| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: spam-mails von hotmail-account verschickt --> trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.06.2012, 15:08
| #1 |
| |  spam-mails von hotmail-account verschickt --> trojaner? Liebes Forum, mit Schrecken musste ich heut morgen feststellen, dass von meinem Hotmail-Account Spam-Mails verschickt wurden; und zwar an mein gesamtes Adressbuch (inkl. an mich selbst). In dieser Mail war lediglich ein Link enthalten. Da ich nicht in Internet-Cafes verkehre und auch sonst niemand Einsicht in meine Zugangsdaten hat, gehe ich davon aus, dass es sich um irgendeine Art von schädlicher/böswilliger Software handeln muss, die sich auf meinem Laptop eingeschlichen haben muss. Leider zeigt mein Virenscanner (Avira AntiVir) keinen Fund an; ein Quickscan mit Malwarebytes war ebenfalls erfolglos. Ich habe mich an die Regeln des Forums gehalten und die empfohlenen Programme durchlaufen lassen, hier also die logfiles. (OTL generierte komischerweise nur eine .txt-Datei; keine Ahnung was ich falsch gemacht habe) Für eure Hilfe bin euch jetzt schon sehr dankbar. Ich denke, es wird sinnvoll sein sämtliche Passwörter zu erneuern; wohl aber erst nach Bereinigung, oder? EDIT: Mein Freund hat zuvor die host-Datei (?) mittels Microsoft Fix It zurückgesetzt, weil er meint, dass sich viele Viren darüber Zugang zum PC verschaffen. OTL.txt Logfile OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.06.2012 15:41:40 - Run 3 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Marilena\Desktop\neu 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 64,62% Memory free 7,73 Gb Paging File | 6,12 Gb Available in Paging File | 79,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,56 Gb Total Space | 380,11 Gb Free Space | 83,99% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,68% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 92,53 Mb Free Space | 93,44% Space Free | Partition Type: FAT32 Computer Name: MARILENA-PC | User Name: Marilena | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.28 14:42:14 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Marilena\Desktop\neu\OTL.exe PRC - [2012.05.09 22:09:56 | 000,653,776 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.05.09 22:09:18 | 000,535,504 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.23 11:28:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.23 08:59:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.09 22:09:18 | 000,535,504 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011.03.28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.01.11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.09 21:56:23 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.05.09 21:55:11 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.05 10:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {37FFFC4D-CB7D-4423-81EF-B0D09905A266} IE:64bit: - HKLM\..\SearchScopes\{37FFFC4D-CB7D-4423-81EF-B0D09905A266}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {37FFFC4D-CB7D-4423-81EF-B0D09905A266} IE - HKLM\..\SearchScopes\{37FFFC4D-CB7D-4423-81EF-B0D09905A266}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\..\SearchScopes,DefaultScope = {37FFFC4D-CB7D-4423-81EF-B0D09905A266} IE - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\..\SearchScopes\{37FFFC4D-CB7D-4423-81EF-B0D09905A266}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz-muenchen.de/" FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.21 15:41:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.30 20:30:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 11:28:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.28 12:34:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.21 15:41:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 11:28:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.28 12:34:42 | 000,000,000 | ---D | M] [2010.07.27 20:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marilena\AppData\Roaming\mozilla\Extensions [2012.05.02 18:09:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marilena\AppData\Roaming\mozilla\Firefox\Profiles\agviln8i.default\extensions [2012.06.23 11:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.03.30 20:30:11 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.01.05 18:19:12 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MARILENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AGVILN8I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.23 11:28:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.10.15 11:15:10 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.06.23 11:28:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.23 11:28:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.23 11:28:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 11:28:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 11:28:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 11:28:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-1585321399-1446231418-589504342-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ECC26FA-91D3-4EC5-A74C-5DFB09C3A819}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73AF03A6-DB89-41C9-87AB-89F877CB23C7}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.28 14:39:59 | 000,000,000 | ---D | C] -- C:\Users\Marilena\Desktop\neu [2012.06.23 10:34:43 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\Macromedia [2012.06.12 16:31:36 | 000,000,000 | ---D | C] -- C:\Users\Marilena\Desktop\Mama 50. Geburtstag - Kopie [2012.06.09 19:26:42 | 000,000,000 | ---D | C] -- C:\Users\Marilena\Desktop\Mama 50. Geburtstag [2012.06.09 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\Marilena\Desktop\Geburtstag 2011 [2012.06.09 18:37:14 | 000,000,000 | ---D | C] -- C:\Users\Marilena\Desktop\Weihnachten 2011 ========== Files - Modified Within 30 Days ========== [2012.06.28 15:37:16 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 15:37:16 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 15:37:06 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.28 15:37:06 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.28 15:37:06 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.28 15:37:06 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.28 15:37:06 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.28 15:29:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.28 15:29:35 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys [2012.06.28 14:59:38 | 000,000,000 | ---- | M] () -- C:\Users\Marilena\defogger_reenable [2012.06.28 14:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.16 14:06:00 | 000,387,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 16:43:42 | 000,000,871 | ---- | M] () -- C:\Users\Marilena\.recently-used.xbel [2012.06.09 18:51:06 | 002,602,152 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4198.JPG [2012.06.09 18:44:58 | 002,650,712 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4153.JPG [2012.06.09 18:44:52 | 002,620,261 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4152.JPG [2012.06.09 18:44:44 | 002,371,838 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4151.JPG [2012.06.09 18:44:38 | 002,573,909 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4150.JPG [2012.06.09 18:44:34 | 002,354,060 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4149.JPG [2012.06.09 18:44:28 | 002,511,145 | ---- | M] () -- C:\Users\Marilena\Desktop\DSC_4148.JPG [2012.06.05 18:51:48 | 000,071,202 | ---- | M] () -- C:\Users\Marilena\Desktop\origami-pink.jpg ========== Files Created - No Company Name ========== [2012.06.28 14:59:38 | 000,000,000 | ---- | C] () -- C:\Users\Marilena\defogger_reenable [2012.06.12 16:43:42 | 000,000,871 | ---- | C] () -- C:\Users\Marilena\.recently-used.xbel [2012.06.09 18:51:53 | 002,650,712 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4153.JPG [2012.06.09 18:51:53 | 002,620,261 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4152.JPG [2012.06.09 18:51:53 | 002,573,909 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4150.JPG [2012.06.09 18:51:53 | 002,511,145 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4148.JPG [2012.06.09 18:51:53 | 002,371,838 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4151.JPG [2012.06.09 18:51:53 | 002,354,060 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4149.JPG [2012.06.09 18:51:50 | 002,636,956 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4211.JPG [2012.06.09 18:51:48 | 002,318,119 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4210.JPG [2012.06.09 18:51:46 | 002,596,602 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4209.JPG [2012.06.09 18:51:44 | 002,816,319 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4208.JPG [2012.06.09 18:51:41 | 002,677,623 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4207.JPG [2012.06.09 18:51:39 | 002,636,246 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4206.JPG [2012.06.09 18:51:37 | 002,492,510 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4205.JPG [2012.06.09 18:51:35 | 002,522,287 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4204.JPG [2012.06.09 18:51:32 | 002,638,864 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4203.JPG [2012.06.09 18:51:30 | 002,639,962 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4202.JPG [2012.06.09 18:51:28 | 002,602,152 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4198.JPG [2012.06.09 18:51:28 | 002,525,664 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4199.JPG [2012.06.09 18:51:28 | 002,509,771 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4201.JPG [2012.06.09 18:51:28 | 002,497,055 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4200.JPG [2012.06.09 18:51:28 | 002,212,468 | ---- | C] () -- C:\Users\Marilena\Desktop\DSC_4197.JPG [2012.06.05 18:51:47 | 000,071,202 | ---- | C] () -- C:\Users\Marilena\Desktop\origami-pink.jpg [2011.02.07 10:20:41 | 000,001,854 | ---- | C] () -- C:\Users\Marilena\AppData\Roaming\GhostObjGAFix.xml [2010.10.21 15:38:26 | 000,180,908 | ---- | C] () -- C:\Windows\hpoins29.dat [2010.10.21 15:38:26 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat [2010.07.27 19:47:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat ========== LOP Check ========== [2011.05.31 13:38:25 | 000,000,000 | ---D | M] -- C:\Users\Marilena\AppData\Roaming\Dropbox [2012.06.12 16:43:42 | 000,000,000 | ---D | M] -- C:\Users\Marilena\AppData\Roaming\gtk-2.0 [2011.03.29 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\Marilena\AppData\Roaming\ICQ [2010.07.27 19:47:27 | 000,000,000 | ---D | M] -- C:\Users\Marilena\AppData\Roaming\_MDLogs [2012.05.13 18:27:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Geändert von marilu (28.06.2012 um 15:15 Uhr) |
|
30.06.2012, 03:58
| #2 |
| /// Selecta Jahrusso   | spam-mails von hotmail-account verschickt --> trojaner? Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
30.06.2012, 10:24
| #3 |
| | spam-mails von hotmail-account verschickt --> trojaner? hab den tdsskiller durchlaufen lassen, hier die ergebnisse
__________________Code:
ATTFilter 11:20:39.0368 0796 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
11:20:39.0462 0796 ============================================================
11:20:39.0462 0796 Current date / time: 2012/06/30 11:20:39.0462
11:20:39.0462 0796 SystemInfo:
11:20:39.0462 0796
11:20:39.0462 0796 OS Version: 6.1.7601 ServicePack: 1.0
11:20:39.0462 0796 Product type: Workstation
11:20:39.0462 0796 ComputerName: MARILENA-PC
11:20:39.0462 0796 UserName: Marilena
11:20:39.0462 0796 Windows directory: C:\Windows
11:20:39.0462 0796 System windows directory: C:\Windows
11:20:39.0462 0796 Running under WOW64
11:20:39.0462 0796 Processor architecture: Intel x64
11:20:39.0462 0796 Number of processors: 4
11:20:39.0462 0796 Page size: 0x1000
11:20:39.0462 0796 Boot type: Normal boot
11:20:39.0462 0796 ============================================================
11:20:40.0039 0796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:20:40.0054 0796 ============================================================
11:20:40.0054 0796 \Device\Harddisk0\DR0:
11:20:40.0054 0796 MBR partitions:
11:20:40.0054 0796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:20:40.0054 0796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3891F000
11:20:40.0054 0796 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38983000, BlocksNum 0x19CF000
11:20:40.0054 0796 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
11:20:40.0054 0796 ============================================================
11:20:40.0070 0796 C: <-> \Device\Harddisk0\DR0\Partition1
11:20:40.0117 0796 D: <-> \Device\Harddisk0\DR0\Partition2
11:20:40.0117 0796 E: <-> \Device\Harddisk0\DR0\Partition3
11:20:40.0117 0796 ============================================================
11:20:40.0117 0796 Initialize success
11:20:40.0117 0796 ============================================================
11:20:47.0589 3664 ============================================================
11:20:47.0589 3664 Scan started
11:20:47.0589 3664 Mode: Manual;
11:20:47.0589 3664 ============================================================
11:20:48.0806 3664 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:20:48.0837 3664 1394ohci - ok
11:20:48.0868 3664 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:20:48.0884 3664 ACPI - ok
11:20:48.0900 3664 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:20:48.0900 3664 AcpiPmi - ok
11:20:48.0946 3664 acsock (e5568164c070a4988bd79c896920b3c6) C:\Windows\system32\DRIVERS\acsock64.sys
11:20:48.0962 3664 acsock - ok
11:20:49.0071 3664 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:20:49.0071 3664 AdobeARMservice - ok
11:20:49.0274 3664 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:20:49.0290 3664 AdobeFlashPlayerUpdateSvc - ok
11:20:49.0352 3664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:20:49.0399 3664 adp94xx - ok
11:20:49.0446 3664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:20:49.0461 3664 adpahci - ok
11:20:49.0492 3664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:20:49.0524 3664 adpu320 - ok
11:20:49.0539 3664 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:20:49.0539 3664 AeLookupSvc - ok
11:20:49.0633 3664 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
11:20:49.0633 3664 AERTFilters - ok
11:20:49.0695 3664 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:20:49.0726 3664 AFD - ok
11:20:49.0820 3664 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
11:20:49.0898 3664 AgereSoftModem - ok
11:20:49.0929 3664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:20:49.0929 3664 agp440 - ok
11:20:49.0960 3664 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:20:49.0960 3664 ALG - ok
11:20:49.0992 3664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:20:49.0992 3664 aliide - ok
11:20:50.0038 3664 AMD External Events Utility (1d317ea326423ff7630cf1da3bd46a1c) C:\Windows\system32\atiesrxx.exe
11:20:50.0038 3664 AMD External Events Utility - ok
11:20:50.0054 3664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:20:50.0054 3664 amdide - ok
11:20:50.0085 3664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:20:50.0085 3664 AmdK8 - ok
11:20:50.0101 3664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:20:50.0116 3664 AmdPPM - ok
11:20:50.0132 3664 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:20:50.0148 3664 amdsata - ok
11:20:50.0163 3664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:20:50.0179 3664 amdsbs - ok
11:20:50.0194 3664 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:20:50.0210 3664 amdxata - ok
11:20:50.0288 3664 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:20:50.0288 3664 AntiVirSchedulerService - ok
11:20:50.0335 3664 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:20:50.0335 3664 AntiVirService - ok
11:20:50.0382 3664 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:20:50.0382 3664 AppID - ok
11:20:50.0413 3664 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:20:50.0413 3664 AppIDSvc - ok
11:20:50.0444 3664 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:20:50.0444 3664 Appinfo - ok
11:20:50.0522 3664 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:20:50.0522 3664 Apple Mobile Device - ok
11:20:50.0553 3664 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:20:50.0569 3664 arc - ok
11:20:50.0600 3664 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:20:50.0631 3664 arcsas - ok
11:20:50.0647 3664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:20:50.0662 3664 AsyncMac - ok
11:20:50.0694 3664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:20:50.0694 3664 atapi - ok
11:20:50.0818 3664 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
11:20:50.0881 3664 athr - ok
11:20:51.0037 3664 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
11:20:51.0052 3664 AtiHdmiService - ok
11:20:51.0442 3664 atikmdag (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys
11:20:51.0614 3664 atikmdag - ok
11:20:51.0786 3664 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:20:51.0801 3664 AudioEndpointBuilder - ok
11:20:51.0817 3664 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:20:51.0817 3664 AudioSrv - ok
11:20:51.0910 3664 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
11:20:51.0926 3664 avgntflt - ok
11:20:51.0957 3664 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
11:20:51.0973 3664 avipbb - ok
11:20:51.0988 3664 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
11:20:52.0004 3664 avkmgr - ok
11:20:52.0035 3664 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:20:52.0051 3664 AxInstSV - ok
11:20:52.0113 3664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:20:52.0160 3664 b06bdrv - ok
11:20:52.0207 3664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:20:52.0222 3664 b57nd60a - ok
11:20:52.0347 3664 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:20:52.0347 3664 BBSvc - ok
11:20:52.0394 3664 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:20:52.0394 3664 BBUpdate - ok
11:20:52.0441 3664 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:20:52.0456 3664 BDESVC - ok
11:20:52.0456 3664 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:20:52.0472 3664 Beep - ok
11:20:52.0550 3664 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:20:52.0581 3664 BFE - ok
11:20:52.0659 3664 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:20:52.0675 3664 BITS - ok
11:20:52.0737 3664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:20:52.0737 3664 blbdrive - ok
11:20:52.0846 3664 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:20:52.0846 3664 Bonjour Service - ok
11:20:52.0862 3664 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:20:52.0878 3664 bowser - ok
11:20:52.0909 3664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:20:52.0909 3664 BrFiltLo - ok
11:20:52.0924 3664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:20:52.0924 3664 BrFiltUp - ok
11:20:52.0971 3664 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:20:52.0971 3664 Browser - ok
11:20:53.0018 3664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:20:53.0034 3664 Brserid - ok
11:20:53.0080 3664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:20:53.0080 3664 BrSerWdm - ok
11:20:53.0112 3664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:20:53.0112 3664 BrUsbMdm - ok
11:20:53.0127 3664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:20:53.0127 3664 BrUsbSer - ok
11:20:53.0158 3664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:20:53.0174 3664 BTHMODEM - ok
11:20:53.0205 3664 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:20:53.0221 3664 bthserv - ok
11:20:53.0252 3664 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:20:53.0252 3664 cdfs - ok
11:20:53.0299 3664 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:20:53.0314 3664 cdrom - ok
11:20:53.0361 3664 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:20:53.0361 3664 CertPropSvc - ok
11:20:53.0377 3664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:20:53.0392 3664 circlass - ok
11:20:53.0439 3664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:20:53.0455 3664 CLFS - ok
11:20:53.0517 3664 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:20:53.0533 3664 clr_optimization_v2.0.50727_32 - ok
11:20:53.0580 3664 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:20:53.0595 3664 clr_optimization_v2.0.50727_64 - ok
11:20:53.0658 3664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:20:53.0658 3664 clr_optimization_v4.0.30319_32 - ok
11:20:53.0704 3664 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:20:53.0704 3664 clr_optimization_v4.0.30319_64 - ok
11:20:53.0736 3664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:20:53.0736 3664 CmBatt - ok
11:20:53.0767 3664 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:20:53.0767 3664 cmdide - ok
11:20:53.0829 3664 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:20:53.0876 3664 CNG - ok
11:20:53.0970 3664 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
11:20:53.0970 3664 Com4QLBEx - ok
11:20:54.0001 3664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:20:54.0016 3664 Compbatt - ok
11:20:54.0048 3664 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:20:54.0063 3664 CompositeBus - ok
11:20:54.0079 3664 COMSysApp - ok
11:20:54.0094 3664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:20:54.0094 3664 crcdisk - ok
11:20:54.0141 3664 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:20:54.0141 3664 CryptSvc - ok
11:20:54.0204 3664 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:20:54.0219 3664 DcomLaunch - ok
11:20:54.0266 3664 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:20:54.0282 3664 defragsvc - ok
11:20:54.0313 3664 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:20:54.0328 3664 DfsC - ok
11:20:54.0360 3664 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:20:54.0360 3664 Dhcp - ok
11:20:54.0391 3664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:20:54.0391 3664 discache - ok
11:20:54.0406 3664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:20:54.0422 3664 Disk - ok
11:20:54.0453 3664 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:20:54.0453 3664 Dnscache - ok
11:20:54.0500 3664 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:20:54.0531 3664 dot3svc - ok
11:20:54.0578 3664 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
11:20:54.0578 3664 Dot4 - ok
11:20:54.0625 3664 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:20:54.0625 3664 Dot4Print - ok
11:20:54.0656 3664 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
11:20:54.0656 3664 dot4usb - ok
11:20:54.0672 3664 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:20:54.0672 3664 DPS - ok
11:20:54.0703 3664 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:20:54.0703 3664 drmkaud - ok
11:20:54.0796 3664 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:20:54.0843 3664 DXGKrnl - ok
11:20:54.0890 3664 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:20:54.0890 3664 EapHost - ok
11:20:55.0124 3664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:20:55.0233 3664 ebdrv - ok
11:20:55.0342 3664 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:20:55.0342 3664 EFS - ok
11:20:55.0436 3664 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:20:55.0483 3664 ehRecvr - ok
11:20:55.0514 3664 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:20:55.0530 3664 ehSched - ok
11:20:55.0608 3664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:20:55.0639 3664 elxstor - ok
11:20:55.0717 3664 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
11:20:55.0717 3664 EPSON_PM_RPCV4_01 - ok
11:20:55.0748 3664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:20:55.0748 3664 ErrDev - ok
11:20:55.0810 3664 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:20:55.0826 3664 EventSystem - ok
11:20:55.0857 3664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:20:55.0888 3664 exfat - ok
11:20:55.0904 3664 ezSharedSvc - ok
11:20:55.0935 3664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:20:55.0951 3664 fastfat - ok
11:20:56.0029 3664 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:20:56.0044 3664 Fax - ok
11:20:56.0091 3664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:20:56.0091 3664 fdc - ok
11:20:56.0107 3664 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:20:56.0107 3664 fdPHost - ok
11:20:56.0122 3664 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:20:56.0138 3664 FDResPub - ok
11:20:56.0154 3664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:20:56.0169 3664 FileInfo - ok
11:20:56.0169 3664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:20:56.0185 3664 Filetrace - ok
11:20:56.0216 3664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:20:56.0216 3664 flpydisk - ok
11:20:56.0247 3664 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:20:56.0278 3664 FltMgr - ok
11:20:56.0356 3664 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:20:56.0403 3664 FontCache - ok
11:20:56.0450 3664 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:20:56.0466 3664 FontCache3.0.0.0 - ok
11:20:56.0497 3664 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:20:56.0512 3664 FsDepends - ok
11:20:56.0544 3664 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:20:56.0559 3664 Fs_Rec - ok
11:20:56.0622 3664 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:20:56.0637 3664 fvevol - ok
11:20:56.0668 3664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:20:56.0668 3664 gagp30kx - ok
11:20:56.0700 3664 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:20:56.0700 3664 GEARAspiWDM - ok
11:20:56.0778 3664 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:20:56.0809 3664 gpsvc - ok
11:20:56.0840 3664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:20:56.0840 3664 hcw85cir - ok
11:20:56.0887 3664 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:20:56.0918 3664 HdAudAddService - ok
11:20:56.0949 3664 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:20:56.0949 3664 HDAudBus - ok
11:20:56.0980 3664 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:20:56.0996 3664 HECIx64 - ok
11:20:57.0012 3664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:20:57.0012 3664 HidBatt - ok
11:20:57.0043 3664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:20:57.0058 3664 HidBth - ok
11:20:57.0090 3664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:20:57.0090 3664 HidIr - ok
11:20:57.0121 3664 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:20:57.0121 3664 hidserv - ok
11:20:57.0152 3664 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:20:57.0168 3664 HidUsb - ok
11:20:57.0261 3664 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:20:57.0261 3664 hkmsvc - ok
11:20:57.0292 3664 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:20:57.0308 3664 HomeGroupListener - ok
11:20:57.0339 3664 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:20:57.0339 3664 HomeGroupProvider - ok
11:20:57.0433 3664 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:20:57.0433 3664 HP Support Assistant Service - ok
11:20:57.0480 3664 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:20:57.0480 3664 HPDrvMntSvc.exe - ok
11:20:57.0604 3664 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:20:57.0604 3664 hpqcxs08 - ok
11:20:57.0667 3664 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:20:57.0667 3664 hpqddsvc - ok
11:20:57.0714 3664 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
11:20:57.0714 3664 HpqKbFiltr - ok
11:20:57.0807 3664 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:20:57.0823 3664 hpqwmiex - ok
11:20:57.0870 3664 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:20:57.0885 3664 HpSAMD - ok
11:20:57.0948 3664 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:20:57.0979 3664 HTTP - ok
11:20:58.0010 3664 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:20:58.0010 3664 hwpolicy - ok
11:20:58.0057 3664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:20:58.0072 3664 i8042prt - ok
11:20:58.0104 3664 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
11:20:58.0104 3664 iaStor - ok
11:20:58.0166 3664 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:20:58.0197 3664 iaStorV - ok
11:20:58.0338 3664 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:20:58.0447 3664 idsvc - ok
11:20:58.0852 3664 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:20:59.0024 3664 igfx - ok
11:20:59.0180 3664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:20:59.0180 3664 iirsp - ok
11:20:59.0258 3664 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:20:59.0274 3664 IKEEXT - ok
11:20:59.0430 3664 IntcAzAudAddService (181e4ff75674a7105ecd0a02c35ef43a) C:\Windows\system32\drivers\RTKVHD64.sys
11:20:59.0539 3664 IntcAzAudAddService - ok
11:20:59.0617 3664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:20:59.0632 3664 intelide - ok
11:20:59.0664 3664 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:20:59.0664 3664 intelppm - ok
11:20:59.0695 3664 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:20:59.0710 3664 IPBusEnum - ok
11:20:59.0726 3664 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:20:59.0742 3664 IpFilterDriver - ok
11:20:59.0788 3664 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:20:59.0804 3664 iphlpsvc - ok
11:20:59.0835 3664 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:20:59.0851 3664 IPMIDRV - ok
11:20:59.0882 3664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:20:59.0898 3664 IPNAT - ok
11:21:00.0007 3664 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
11:21:00.0038 3664 iPod Service - ok
11:21:00.0054 3664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:21:00.0069 3664 IRENUM - ok
11:21:00.0085 3664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:21:00.0085 3664 isapnp - ok
11:21:00.0116 3664 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:21:00.0147 3664 iScsiPrt - ok
11:21:00.0163 3664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:21:00.0178 3664 kbdclass - ok
11:21:00.0194 3664 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:21:00.0210 3664 kbdhid - ok
11:21:00.0241 3664 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:21:00.0241 3664 KeyIso - ok
11:21:00.0256 3664 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:21:00.0272 3664 KSecDD - ok
11:21:00.0288 3664 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:21:00.0303 3664 KSecPkg - ok
11:21:00.0319 3664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:21:00.0334 3664 ksthunk - ok
11:21:00.0366 3664 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:21:00.0397 3664 KtmRm - ok
11:21:00.0444 3664 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:21:00.0444 3664 LanmanServer - ok
11:21:00.0475 3664 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:21:00.0475 3664 LanmanWorkstation - ok
11:21:00.0568 3664 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:21:00.0568 3664 LightScribeService - ok
11:21:00.0615 3664 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:21:00.0615 3664 lltdio - ok
11:21:00.0662 3664 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:21:00.0693 3664 lltdsvc - ok
11:21:00.0693 3664 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:21:00.0709 3664 lmhosts - ok
11:21:00.0787 3664 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:21:00.0787 3664 LMS - ok
11:21:00.0834 3664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:21:00.0834 3664 LSI_FC - ok
11:21:00.0865 3664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:21:00.0880 3664 LSI_SAS - ok
11:21:00.0912 3664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:21:00.0912 3664 LSI_SAS2 - ok
11:21:00.0943 3664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:21:00.0958 3664 LSI_SCSI - ok
11:21:01.0005 3664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:21:01.0005 3664 luafv - ok
11:21:01.0052 3664 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:21:01.0052 3664 MBAMProtector - ok
11:21:01.0161 3664 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:21:01.0161 3664 MBAMService - ok
11:21:01.0192 3664 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:21:01.0208 3664 Mcx2Svc - ok
11:21:01.0239 3664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:21:01.0239 3664 megasas - ok
11:21:01.0286 3664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:21:01.0302 3664 MegaSR - ok
11:21:01.0333 3664 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:21:01.0333 3664 MMCSS - ok
11:21:01.0348 3664 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:21:01.0364 3664 Modem - ok
11:21:01.0380 3664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:21:01.0380 3664 monitor - ok
11:21:01.0411 3664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:21:01.0426 3664 mouclass - ok
11:21:01.0442 3664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:21:01.0458 3664 mouhid - ok
11:21:01.0489 3664 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:21:01.0489 3664 mountmgr - ok
11:21:01.0582 3664 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:21:01.0598 3664 MozillaMaintenance - ok
11:21:01.0614 3664 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:21:01.0645 3664 mpio - ok
11:21:01.0676 3664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:21:01.0676 3664 mpsdrv - ok
11:21:01.0754 3664 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:21:01.0801 3664 MpsSvc - ok
11:21:01.0832 3664 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:21:01.0848 3664 MRxDAV - ok
11:21:01.0894 3664 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:21:01.0910 3664 mrxsmb - ok
11:21:01.0957 3664 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:21:02.0004 3664 mrxsmb10 - ok
11:21:02.0019 3664 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:21:02.0050 3664 mrxsmb20 - ok
11:21:02.0066 3664 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:21:02.0082 3664 msahci - ok
11:21:02.0097 3664 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:21:02.0113 3664 msdsm - ok
11:21:02.0144 3664 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:21:02.0160 3664 MSDTC - ok
11:21:02.0191 3664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:21:02.0206 3664 Msfs - ok
11:21:02.0222 3664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:21:02.0222 3664 mshidkmdf - ok
11:21:02.0238 3664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:21:02.0238 3664 msisadrv - ok
11:21:02.0269 3664 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:21:02.0300 3664 MSiSCSI - ok
11:21:02.0300 3664 msiserver - ok
11:21:02.0331 3664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:21:02.0347 3664 MSKSSRV - ok
11:21:02.0378 3664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:21:02.0378 3664 MSPCLOCK - ok
11:21:02.0394 3664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:21:02.0394 3664 MSPQM - ok
11:21:02.0440 3664 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:21:02.0472 3664 MsRPC - ok
11:21:02.0487 3664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:21:02.0487 3664 mssmbios - ok
11:21:02.0503 3664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:21:02.0503 3664 MSTEE - ok
11:21:02.0534 3664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:21:02.0534 3664 MTConfig - ok
11:21:02.0550 3664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:21:02.0550 3664 Mup - ok
11:21:02.0596 3664 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:21:02.0612 3664 napagent - ok
11:21:02.0659 3664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:21:02.0690 3664 NativeWifiP - ok
11:21:02.0768 3664 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:21:02.0784 3664 NDIS - ok
11:21:02.0799 3664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:21:02.0815 3664 NdisCap - ok
11:21:02.0830 3664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:21:02.0846 3664 NdisTapi - ok
11:21:02.0862 3664 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:21:02.0877 3664 Ndisuio - ok
11:21:02.0908 3664 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:21:02.0924 3664 NdisWan - ok
11:21:02.0955 3664 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:21:02.0971 3664 NDProxy - ok
11:21:03.0033 3664 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
11:21:03.0033 3664 Net Driver HPZ12 - ok
11:21:03.0049 3664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:21:03.0064 3664 NetBIOS - ok
11:21:03.0096 3664 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:21:03.0111 3664 NetBT - ok
11:21:03.0142 3664 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:21:03.0158 3664 Netlogon - ok
11:21:03.0205 3664 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:21:03.0220 3664 Netman - ok
11:21:03.0267 3664 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:21:03.0298 3664 netprofm - ok
11:21:03.0376 3664 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:21:03.0392 3664 NetTcpPortSharing - ok
11:21:03.0844 3664 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:21:03.0985 3664 netw5v64 - ok
11:21:04.0078 3664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:21:04.0094 3664 nfrd960 - ok
11:21:04.0141 3664 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:21:04.0156 3664 NlaSvc - ok
11:21:04.0172 3664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:21:04.0172 3664 Npfs - ok
11:21:04.0203 3664 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:21:04.0203 3664 nsi - ok
11:21:04.0219 3664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:21:04.0219 3664 nsiproxy - ok
11:21:04.0328 3664 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:21:04.0422 3664 Ntfs - ok
11:21:04.0500 3664 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:21:04.0515 3664 Null - ok
11:21:04.0546 3664 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:21:04.0562 3664 nvraid - ok
11:21:04.0593 3664 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:21:04.0624 3664 nvstor - ok
11:21:04.0656 3664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:21:04.0671 3664 nv_agp - ok
11:21:04.0687 3664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:21:04.0702 3664 ohci1394 - ok
11:21:04.0780 3664 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:21:04.0796 3664 ose - ok
11:21:05.0170 3664 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:21:05.0202 3664 osppsvc - ok
11:21:05.0358 3664 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:21:05.0373 3664 p2pimsvc - ok
11:21:05.0420 3664 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:21:05.0436 3664 p2psvc - ok
11:21:05.0467 3664 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:21:05.0482 3664 Parport - ok
11:21:05.0498 3664 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:21:05.0514 3664 partmgr - ok
11:21:05.0529 3664 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:21:05.0529 3664 PcaSvc - ok
11:21:05.0576 3664 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:21:05.0576 3664 pci - ok
11:21:05.0592 3664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:21:05.0607 3664 pciide - ok
11:21:05.0638 3664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:21:05.0670 3664 pcmcia - ok
11:21:05.0701 3664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:21:05.0716 3664 pcw - ok
11:21:05.0779 3664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:21:05.0841 3664 PEAUTH - ok
11:21:05.0919 3664 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:21:05.0935 3664 PerfHost - ok
11:21:06.0060 3664 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:21:06.0122 3664 pla - ok
11:21:06.0169 3664 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:21:06.0184 3664 PlugPlay - ok
11:21:06.0231 3664 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
11:21:06.0231 3664 Pml Driver HPZ12 - ok
11:21:06.0262 3664 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:21:06.0262 3664 PNRPAutoReg - ok
11:21:06.0294 3664 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:21:06.0309 3664 PNRPsvc - ok
11:21:06.0340 3664 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:21:06.0387 3664 PolicyAgent - ok
11:21:06.0418 3664 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:21:06.0418 3664 Power - ok
11:21:06.0481 3664 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:21:06.0496 3664 PptpMiniport - ok
11:21:06.0528 3664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:21:06.0528 3664 Processor - ok
11:21:06.0559 3664 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:21:06.0574 3664 ProfSvc - ok
11:21:06.0606 3664 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:21:06.0606 3664 ProtectedStorage - ok
11:21:06.0637 3664 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:21:06.0652 3664 Psched - ok
11:21:06.0777 3664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:21:06.0824 3664 ql2300 - ok
11:21:06.0918 3664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:21:06.0933 3664 ql40xx - ok
11:21:06.0980 3664 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:21:06.0996 3664 QWAVE - ok
11:21:07.0027 3664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:21:07.0027 3664 QWAVEdrv - ok
11:21:07.0042 3664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:21:07.0042 3664 RasAcd - ok
11:21:07.0074 3664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:21:07.0074 3664 RasAgileVpn - ok
11:21:07.0089 3664 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:21:07.0105 3664 RasAuto - ok
11:21:07.0136 3664 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:21:07.0167 3664 Rasl2tp - ok
11:21:07.0198 3664 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:21:07.0214 3664 RasMan - ok
11:21:07.0245 3664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:21:07.0245 3664 RasPppoe - ok
11:21:07.0276 3664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:21:07.0292 3664 RasSstp - ok
11:21:07.0323 3664 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:21:07.0370 3664 rdbss - ok
11:21:07.0401 3664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:21:07.0401 3664 rdpbus - ok
11:21:07.0417 3664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:21:07.0417 3664 RDPCDD - ok
11:21:07.0448 3664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:21:07.0448 3664 RDPENCDD - ok
11:21:07.0464 3664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:21:07.0464 3664 RDPREFMP - ok
11:21:07.0495 3664 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:21:07.0510 3664 RDPWD - ok
11:21:07.0557 3664 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:21:07.0588 3664 rdyboost - ok
11:21:07.0620 3664 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:21:07.0620 3664 RemoteAccess - ok
11:21:07.0651 3664 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:21:07.0682 3664 RemoteRegistry - ok
11:21:07.0776 3664 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
11:21:07.0791 3664 RichVideo - ok
11:21:07.0807 3664 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:21:07.0822 3664 RpcEptMapper - ok
11:21:07.0822 3664 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:21:07.0822 3664 RpcLocator - ok
11:21:07.0885 3664 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:21:07.0885 3664 RpcSs - ok
11:21:07.0947 3664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:21:07.0947 3664 rspndr - ok
11:21:07.0994 3664 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
11:21:08.0010 3664 RSUSBSTOR - ok
11:21:08.0072 3664 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:21:08.0103 3664 RTL8167 - ok
11:21:08.0134 3664 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:21:08.0134 3664 SamSs - ok
11:21:08.0166 3664 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:21:08.0181 3664 sbp2port - ok
11:21:08.0212 3664 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:21:08.0244 3664 SCardSvr - ok
11:21:08.0275 3664 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:21:08.0275 3664 scfilter - ok
11:21:08.0353 3664 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:21:08.0384 3664 Schedule - ok
11:21:08.0400 3664 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:21:08.0400 3664 SCPolicySvc - ok
11:21:08.0446 3664 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
11:21:08.0446 3664 sdbus - ok
11:21:08.0478 3664 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:21:08.0478 3664 SDRSVC - ok
11:21:08.0509 3664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:21:08.0524 3664 secdrv - ok
11:21:08.0540 3664 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:21:08.0556 3664 seclogon - ok
11:21:08.0587 3664 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:21:08.0587 3664 SENS - ok
11:21:08.0587 3664 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:21:08.0602 3664 SensrSvc - ok
11:21:08.0634 3664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:21:08.0634 3664 Serenum - ok
11:21:08.0649 3664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:21:08.0665 3664 Serial - ok
11:21:08.0680 3664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:21:08.0696 3664 sermouse - ok
11:21:08.0743 3664 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:21:08.0758 3664 SessionEnv - ok
11:21:08.0774 3664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:21:08.0774 3664 sffdisk - ok
11:21:08.0790 3664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:21:08.0790 3664 sffp_mmc - ok
11:21:08.0805 3664 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:21:08.0805 3664 sffp_sd - ok
11:21:08.0836 3664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:21:08.0836 3664 sfloppy - ok
11:21:08.0868 3664 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:21:08.0899 3664 SharedAccess - ok
11:21:08.0946 3664 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:21:08.0946 3664 ShellHWDetection - ok
11:21:08.0977 3664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:21:08.0992 3664 SiSRaid2 - ok
11:21:09.0008 3664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:21:09.0008 3664 SiSRaid4 - ok
11:21:09.0039 3664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:21:09.0055 3664 Smb - ok
11:21:09.0086 3664 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:21:09.0086 3664 SNMPTRAP - ok
11:21:09.0102 3664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:21:09.0102 3664 spldr - ok
11:21:09.0148 3664 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:21:09.0180 3664 Spooler - ok
11:21:09.0414 3664 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:21:09.0492 3664 sppsvc - ok
11:21:09.0585 3664 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:21:09.0601 3664 sppuinotify - ok
11:21:09.0679 3664 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:21:09.0710 3664 srv - ok
11:21:09.0757 3664 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:21:09.0788 3664 srv2 - ok
11:21:09.0819 3664 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:21:09.0850 3664 SrvHsfHDA - ok
11:21:09.0944 3664 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:21:10.0038 3664 SrvHsfV92 - ok
11:21:10.0178 3664 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:21:10.0240 3664 SrvHsfWinac - ok
11:21:10.0272 3664 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:21:10.0287 3664 srvnet - ok
11:21:10.0334 3664 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:21:10.0350 3664 SSDPSRV - ok
11:21:10.0365 3664 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:21:10.0381 3664 SstpSvc - ok
11:21:10.0396 3664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:21:10.0412 3664 stexstor - ok
11:21:10.0459 3664 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:21:10.0490 3664 stisvc - ok
11:21:10.0521 3664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:21:10.0521 3664 swenum - ok
11:21:10.0568 3664 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:21:10.0599 3664 swprv - ok
11:21:10.0662 3664 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
11:21:10.0693 3664 SynTP - ok
11:21:10.0818 3664 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:21:10.0880 3664 SysMain - ok
11:21:10.0974 3664 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:21:11.0005 3664 TabletInputService - ok
11:21:11.0020 3664 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:21:11.0052 3664 TapiSrv - ok
11:21:11.0083 3664 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:21:11.0083 3664 TBS - ok
11:21:11.0254 3664 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:21:11.0364 3664 Tcpip - ok
11:21:11.0582 3664 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:21:11.0598 3664 TCPIP6 - ok
11:21:11.0676 3664 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:21:11.0691 3664 tcpipreg - ok
11:21:11.0722 3664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:21:11.0722 3664 TDPIPE - ok
11:21:11.0754 3664 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:21:11.0769 3664 TDTCP - ok
11:21:11.0785 3664 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:21:11.0800 3664 tdx - ok
11:21:11.0832 3664 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:21:11.0847 3664 TermDD - ok
11:21:11.0894 3664 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:21:11.0925 3664 TermService - ok
11:21:11.0941 3664 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:21:11.0956 3664 Themes - ok
11:21:11.0972 3664 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:21:11.0988 3664 THREADORDER - ok
11:21:12.0019 3664 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:21:12.0019 3664 TrkWks - ok
11:21:12.0066 3664 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:21:12.0081 3664 TrustedInstaller - ok
11:21:12.0097 3664 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:21:12.0112 3664 tssecsrv - ok
11:21:12.0144 3664 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:21:12.0159 3664 TsUsbFlt - ok
11:21:12.0206 3664 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:21:12.0222 3664 tunnel - ok
11:21:12.0237 3664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:21:12.0253 3664 uagp35 - ok
11:21:12.0284 3664 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:21:12.0315 3664 udfs - ok
11:21:12.0331 3664 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:21:12.0331 3664 UI0Detect - ok
11:21:12.0378 3664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:21:12.0393 3664 uliagpkx - ok
11:21:12.0424 3664 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:21:12.0440 3664 umbus - ok
11:21:12.0456 3664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:21:12.0471 3664 UmPass - ok
11:21:12.0658 3664 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:21:12.0721 3664 UNS - ok
11:21:12.0830 3664 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:21:12.0861 3664 upnphost - ok
11:21:12.0939 3664 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:21:12.0955 3664 usbaudio - ok
11:21:12.0986 3664 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:21:12.0986 3664 usbccgp - ok
11:21:13.0017 3664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:21:13.0033 3664 usbcir - ok
11:21:13.0048 3664 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:21:13.0048 3664 usbehci - ok
11:21:13.0095 3664 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:21:13.0126 3664 usbhub - ok
11:21:13.0126 3664 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:21:13.0142 3664 usbohci - ok
11:21:13.0173 3664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:21:13.0173 3664 usbprint - ok
11:21:13.0204 3664 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:21:13.0204 3664 usbscan - ok
11:21:13.0220 3664 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:21:13.0220 3664 USBSTOR - ok
11:21:13.0236 3664 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:21:13.0236 3664 usbuhci - ok
11:21:13.0314 3664 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:21:13.0329 3664 usbvideo - ok
11:21:13.0360 3664 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:21:13.0360 3664 UxSms - ok
11:21:13.0392 3664 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:21:13.0392 3664 VaultSvc - ok
11:21:13.0423 3664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:21:13.0438 3664 vdrvroot - ok
11:21:13.0485 3664 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:21:13.0501 3664 vds - ok
11:21:13.0532 3664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:21:13.0548 3664 vga - ok
11:21:13.0548 3664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:21:13.0563 3664 VgaSave - ok
11:21:13.0579 3664 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:21:13.0610 3664 vhdmp - ok
11:21:13.0626 3664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:21:13.0626 3664 viaide - ok
11:21:13.0657 3664 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:21:13.0657 3664 volmgr - ok
11:21:13.0704 3664 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:21:13.0719 3664 volmgrx - ok
11:21:13.0766 3664 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:21:13.0782 3664 volsnap - ok
11:21:13.0891 3664 vpnagent (c8e2180caa7d1fb8c6aa202e0f302a7f) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
11:21:13.0891 3664 vpnagent - ok
11:21:13.0938 3664 vpnva (a8d4fed106b4bd337df3da20ba44e18e) C:\Windows\system32\DRIVERS\vpnva64.sys
11:21:13.0938 3664 vpnva - ok
11:21:13.0984 3664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:21:14.0000 3664 vsmraid - ok
11:21:14.0109 3664 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:21:14.0172 3664 VSS - ok
11:21:14.0281 3664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:21:14.0296 3664 vwifibus - ok
11:21:14.0328 3664 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:21:14.0328 3664 vwififlt - ok
11:21:14.0390 3664 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:21:14.0406 3664 W32Time - ok
11:21:14.0421 3664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:21:14.0437 3664 WacomPen - ok
11:21:14.0468 3664 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:21:14.0468 3664 WANARP - ok
11:21:14.0484 3664 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:21:14.0499 3664 Wanarpv6 - ok
11:21:14.0608 3664 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:21:14.0686 3664 WatAdminSvc - ok
11:21:14.0796 3664 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:21:14.0874 3664 wbengine - ok
11:21:14.0967 3664 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:21:14.0998 3664 WbioSrvc - ok
11:21:15.0045 3664 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:21:15.0061 3664 wcncsvc - ok
11:21:15.0092 3664 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:21:15.0092 3664 WcsPlugInService - ok
11:21:15.0123 3664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:21:15.0139 3664 Wd - ok
11:21:15.0201 3664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:21:15.0264 3664 Wdf01000 - ok
11:21:15.0279 3664 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:21:15.0295 3664 WdiServiceHost - ok
11:21:15.0295 3664 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:21:15.0310 3664 WdiSystemHost - ok
11:21:15.0342 3664 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:21:15.0373 3664 WebClient - ok
11:21:15.0404 3664 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:21:15.0404 3664 Wecsvc - ok
11:21:15.0420 3664 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:21:15.0420 3664 wercplsupport - ok
11:21:15.0451 3664 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:21:15.0451 3664 WerSvc - ok
11:21:15.0498 3664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:21:15.0498 3664 WfpLwf - ok
11:21:15.0513 3664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:21:15.0529 3664 WIMMount - ok
11:21:15.0560 3664 WinDefend - ok
11:21:15.0560 3664 WinHttpAutoProxySvc - ok
11:21:15.0638 3664 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:21:15.0669 3664 Winmgmt - ok
11:21:15.0810 3664 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:21:15.0856 3664 WinRM - ok
11:21:15.0966 3664 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:21:15.0981 3664 WinUsb - ok
11:21:16.0059 3664 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:21:16.0090 3664 Wlansvc - ok
11:21:16.0106 3664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:21:16.0106 3664 WmiAcpi - ok
11:21:16.0153 3664 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:21:16.0168 3664 wmiApSrv - ok
11:21:16.0215 3664 WMPNetworkSvc - ok
11:21:16.0231 3664 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:21:16.0246 3664 WPCSvc - ok
11:21:16.0278 3664 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:21:16.0278 3664 WPDBusEnum - ok
11:21:16.0356 3664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:21:16.0356 3664 ws2ifsl - ok
11:21:16.0387 3664 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:21:16.0387 3664 wscsvc - ok
11:21:16.0387 3664 WSearch - ok
11:21:16.0574 3664 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:21:16.0636 3664 wuauserv - ok
11:21:16.0761 3664 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:21:16.0761 3664 WudfPf - ok
11:21:16.0792 3664 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:21:16.0792 3664 WUDFRd - ok
11:21:16.0824 3664 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:21:16.0824 3664 wudfsvc - ok
11:21:16.0839 3664 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:21:16.0870 3664 WwanSvc - ok
11:21:16.0917 3664 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:21:16.0948 3664 yukonw7 - ok
11:21:16.0980 3664 MBR (0x1B8) (b2bc056a88831c6fb1a57d77ca198b98) \Device\Harddisk0\DR0
11:21:17.0229 3664 \Device\Harddisk0\DR0 - ok
11:21:17.0229 3664 Boot (0x1200) (a16a2d2ff3ef90c3c0102bacdac6f4a0) \Device\Harddisk0\DR0\Partition0
11:21:17.0245 3664 \Device\Harddisk0\DR0\Partition0 - ok
11:21:17.0245 3664 Boot (0x1200) (4f54a81151f6198757b077ead464991a) \Device\Harddisk0\DR0\Partition1
11:21:17.0260 3664 \Device\Harddisk0\DR0\Partition1 - ok
11:21:17.0276 3664 Boot (0x1200) (26386718e41c7f19eb1a31c6ef2c9832) \Device\Harddisk0\DR0\Partition2
11:21:17.0292 3664 \Device\Harddisk0\DR0\Partition2 - ok
11:21:17.0292 3664 Boot (0x1200) (6f714e65f28936d11ab1f5127aa5f3c1) \Device\Harddisk0\DR0\Partition3
11:21:17.0292 3664 \Device\Harddisk0\DR0\Partition3 - ok
11:21:17.0292 3664 ============================================================
11:21:17.0292 3664 Scan finished
11:21:17.0292 3664 ============================================================
11:21:17.0323 4540 Detected object count: 0
11:21:17.0323 4540 Actual detected object count: 0
|
|
30.06.2012, 13:05
| #4 |
| /// Selecta Jahrusso | spam-mails von hotmail-account verschickt --> trojaner? Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
30.06.2012, 14:45
| #5 |
| | spam-mails von hotmail-account verschickt --> trojaner? hab die datei runtergeladen. allerdings gibt es probleme. beim ersten mal ausführen, wurde ich nach dem avast standard gefragt; ich habe bestätigt. dann lief das programm etwa 2 minuten bis die meldung kam, dass das programm aufgrund eines unerwarteten ereignisses blabla geschlossen werden muss. beim zweiten versuch, wurde nicht mehr nach dem avast-dingens gefragt (ich nehm mal an, weil das zuvor erfolgreich verlief); auch beim zweiten durchgang lief das programm etwa 2 minuten. dann ging allerdings gar nichts mehr - keine absturzmeldung - nichts. ich konnte weder die maus bewegen noch den task-manager via strg+alt+enf öffnen. nach dem neustart habe ich den dritten versuch im abgesicherten modus gestartet. auch hier hängt sich das programm auf. den vierten und letzten versuch habe ich wieder im normalen modus gemacht und auch er führte nicht zum erfolg. kurz bevor erneut die fehlermeldung kam, hab ich einen screenshot gemacht, vielleicht hilft der ja bei der lösung des problems. avira antivir habe ich bei jedem versuch ausgeschaltet. die firewall hat sich überhaupt nicht bemerkbar gemacht. komplett ausschalten wollte ich sie aber nicht. Das Programm hängt sich übrigens immer auf, wenn es folgendes Verzeichnis scannt C:\Windows\assembly\GAC_MSIL\... (die unterordner variieren allerdings) |
|
01.07.2012, 17:43
| #6 | |
| /// Selecta Jahrusso | spam-mails von hotmail-account verschickt --> trojaner?Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> spam-mails von hotmail-account verschickt --> trojaner? |
|
01.07.2012, 18:25
| #7 |
| | spam-mails von hotmail-account verschickt --> trojaner? hier der combofix-scan Combofix Logfile: Code:
ATTFilter ComboFix 12-07-01.03 - Marilena 01.07.2012 19:06:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3958.2475 [GMT 2:00]
ausgeführt von:: c:\users\Marilena\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marilena\4.0
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-01 bis 2012-07-01 ))))))))))))))))))))))))))))))
.
.
2012-06-29 08:22 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DAD13AD-8E8F-45D4-9427-9ECAEF97C105}\mpengine.dll
2012-06-28 13:46 . 2012-06-28 13:46 -------- d-----w- c:\users\Marilena\AppData\Roaming\Malwarebytes
2012-06-28 13:46 . 2012-06-28 13:46 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 09:28 . 2012-06-23 09:28 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 09:28 . 2012-06-23 09:28 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 08:34 . 2012-06-23 08:34 -------- d-----w- c:\users\Marilena\AppData\Local\Macromedia
2012-06-21 16:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 16:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 16:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 16:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 16:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 16:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 16:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 16:12 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 16:12 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-07 22:12 . 2012-06-07 22:12 10744 ----a-w- c:\windows\SysWow64\vpncategories.dll
2012-06-07 22:12 . 2012-06-07 22:12 33784 ----a-w- c:\windows\SysWow64\vpnevents.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 06:59 . 2012-04-01 05:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 06:59 . 2011-11-13 22:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-07 21:55 . 2011-09-09 15:59 107432 ----a-r- c:\windows\system32\drivers\acsock64.sys
2012-05-09 19:56 . 2010-05-06 01:46 27048 ----a-w- c:\windows\system32\drivers\vpnva64.sys
2012-05-09 10:21 . 2012-05-18 08:45 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 10:21 . 2010-07-27 16:54 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-02 13:24 . 2012-05-14 18:37 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-27 08:20 . 2012-05-14 18:37 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-24 22:32 . 2012-05-14 18:37 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2009-06-02 24264488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 672760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-06-07 107432]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-06-07 535544]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 11:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Marilena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 5977600]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-23 172032]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Marilena\AppData\Roaming\Mozilla\Firefox\Profiles\agviln8i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: network.proxy.type - 2
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-01 19:18:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-01 17:18
.
Vor Suchlauf: 7 Verzeichnis(se), 407.293.992.960 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 407.070.658.560 Bytes frei
.
- - End Of File - - 1F035F9257C16293B97F534EA2AE43BF
|
|
02.07.2012, 10:21
| #8 |
| /// Selecta Jahrusso | spam-mails von hotmail-account verschickt --> trojaner? Macht der Rechner sonst irgendwelche Probleme ? Die Logfiles sehen OK aus. Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
02.07.2012, 10:47
| #9 |
| | spam-mails von hotmail-account verschickt --> trojaner? mir ist nichts großartiges aufgefallen. nur firefox macht seit geraumer zeit probleme, hängt sich desöfteren auf, braucht manchmal ungewöhnlich lange um seiten zu laden, etc. wenn wir mit dieser sache hier durch sind würd ich wahrscheinlich aber eh auf chrome umsteigen. wird ja hier im forum dem mozilla oft vorgezogen, so wie ich das hier rauslesen kann. zur sache mit dem farbar recovery scan. mir steht leider nur der "infizierte" pc zur verfügung. kann ich das tool trotzdem ganz normal mit firefox runterladen und dabei direkt auf den angeschlossenen usb-stick speichern oder führt das zu problemen? ------------------------------------------------------------------------------------ hab mir die datei heute von nem pc in der uni gezogen. ich denke, das ist der sicherste zu dem ich zugang habe (die it-leuten sollten das doch auf die reihe kriegen, hoff ich  jedenfalls hab ich das tool nun durchlaufen lassen: hier der scan Code:
ATTFilter Scan result of Farbar Recovery Scan Tool Version: 01-07-2012 01
Ran by SYSTEM at 02-07-2012 20:20:47
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [5977600 2009-12-22] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2009-10-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-01-23] (Sun Microsystems, Inc.)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [672760 2012-06-07] (Cisco Systems, Inc.)
HKU\Marilena\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [24264488 2009-06-02] (Skype Technologies S.A.)
HKU\Marilena\...\Policies\system: [DisableLockWorkstation] 0
HKU\Marilena\...\Policies\system: [DisableChangePassword] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Services (Whitelisted) ======
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-01] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-01] (Avira Operations GmbH & Co. KG)
2 ezSharedSvc; C:\Windows\SysWow64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)
2 vpnagent; "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [535544 2012-06-07] (Cisco Systems, Inc.)
========================== Drivers (Whitelisted) =============
3 acsock; C:\Windows\System32\DRIVERS\acsock64.sys [107432 2012-06-07] (Cisco Systems, Inc.)
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-04-24] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-04-27] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
4 eabfiltr; [x]
========================== NetSvcs (Whitelisted) ===========
NETSVCx32: ezSharedSvc -> C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
============ One Month Created Files and Folders ==============
2012-07-01 09:18 - 2012-07-01 09:18 - 00019158 ____A C:\ComboFix.txt
2012-07-01 09:05 - 2012-07-01 09:18 - 00000000 ____D C:\Qoobox
2012-07-01 09:05 - 2012-07-01 09:17 - 00000000 ____D C:\Windows\erdnt
2012-07-01 09:05 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-01 09:05 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-01 09:05 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-01 09:05 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-01 08:57 - 2012-07-01 08:57 - 04568829 ____R (Swearware) C:\Users\Marilena\Downloads\ComboFix.exe
2012-07-01 02:09 - 2012-07-01 02:09 - 00004616 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
2012-07-01 02:09 - 2012-05-09 02:18 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-07-01 02:09 - 2012-05-09 02:17 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-07-01 02:09 - 2012-05-09 02:17 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-30 05:27 - 2012-06-30 05:27 - 295055855 ____A C:\Windows\MEMORY.DMP
2012-06-30 05:27 - 2012-06-30 05:27 - 00270832 ____A C:\Windows\Minidump\063012-19141-01.dmp
2012-06-28 05:46 - 2012-06-28 05:46 - 00000000 ____D C:\Users\Marilena\AppData\Roaming\Malwarebytes
2012-06-28 05:46 - 2012-06-28 05:46 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-28 05:19 - 2012-06-28 05:19 - 00000000 ____A C:\Users\Marilena\Desktop\infos.txt
2012-06-28 04:59 - 2012-06-28 04:59 - 00000000 ____A C:\Users\Marilena\defogger_reenable
2012-06-28 04:39 - 2012-07-01 09:21 - 00000000 ____D C:\Users\Marilena\Desktop\neu
2012-06-23 00:34 - 2012-06-23 00:34 - 00000000 ____D C:\Users\Marilena\AppData\Local\Macromedia
2012-06-21 08:13 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 08:13 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 08:13 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 08:13 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 08:12 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 08:12 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 08:12 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 08:12 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 08:12 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-14 00:58 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 00:58 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 00:58 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 00:58 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 00:58 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 00:58 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 00:58 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 00:58 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 00:58 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 00:58 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 00:58 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 00:58 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 00:58 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 00:58 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 00:58 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 00:58 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 00:58 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 00:58 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 00:58 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 00:58 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 00:58 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 00:58 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 00:58 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 00:58 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-14 00:58 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 00:58 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 00:58 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 00:58 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 00:58 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 00:58 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 00:58 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 00:58 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 00:58 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 00:58 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 07:26 - 2012-06-12 07:26 - 00000000 ____A C:\Users\Marilena\Desktop\NICHT VERZAGEN, LUKAS FRAGEN!.txt
2012-06-12 06:43 - 2012-06-12 06:43 - 00000871 ____A C:\Users\Marilena\.recently-used.xbel
2012-06-12 06:31 - 2012-06-12 07:26 - 00000000 ____D C:\Users\Marilena\Desktop\Mama 50. Geburtstag - Kopie
2012-06-09 09:26 - 2012-06-12 12:10 - 00000000 ____D C:\Users\Marilena\Desktop\Mama 50. Geburtstag
2012-06-09 08:37 - 2012-06-09 08:56 - 00000000 ____D C:\Users\Marilena\Desktop\Weihnachten 2011
2012-06-09 08:37 - 2012-06-09 08:55 - 00000000 ____D C:\Users\Marilena\Desktop\Geburtstag 2011
2012-06-07 14:12 - 2012-06-07 14:12 - 00033784 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpnevents.dll
2012-06-07 14:12 - 2012-06-07 14:12 - 00010744 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpncategories.dll
============ 3 Months Modified Files ========================
2012-07-02 10:16 - 2012-03-31 22:46 - 01702999 ____A C:\Windows\WindowsUpdate.log
2012-07-02 09:59 - 2012-03-31 21:26 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-02 06:19 - 2010-01-23 14:31 - 00654166 ____A C:\Windows\System32\perfh007.dat
2012-07-02 06:19 - 2010-01-23 14:31 - 00130006 ____A C:\Windows\System32\perfc007.dat
2012-07-02 06:19 - 2009-07-13 21:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-02 00:48 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-02 00:48 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-02 00:41 - 2012-04-01 02:42 - 00008904 ____A C:\Windows\setupact.log
2012-07-02 00:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-01 09:18 - 2012-07-01 09:18 - 00019158 ____A C:\ComboFix.txt
2012-07-01 09:13 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-01 09:12 - 2012-05-13 01:43 - 00089984 ____A C:\Windows\PFRO.log
2012-07-01 08:57 - 2012-07-01 08:57 - 04568829 ____R (Swearware) C:\Users\Marilena\Downloads\ComboFix.exe
2012-07-01 02:09 - 2012-07-01 02:09 - 00004616 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
2012-06-30 07:58 - 2011-11-12 03:20 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-06-30 07:58 - 2010-07-27 09:55 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-30 05:27 - 2012-06-30 05:27 - 295055855 ____A C:\Windows\MEMORY.DMP
2012-06-30 05:27 - 2012-06-30 05:27 - 00270832 ____A C:\Windows\Minidump\063012-19141-01.dmp
2012-06-28 05:19 - 2012-06-28 05:19 - 00000000 ____A C:\Users\Marilena\Desktop\infos.txt
2012-06-28 04:59 - 2012-06-28 04:59 - 00000000 ____A C:\Users\Marilena\defogger_reenable
2012-06-22 22:59 - 2012-03-31 21:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-22 22:59 - 2011-11-13 14:04 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-16 04:06 - 2009-07-13 20:45 - 00387728 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-16 02:57 - 2010-07-28 06:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 11:04 - 2010-07-29 02:43 - 00750080 __ASH C:\Users\Marilena\Desktop\Thumbs.db
2012-06-12 07:26 - 2012-06-12 07:26 - 00000000 ____A C:\Users\Marilena\Desktop\NICHT VERZAGEN, LUKAS FRAGEN!.txt
2012-06-12 06:43 - 2012-06-12 06:43 - 00000871 ____A C:\Users\Marilena\.recently-used.xbel
2012-06-07 14:12 - 2012-06-07 14:12 - 00033784 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpnevents.dll
2012-06-07 14:12 - 2012-06-07 14:12 - 00010744 ____A (Cisco Systems, Inc.) C:\Windows\SysWOW64\vpncategories.dll
2012-06-07 13:55 - 2011-09-09 07:59 - 00107432 ___RA (Cisco Systems, Inc.) C:\Windows\System32\Drivers\acsock64.sys
2012-06-02 14:19 - 2012-06-21 08:13 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 08:13 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 08:13 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 08:12 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 08:12 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 08:13 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 08:12 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 05:19 - 2012-06-21 08:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-21 08:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-17 07:27 - 2012-05-17 04:59 - 05368074 ____A C:\Users\Marilena\Documents\Gerome_Das maurische Bad.pptx
2012-05-14 20:01 - 2012-06-14 00:58 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-14 00:58 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-14 00:58 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-14 00:58 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 17:32 - 2012-06-14 00:58 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 10:22 - 2012-05-14 10:20 - 99308192 ____A C:\Users\Marilena\Downloads\avira_free_antivirus_de.exe
2012-05-14 09:12 - 2012-05-14 09:12 - 02072385 ____A C:\Users\Marilena\Downloads\Die Toilette der Esther_Chasseriau.jpeg
2012-05-13 08:27 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-09 11:56 - 2010-05-05 17:46 - 00027048 ____A (Cisco Systems, Inc.) C:\Windows\System32\Drivers\vpnva64.sys
2012-05-09 02:21 - 2012-05-18 00:45 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-09 02:21 - 2010-07-27 08:54 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-09 02:18 - 2012-07-01 02:09 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-09 02:17 - 2012-07-01 02:09 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-09 02:17 - 2012-07-01 02:09 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-04 03:06 - 2012-06-14 00:58 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 00:58 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 00:58 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 05:24 - 2012-05-14 10:37 - 00027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2012-04-30 21:40 - 2012-06-14 00:58 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-14 00:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 00:20 - 2012-05-14 10:37 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-04-25 21:41 - 2012-06-14 00:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 00:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-14 00:58 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 14:32 - 2012-05-14 10:37 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-04-23 21:37 - 2012-06-14 00:58 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-14 00:58 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-14 00:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-14 00:58 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-14 00:58 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 00:58 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 21:42 - 2012-06-14 00:58 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 21:00 - 2012-06-14 00:58 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:00 - 2012-06-14 00:58 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 20:57 - 2012-06-14 00:58 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 20:57 - 2012-06-14 00:58 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 20:57 - 2012-06-14 00:58 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 20:56 - 2012-06-14 00:58 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 20:56 - 2012-06-14 00:58 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 20:56 - 2012-06-14 00:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 19:45 - 2012-06-14 00:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:16 - 2012-06-14 00:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-18 10:56 - 2012-04-18 10:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 10:56 - 2012-04-18 10:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-16 21:31 - 2012-06-14 00:58 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 20:34 - 2012-06-14 00:58 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-07 04:31 - 2012-06-14 00:58 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-14 00:58 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 18%
Total physical RAM: 3957.86 MB
Available physical RAM: 3237.45 MB
Total Pagefile: 3956.01 MB
Available Pagefile: 3227.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:452.56 GB) (Free:379.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:2.15 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1913 MB 0 B
Disk 2 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 452 GB 200 MB
Partition 3 Primary 12 GB 452 GB
Partition 4 Primary 103 MB 465 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 452 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 12 GB Healthy
==================================================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1912 MB 252 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 1912 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-06-29 04:15
======================= End Of Log ==========================
|
|
03.07.2012, 06:57
| #10 |
| /// Selecta Jahrusso | spam-mails von hotmail-account verschickt --> trojaner? Auch sauber. ESET Online Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.07.2012, 12:36
| #11 |
| | spam-mails von hotmail-account verschickt --> trojaner?Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9046a13582326541892daad5a4052caa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-03 11:32:25
# local_time=2012-07-03 01:32:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 4289968 4289968 0 0
# compatibility_mode=5893 16776574 100 94 326602 92940449 0 0
# compatibility_mode=8192 67108863 100 0 130 130 0 0
# scanned=208084
# found=0
# cleaned=0
# scan_time=4545
|
|
03.07.2012, 15:02
| #12 |
| /// Selecta Jahrusso | spam-mails von hotmail-account verschickt --> trojaner? Ändere mal deine Zugangspasswörter. Mit abc als Passwort kommt man heute nicht weit 
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
03.07.2012, 15:18
| #13 |
| | spam-mails von hotmail-account verschickt --> trojaner? werd ich machen hatte bisher ein 9-stelliges passwort (6 buchstaben / 3 ziffern) ist das noch zu kurz bzw. zu unsicher?heißt das im umkehrschluss, dass mein laptop sauber ist und nichts durch irgendwelche mails auf meinen rechner geladen wurde? schon mal vielen dank für deine hilfe. |
|
03.07.2012, 19:55
| #14 |
| /// Selecta Jahrusso | spam-mails von hotmail-account verschickt --> trojaner? Sollte eigentlich reichen. Ich seh da keine Malware aber behalte das mal im Auge und berichte. Ich halte das Thema noch ne Woche in den Abos
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
09.07.2012, 11:44
| #15 |
| /// Selecta Jahrusso | spam-mails von hotmail-account verschickt --> trojaner? Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu spam-mails von hotmail-account verschickt --> trojaner? |
| adobe, antivir, application/pdf, application/pdf:, autorun, avira, bho, bingbar, bonjour, desktop, document, error, explorer, firefox, firefox 13.0.1, flash player, format, hackangriff, helper, home, hotmail, mail-account, mailadresse, microsoft fix it, mozilla, object, plug-in, realtek, registry, scan, searchscopes, senden, software, tracker, trojaner, trojaner?, viele viren, windows |
Linear-Darstellung
