs: gmer log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-04 17:51:21
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a9401d483
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a9401d483 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.¦Iï\OpenWithProgids@\x2019%I\0ï\0_\0a\0u\0t\0o\0_\0f\0i\0l\0e
---- EOF - GMER 1.0.15 ----
osam log : OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:54:51 on 04.07.2012 OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Opera Software Opera Internet Browser 12.00 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "fkykjgjgph.job" - ? - C:\Windows\SysWOW64\fdBthk.dll (File is exclusively opened, access blocked | File found, but it contains no detailed information) "GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000Core.job" - "Google Inc." - C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000UA.job" - "Google Inc." - C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Pando" - "Pando Networks" - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys (File not found) "AODDriver4.0" (AODDriver4.0) - "Advanced Micro Devices" - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "EagleX64" (EagleX64) - ? - C:\Windows\system32\drivers\EagleX64.sys (File not found) "etdrv" (etdrv) - "Windows (R) Server 2003 DDK provider" - C:\Windows\etdrv.sys "gdrv" (gdrv) - "Windows (R) Server 2003 DDK provider" - C:\Windows\gdrv.sys "GVTDrv64" (GVTDrv64) - ? - C:\Windows\GVTDrv64.sys (File found, but it contains no detailed information) "pavboot" (pavboot) - "Panda Security, S.L." - C:\Windows\System32\drivers\pavboot64.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS "sj" (sj) - ? - C:\AeriaGames\EdenEternal\sjcs64.sys (File found, but it contains no detailed information) "Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys (File not found) "usj" (usj) - ? - C:\AeriaGames\EdenEternal\avital\ussjcs64.sys (File found, but it contains no detailed information) "VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? - (File not found | COM-object registry key not found) {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {9191F686-7F0A-441D-8A98-2FE3AC1BD913} "ActiveScan 2.0 Installer Class" - "Panda Security" - C:\Windows\Downloaded Program Files\as2stubie.dll / hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "Bitdefender QuickScan Control" - "Bitdefender LLC" - C:\Windows\DOWNLO~1\qsax.dll / hxxp://quickscan.bitdefender.com/qsax/qsax.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" - "Symantec Corporation" - C:\Windows\Downloaded Program Files\avsniff.dll / hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab {644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" - "Symantec Corporation" - C:\Windows\Downloaded Program Files\rufsi.dll / hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll "ICQ7.5" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.5\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- Locked "Locked" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "MobileDocuments" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- "FlashPlayerUpdate" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -update plugin -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start "iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "AMD FUEL Service" (AMD FUEL Service) - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File not found) "SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] aswmbr log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-04 17:55:53
-----------------------------
17:55:53.155 OS Version: Windows x64 6.1.7601 Service Pack 1
17:55:53.155 Number of processors: 2 586 0x4303
17:55:53.156 ComputerName: FAB UserName: Fab
17:55:53.787 Initialize success
17:56:44.324 AVAST engine defs: 12070400
17:56:52.077 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:56:52.093 Disk 0 Vendor: MAXTOR_STM3250310AS 4.AAA Size: 238474MB BusType: 3
17:56:52.093 Disk 0 MBR read successfully
17:56:52.109 Disk 0 MBR scan
17:56:52.109 Disk 0 Windows 7 default MBR code
17:56:52.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:56:52.124 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238372 MB offset 206848
17:56:52.140 Disk 0 scanning C:\Windows\system32\drivers
17:57:02.186 Service scanning
17:57:17.493 Modules scanning
17:57:17.493 Disk 0 trace - called modules:
17:57:17.508 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:57:17.524 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004922060]
17:57:17.524 3 CLASSPNP.SYS[fffff88001bae43f] -> nt!IofCallDriver -> [0xfffffa80047d8520]
17:57:17.524 5 ACPI.sys[fffff88000eda7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80047ce680]
17:57:18.257 AVAST engine scan C:\Windows
17:57:21.408 AVAST engine scan C:\Windows\system32
18:00:35.801 AVAST engine scan C:\Windows\system32\drivers
18:00:47.408 AVAST engine scan C:\Users\Fab
18:33:18.743 AVAST engine scan C:\ProgramData
18:34:35.264 Scan finished successfully
18:39:19.013 Disk 0 MBR has been saved successfully to "C:\Users\Fab\Desktop\MBR.dat"
18:39:19.028 The log file has been saved successfully to "C:\Users\Fab\Desktop\aswMBR log.txt"
|
|
05.07.2012, 09:43
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblocktCode:
ATTFilter "fkykjgjgph.job" - ? - C:\Windows\SysWOW64\fdBthk.dll (File is exclusively opened, access blocked | File found, but it contains no detailed information)
Mach danach einen Neustart und ein neues Log mit OSAM
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2012, 13:56
| #23 |
| | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt ok das wars danke microsoft se startet nun wieder und bekomme auch keine redirects mehr aber mir ist jetzt aufgefallen das der windows sicherheitscenterdienst auch die ganze zeit deaktiviert war und sich immernoch nich wieder aktivieren lässt hier der neue osam log : Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:48:09 on 05.07.2012 OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Opera Software Opera Internet Browser 12.00 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Common %SystemRoot%\Tasks |||| "GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000Core.job" "Google Inc." C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe File exists |||| "GoogleUpdateTaskUserS-1-5-21-2128012257-4040431425-2058212726-1000UA.job" "Google Inc." C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe File exists Control Panel Objects HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls "Pando" "Pando Networks" C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl File exists "QuickTime" "Apple Inc." C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services "@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) C:\Windows\System32\drivers\tsusbhub.sys File not found "AODDriver4.0" (AODDriver4.0) "Advanced Micro Devices" C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File exists "catchme" (catchme) C:\ComboFix\catchme.sys File not found "EagleX64" (EagleX64) C:\Windows\system32\drivers\EagleX64.sys File not found |||||| "etdrv" (etdrv) "Windows (R) Server 2003 DDK provider" C:\Windows\etdrv.sys File exists |||||| "gdrv" (gdrv) "Windows (R) Server 2003 DDK provider" C:\Windows\gdrv.sys File exists |||||| "GVTDrv64" (GVTDrv64) C:\Windows\GVTDrv64.sys File found, but it contains no detailed information |||||| "pavboot" (pavboot) "Panda Security, S.L." C:\Windows\System32\drivers\pavboot64.sys File exists |||||| "SASDIFSV" (SASDIFSV) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS File exists |||||| "SASKUTIL" (SASKUTIL) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS File exists "sj" (sj) C:\AeriaGames\EdenEternal\sjcs64.sys File found, but it contains no detailed information "Synth3dVsc" (Synth3dVsc) C:\Windows\System32\drivers\synth3dvsc.sys File not found "usj" (usj) C:\AeriaGames\EdenEternal\avital\ussjcs64.sys File found, but it contains no detailed information "VGPU" (VGPU) C:\Windows\System32\drivers\rdvgkmd.sys File not found Explorer HKLM\Software\Classes\Folder\shellex\ColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists |||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists HKLM\Software\Classes\Protocols\Handler |||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File exists |||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" File not found | COM-object registry key not found || {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" "DivX, Inc." C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll File exists || {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" "DivX, Inc." C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll File exists |||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll File exists |||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists |||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser ITBar7Height "ITBar7Height" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||||| {9191F686-7F0A-441D-8A98-2FE3AC1BD913} "ActiveScan 2.0 Installer Class" hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab "Panda Security" C:\Windows\Downloaded Program Files\as2stubie.dll File exists {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "Bitdefender QuickScan Control" hxxp://quickscan.bitdefender.com/qsax/qsax.cab "Bitdefender LLC" C:\Windows\DOWNLO~1\qsax.dll File exists {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll File exists {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll File exists {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll File exists {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll File exists {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" hxxp://download.eset.com/special/eos/OnlineScanner.cab "ESET" C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX File exists {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx File exists |||||| {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} "Symantec AntiVirus scanner" hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab "Symantec Corporation" C:\Windows\Downloaded Program Files\avsniff.dll File exists |||||| {644E432F-49D3-41A1-8DD5-E099162EEEC5} "Symantec RuFSI Utility Class" hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab "Symantec Corporation" C:\Windows\Downloaded Program Files\rufsi.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File exists |||| "ICQ7.5" "ICQ, LLC." C:\Program Files (x86)\ICQ7.5\ICQ.exe File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar Locked "Locked" File not found | COM-object registry key not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 "DivX, LLC" C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll File exists {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File exists {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" "Sun Microsystems, Inc." C:\Program Files (x86)\Java\jre6\bin\ssv.dll File exists |||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" "Microsoft Corp." C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists |||| {9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" "Microsoft Corporation" C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File exists LSA Providers HKLM\SYSTEM\CurrentControlSet\Control\Lsa |||||| "Security Packages" "Microsoft Corp." C:\Windows\system32\livessp.dll File exists Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |||| "DAEMON Tools Lite" "DT Soft Ltd" "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File exists |||| "ISUSPM Startup" "InstallShield Software Corporation" C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File exists "MobileDocuments" "Apple Inc." C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File exists "SUPERAntiSpyware" "SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists "AppleSyncNotifier" "Apple Inc." C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe File exists "APSDaemon" "Apple Inc." "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" File exists "DivXUpdate" "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File exists |||| "ISUSScheduler" "InstallShield Software Corporation" "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start File exists "iTunesHelper" "Apple Inc." "C:\Program Files (x86)\iTunes\iTunesHelper.exe" File exists "QuickTime Task" "Apple Inc." "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime File exists "StartCCC" "Advanced Micro Devices, Inc." "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" File exists Services HKLM\SYSTEM\CurrentControlSet\Services "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" File not found "@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) "Microsoft Corporation" c:\Program Files\Microsoft Security Client\NisSrv.exe File exists || "Adobe Acrobat Update Service" (AdobeARMservice) "Adobe Systems Incorporated" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe File exists "AMD FUEL Service" (AMD FUEL Service) "Advanced Micro Devices, Inc." C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe File exists "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists |||||| "ASP.NET-Zustandsdienst" (aspnet_state) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe File exists |||||| "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists |||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe File exists "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists |||||| "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe File exists |||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists "Microsoft Antimalware Service" (MsMpSvc) "Microsoft Corporation" c:\Program Files\Microsoft Security Client\MsMpEng.exe File exists "PnkBstrA" (PnkBstrA) C:\Windows\system32\PnkBstrA.exe File not found |||||| "SAS Core Service" (!SASCORE) "SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File exists "Steam Client Service" (Steam Client Service) "Valve Corporation" C:\Program Files (x86)\Common Files\Steam\SteamService.exe File exists "TeamViewer 7" (TeamViewer7) "TeamViewer GmbH" C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe File exists |||||| "Windows Live ID Sign-in Assistant" (wlidsvc) "Microsoft Corp." C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE File exists Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries |||||| "mdnsNSP" "Apple Inc." C:\Program Files (x86)\Bonjour\mdnsNSP.dll File exists |||||| "WindowsLive Local NSP" "Microsoft Corp." C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File exists |||||| "WindowsLive NSP" "Microsoft Corp." C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
05.07.2012, 15:57
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2012, 17:55
| #25 |
| | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt super anti spyware zeigt wieder diese tracking coockies an hier das log Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/05/2012 at 06:52 PM
Application Version : 5.1.1002
Core Rules Database Version : 8848
Trace Rules Database Version: 6660
Scan type : Complete Scan
Total Scan Time : 01:37:07
Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 927
Memory threats detected : 0
Registry items scanned : 66179
Registry threats detected : 0
File items scanned : 100973
File threats detected : 21
Adware.Tracking Cookie
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\SITEZUKU.txt [ /ero-advertising.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\B1X2NJVG.txt [ /track.adform.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\TB4PPF6B.txt [ /ads.us.e-planning.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\RWXDKWTH.txt [ /adform.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\521M0JME.txt [ /ad.adition.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\UNZHMGH4.txt [ /casalemedia.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EVAMZA32.txt [ /atdmt.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\OAFO8ED9.txt [ /ad.yieldmanager.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LSRL5VI2.txt [ /adtech.de ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\P2EAPVGW.txt [ /adfarm1.adition.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HGJ71SX6.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\AZUPYLFG.txt [ /ad4.adfarm1.adition.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\VCYH8L98.txt [ /doubleclick.net ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\9YDR26WD.txt [ /adbrite.com ]
C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\0SG124M3.txt [ /ad.360yield.com ]
C:\USERS\FAB\Cookies\521M0JME.txt [ Cookie:fab@ad.adition.net/ ]
C:\USERS\FAB\Cookies\EVAMZA32.txt [ Cookie:fab@atdmt.com/ ]
C:\USERS\FAB\Cookies\LSRL5VI2.txt [ Cookie:fab@adtech.de/ ]
C:\USERS\FAB\Cookies\AZUPYLFG.txt [ Cookie:fab@ad4.adfarm1.adition.com/ ]
C:\USERS\FAB\Cookies\VCYH8L98.txt [ Cookie:fab@doubleclick.net/ ]
C:\USERS\FAB\Cookies\9YDR26WD.txt [ Cookie:fab@adbrite.com/ ]
malwarebytes log : Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.05.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Fab :: FAB [Administrator] 05.07.2012 15:32:54 mbam-log-2012-07-05 (15-32-54).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 445818 Laufzeit: 2 Stunde(n), 43 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von danke (05.07.2012 um 18:00 Uhr) |
|
05.07.2012, 20:06
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2012, 20:37
| #27 |
| | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt es ist alles wieder in ordnung ich kann dir gar nicht genug danken echt hammer das wir es geschafft haben diese blöde sache zu finden. hdl und hoffe dieser beitrag hilft vielen anderen, und passt auf was ihr downloaded leute. tschüss |
|
05.07.2012, 21:00
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt |
| 7-zip, acrobat update, adblock, adware, akamai, battle.net, bho, bonjour, browser, downloader, error, exe, fb photo zoom, firefox, flash player, format, helper, iexplore.exe, install.exe, langs, launch, object, plug-in, prozesse, realtek, registry, rundll, schlimm?, schreibfehler, searchscopes, security, server, software, start von windows, starten, svchost.exe, teamspeak, windows, wrapper |
Linear-Darstellung
