| |
| |||||||
Log-Analyse und Auswertung: Live Security Platinium InfektionWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.06.2012, 17:34
| #1 |
| |  Live Security Platinium Infektion Hallo, habe mir wahrshceinlich durch eine veraltete Windowsversion den Driveby "Live Security Platinium" herunter geladen  Ich habe folgende Anleitung gefunden zum entfernen: http://www.trojaner-board.de/116774-...entfernen.html Bisher habe ich den Malwarbytes Scanner durchlaufen lassen im Abgesicherten Modus. Er hat 10 Objekte identifiziert! Im Anhang habe ich die LOG dieses Scanns. Als 2. Schritt habe ich Malwarebytes nocheinmal laufen lassen. (nach Neustart) Die 2. Log befindet sich ebenfalls im Anhang. FRAGE: Soll ich die anderen 2 Scanner auch mal laufen lassen? Ich bin (jetzt) im besitz einer kaspersky internet security lizenz. Soll ich kaspersky dann jetzt installieren oder vorher nochmal die anderen 2 auf http://www.trojaner-board.de/116774-...entfernen.html empfohlenen scanner laufen lassen? Es scheint, als wäre ich erfolgreich gewesen. Aber in dieser Anleitung steht ich soll es dennoch nocheinmal von einem Profi, hier checken lassen. (Bitte nicht wundern, ich habe noch ein altes Norton drauf, von dessen die Lizenz abgelaufen ist. Nun habe ich, wie oben erwähnt, kaspersky. Eigentlich wollte ich Morgen den alten norton runterschmkeißen und kaspersky drauf machen Ich hoffe ich könnt mir schnell weiterhelfen. Hier auch die beiden OTL-Logs: OTL Code:
ATTFilter OTL logfile created on: 30.06.2012 17:52:13 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\USER\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 69,20% Memory free 6,20 Gb Paging File | 5,39 Gb Available in Paging File | 86,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 394,43 Gb Free Space | 88,49% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,40 Gb Free Space | 52,01% Space Free | Partition Type: FAT32 Drive I: | 7,54 Gb Total Space | 3,17 Gb Free Space | 42,05% Space Free | Partition Type: FAT32 Computer Name: USERS-COM | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\USER\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\dradio-Recorder\phonostarTimer.exe () PRC - C:\Programme\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\dradio-Recorder\phonostarTimer.exe () MOD - C:\Programme\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (ASPI32) -- File not found DRV - (AmdLLD) -- system32\DRIVERS\AmdLLD.sys File not found DRV - (ab4d8j7y) -- File not found DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120525.004\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120525.004\NAVENG.SYS (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120524.001\IDSvix86.sys (Symantec Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120517.001\BHDrvx86.sys (Symantec Corporation) DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1307010.005\symtdiv.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1307010.005\ironx86.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1307010.005\symds.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.sys (Symantec Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices) DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (ADM851X) -- C:\Windows\System32\drivers\ADM851X.SYS (ADMtek Incorporated) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://de.search.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://de.search.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{771B12CD-DD23-40C7-8739-FF2FE1612C67}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=D78B62C4-871F-4EA3-AE18-5D730B44C6BF&apn_sauid=2BB3ADFD-40D7-40B2-B17C-D75CA0A582B9 IE - HKCU\..\SearchScopes\{99CBFDF3-803F-4FEC-ACD2-3D5262430917}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18 IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92260067943109388 IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\IPSFFPlgn\ [2012.05.20 11:57:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\coFFPlgn\ [2012.06.30 11:13:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.30 11:54:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.29 13:18:02 | 000,000,000 | ---D | M] [2010.12.31 16:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Extensions [2010.12.31 16:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2012.06.29 11:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lucle53z.default\extensions [2011.01.26 21:36:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lucle53z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.04.05 10:29:49 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lucle53z.default\extensions\toolbar@ask.com [2012.05.20 12:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.20 12:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.05.20 12:51:07 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de File not found (No name found) -- C:\PROGRAM FILES\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} [2012.06.30 11:54:55 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.05 10:18:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: telekom.de ([serviceportal] https in Trusted sites) O15 - HKCU\..Trusted Domains: t-home.de ([www] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB4F9C9A-5761-45C7-82F4-E668C98E656C}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0b163e5c-8b2e-11de-a046-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0b163e5c-8b2e-11de-a046-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe /AUTORUN O33 - MountPoints2\{0b163e5c-8b2e-11de-a046-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe O33 - MountPoints2\{0b163e5c-8b2e-11de-a046-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe O33 - MountPoints2\{19608520-7884-11df-9e7a-001d92b5c41f}\Shell - "" = AutoRun O33 - MountPoints2\{19608520-7884-11df-9e7a-001d92b5c41f}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.30 17:51:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe [2012.06.30 12:00:33 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Malwarebytes [2012.06.30 12:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.30 12:00:28 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.30 12:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.30 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.30 11:41:45 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012.06.30 11:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85B2C0004202101238016570F1C8B [2012.06.30 10:35:25 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\geb [2012.06.30 09:22:05 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.30 09:22:05 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.30 09:21:53 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.30 09:21:53 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.30 09:21:53 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.30 09:21:44 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.30 09:21:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.06.25 07:56:17 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Macromedia [2012.06.11 19:29:02 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\dealgigant wird bearbeitet [2012.06.11 19:28:43 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\dealgigant belege schon fertig [2012.06.11 19:22:50 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\gutschein quicker ========== Files - Modified Within 30 Days ========== [2012.06.30 17:55:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.30 17:50:45 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 17:50:45 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 17:50:42 | 000,396,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.30 17:50:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.30 17:50:27 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys [2012.06.30 13:12:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe [2012.06.30 13:06:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.06.30 11:58:25 | 000,001,356 | ---- | M] () -- C:\Users\USER\AppData\Local\d3d9caps.dat [2012.06.30 11:42:47 | 000,624,320 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.30 11:42:47 | 000,591,614 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.30 11:42:47 | 000,125,020 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.30 11:42:47 | 000,102,644 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.25 07:55:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.06.25 07:55:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.06.04 20:40:40 | 000,456,592 | ---- | M] () -- C:\Users\USER\Desktop\dealgigant kassenbon bepanthen.pdf [2012.06.04 15:58:38 | 000,150,793 | ---- | M] () -- C:\Users\USER\Desktop\2012_06rechnung_4736986966.pdf [2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe ========== Files Created - No Company Name ========== [2012.06.30 17:50:27 | 3220,365,312 | -HS- | C] () -- C:\hiberfil.sys [2012.06.04 20:40:21 | 000,456,592 | ---- | C] () -- C:\Users\USER\Desktop\dealgigant kassenbon bepanthen.pdf [2012.06.04 20:17:15 | 000,150,793 | ---- | C] () -- C:\Users\USER\Desktop\2012_06rechnung_4736986966.pdf [2012.05.29 23:03:19 | 000,138,555 | ---- | C] () -- C:\Users\USER\Kessler, Marcel.V2011 [2012.01.16 10:19:21 | 000,055,167 | ---- | C] () -- C:\Windows\War3Unin.dat [2012.01.10 22:38:52 | 000,002,048 | -HS- | C] () -- C:\Users\USER\AppData\Local\{e78aff6b-fbf4-a0d9-bf2c-8429f28cb4c7}\@ [2011.12.28 19:12:57 | 000,000,458 | ---- | C] () -- C:\Windows\wiso.ini [2011.06.21 21:46:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.06.21 21:46:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.05.21 19:04:27 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.05.14 00:12:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.03.23 11:14:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.03.27 15:23:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.01.02 18:45:56 | 000,025,088 | ---- | C] () -- C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.22 00:14:21 | 000,000,760 | ---- | C] () -- C:\Users\USER\AppData\Roaming\setup_ldm.iss [2009.09.11 23:29:49 | 000,015,428 | ---- | C] () -- C:\Users\USER\RefEdit.exd [2009.08.17 15:38:20 | 000,052,878 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.08.17 15:38:20 | 000,052,878 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.17 14:49:12 | 000,001,356 | ---- | C] () -- C:\Users\USER\AppData\Local\d3d9caps.dat < End of report > EXTRA Code:
ATTFilter OTL Extras logfile created on: 30.06.2012 17:52:13 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\USER\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 69,20% Memory free
6,20 Gb Paging File | 5,39 Gb Available in Paging File | 86,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 394,43 Gb Free Space | 88,49% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,40 Gb Free Space | 52,01% Space Free | Partition Type: FAT32
Drive I: | 7,54 Gb Total Space | 3,17 Gb Free Space | 42,05% Space Free | Partition Type: FAT32
Computer Name: USERS-COM | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Saturn\Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3768843071-2336861419-4020039175-1000]
"EnableNotificationsRef" = 3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BC2BA5-FFF7-4A22-BEA9-343D01D3C5CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{208F2D80-3A0E-471D-884A-9B5B1B649B2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{300FCD30-64BE-452D-A837-30979E537B0D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{44AFFE16-94B5-4A46-AC92-5CE41C531B27}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C855B90-25D5-4575-B143-307B7800CDF8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{6C6D811B-C1D3-4B37-B757-FE169DA4FAAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75200BE8-AD7A-4EC0-8C97-4BEAA27A584E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{818BDB41-BD57-47E4-AB13-D6A189A212E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5C803D4-E057-496D-9EF1-16B101B32EF3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB1029C4-7171-4DF1-B703-0C7B4B341C9C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F5079094-4CE0-4C32-9EE5-EBB9EBA446B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8908131-CABB-4FB9-B3BE-229B308AC4EB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E244AA2-2EE8-4E80-92F7-03ED1E504D3C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1734203F-2673-4A5E-AE78-F8781C0D9EF1}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{17845E04-AE1A-4998-A2B2-CA29CC60852B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D993BE7-356F-4206-B6CF-8FB8D19704C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3303D83E-2987-48D5-8676-E2480189D607}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3543DEF1-02F3-46E9-924A-F16840479AF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C619D06-D8BB-48C1-82A6-AA0E332F6FF6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3CED5210-A9E6-46F4-9791-85138C3D8917}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{416EE615-0F6C-4BDE-8D0B-48F5071ABD4D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{42637A13-7840-44F9-B608-87F421F8660A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42750E12-3D7E-4F5A-80C6-D002DD890D0D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{44748262-0A5A-42C2-A035-2C9D1B03E143}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4BAC07E0-CBFD-4746-AFA7-1B3B4ADA52B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55BD43B2-5843-4240-A0CA-8EB408359DDE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5C612ADA-E5BC-4AD6-AFA0-7FBE2D56E941}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{609737DE-6E12-4360-B880-0A667E8DECD7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{694B5E86-D1FB-4D73-9997-45C646D461BD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6B63B5E1-4013-460E-BA68-A3AC85122A21}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7082C863-BE15-446D-BF6C-60AC3C66D3AE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{724AF924-2B4F-4967-A385-F10D234BF9A3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7B376456-4248-484C-B300-0EFC7D1CDC00}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82903182-7242-4C1F-AFBE-F8112C664C1C}" = protocol=6 | dir=out | app=system |
"{87538758-5E18-4AC3-A1CF-EDA055AB625D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8772740D-B0E3-4023-ABA7-BF4249774228}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8A49FC29-B7D4-41E6-8267-02083C42CAFF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{99C53CE9-5BF2-408D-8E31-D00D065184CE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A4E138BD-D3DE-4CC4-81A2-AA4CEBFEC977}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ABC85571-F53E-472D-A812-5886B5FC11B2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AD84D46B-F004-4A97-B222-61B43502A1DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1ACCF7D-8CA6-415D-88B7-63A607D4F71A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B389A223-C225-441C-A235-52C29E93EC86}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C0A23E75-13C0-40CA-95FB-265634A0F536}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C1158BC1-1FC3-404D-B4E5-2CD9B8B26D22}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{DE310B7D-0481-4C43-AA64-25889D415684}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DF372377-E95B-490B-B052-64A712751B26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDA284C6-AA27-4E8D-925D-DC45E41FA1FE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EF90EE6D-2047-440B-B1E8-4867C087D1B7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{3A8BD8CB-D683-452E-9C50-B0E0E0258108}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{C998ABC9-25AF-463F-A4BB-856AB5AC4A24}C:\program files\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
"UDP Query User{478E38E3-D164-4517-BA87-371B35523507}C:\program files\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
"UDP Query User{C25F4DD1-1408-4F53-963A-135505718B72}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23CE4550-F67C-4114-88DF-FE923BC13E7F}" = Medion Media Center for Medion
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{28E30152-32C5-4152-8C87-6C638E695CEC}" = Steuer Update 15.09
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5A065EA0-0EEC-4E94-A2A0-40812576C122}" = Ulead PhotoImpact 10
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F251952-43A3-1305-997C-5B285C76FCAD}" = ATI Catalyst Install Manager
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C3542652-4C59-4A96-982A-06EBB3F47819}" = Steuer-Hilfesammlung 2009
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"CCleaner" = CCleaner
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.6
"Fotoservice" = Fotoservice
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office14.SingleImage" = Microsoft Office Professional 2010
"PDF Blender" = PDF Blender
"QcDrv" = Logitech® Camera-Treiber
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Suche Schutzvorkehrung
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.06.2012 03:20:00 | Computer Name = USERs-Com | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2012 05:13:19 | Computer Name = USERs-Com | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.06.2012 05:13:54 | Computer Name = USERs-Com | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2012 05:54:24 | Computer Name = USERs-Com | Source = EventSystem | ID = 4609
Description =
Error - 30.06.2012 05:55:10 | Computer Name = USERs-Com | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2012 06:52:58 | Computer Name = USERs-Com | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.06.2012 07:08:08 | Computer Name = USERs-Com | Source = EventSystem | ID = 4609
Description =
Error - 30.06.2012 07:08:54 | Computer Name = USERs-Com | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2012 11:50:53 | Computer Name = USERs-Com | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.06.2012 11:51:18 | Computer Name = USERs-Com | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 18.12.2010 14:07:02 | Computer Name = USERs-Com | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide
Error - 18.06.2011 16:50:17 | Computer Name = USERs-Com | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 23.06.2011 07:13:02 | Computer Name = USERs-Com | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 05.09.2011 15:30:45 | Computer Name = USERs-Com | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 30.06.2012 07:08:01 | Computer Name = USERs-Com | Source = DCOM | ID = 10005
Description =
Error - 30.06.2012 07:08:08 | Computer Name = USERs-Com | Source = DCOM | ID = 10005
Description =
Error - 30.06.2012 07:08:10 | Computer Name = USERs-Com | Source = DCOM | ID = 10005
Description =
Error - 30.06.2012 07:08:12 | Computer Name = USERs-Com | Source = DCOM | ID = 10005
Description =
Error - 30.06.2012 07:08:54 | Computer Name = USERs-Com | Source = Service Control Manager | ID = 7001
Description =
Error - 30.06.2012 07:08:54 | Computer Name = USERs-Com | Source = Service Control Manager | ID = 7023
Description =
Error - 30.06.2012 07:08:54 | Computer Name = USERs-Com | Source = Service Control Manager | ID = 7026
Description =
Error - 30.06.2012 11:50:40 | Computer Name = USERs-Com | Source = Microsoft Antimalware | ID = 5101
Description = Die Karenzzeit für %%860 ist abgelaufen. Der Schutz vor Viren, Spyware
und anderer potenziell unerwünschter Software wurde deaktiviert. Grund für den Ablauf:
%%873 Ablaufdatum (UTC): ?30.?06.?2012 15:50:40 Fehlercode: 0x80092003 Fehlerbeschreibung:
Beim Lesen oder Schreiben einer Datei ist ein Fehler aufgetreten.
Error - 30.06.2012 11:51:18 | Computer Name = USERs-Com | Source = Service Control Manager | ID = 7000
Description =
Error - 30.06.2012 11:51:18 | Computer Name = USERs-Com | Source = Service Control Manager | ID = 7023
Description =
< End of report >
|
|
30.06.2012, 18:09
| #2 |
| /// Malware-holic   | Live Security Platinium Infektion hi
__________________für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache bei name eigenen namen einsetzen bitte rechtsklick, mit winrar oder zip packen, hochladen und bescheid geben wenn fertig. Trojaner-Board Upload Channel
__________________ |
|
01.07.2012, 20:46
| #3 |
| | Live Security Platinium Infektion Habe den Ordner Hochgeladen
__________________ |
|
01.07.2012, 21:28
| #4 | |
| /// Malware-holic | Live Security Platinium Infektion danke Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.07.2012, 22:51
| #5 |
| | Live Security Platinium Infektion Hier die Combofix log Code:
ATTFilter ComboFix 12-07-01.03 - USER 01.07.2012 23:38:54.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1896 [GMT 2:00]
ausgeführt von:: c:\users\USER\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\%APPDATA%
c:\program files\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
c:\users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9B9D2415-05F5-4F51-952C-649F1D189CC6}.xps
c:\users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BF1DA1A1-8D7F-459C-8A43-51CA2CCD374A}.xps
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-01 bis 2012-07-01 ))))))))))))))))))))))))))))))
.
.
2012-07-01 21:46 . 2012-07-01 21:47 -------- d-----w- c:\users\USER\AppData\Local\temp
2012-07-01 21:46 . 2012-07-01 21:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-01 21:46 . 2012-07-01 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 16:36 . 2012-06-30 16:36 -------- d-----w- c:\program files\Common Files\Java
2012-06-30 16:30 . 2012-06-30 16:30 -------- d-----w- c:\program files\Oracle
2012-06-30 16:30 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-30 10:00 . 2012-06-30 10:00 -------- d-----w- c:\users\USER\AppData\Roaming\Malwarebytes
2012-06-30 10:00 . 2012-06-30 10:00 -------- d-----w- c:\programdata\Malwarebytes
2012-06-30 10:00 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 10:00 . 2012-06-30 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-30 09:08 . 2012-06-30 09:08 -------- d-----w- c:\programdata\B7E85B2C0004202101238016570F1C8B
2012-06-30 07:30 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-30 07:30 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-30 07:30 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-30 07:30 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-30 07:30 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-30 07:22 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-30 07:22 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-30 07:22 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-30 07:22 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-30 07:21 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-30 07:21 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-30 07:21 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-30 07:21 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-30 07:21 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-29 19:31 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D571A60-BB39-4877-A5A9-1D5192924A2C}\mpengine.dll
2012-06-25 05:56 . 2012-06-25 05:56 -------- d-----w- c:\users\USER\AppData\Local\Macromedia
2012-06-08 18:30 . 2012-06-08 18:30 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-08 18:30 . 2012-06-08 18:30 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 05:55 . 2012-05-14 18:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 05:55 . 2012-01-16 15:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 17:29 . 2010-12-28 17:48 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-13 07:36 . 2012-05-01 17:15 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20A0E49B-3678-4A30-8800-4AD5D10B412B}\mpengine.dll
2012-04-13 07:36 . 2011-09-06 18:29 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-03 08:16 . 2012-05-11 20:15 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 20:15 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-30 09:54 . 2011-04-01 07:49 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"dradio-RecorderTimer"="c:\program files\dradio-Recorder\phonostarTimer.exe" [2012-04-03 41472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 11:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-RecorderTimer]
2012-04-03 15:14 41472 ----a-w- c:\program files\dradio-Recorder\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2010-09-15 09:11 339312 ----a-w- c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 14:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 14:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 08:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 23:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2004-11-26 09:43 90112 ------w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3768843071-2336861419-4020039175-1000]
"EnableNotificationsRef"=dword:00000003
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ADM851X.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 05:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937
mStart Page = hxxp://de.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: t-home.de\www
Trusted Zone: telekom.de\serviceportal
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\lucle53z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.teleboerse.de/|hxxp://de.advfn.com/p.php?pid=staticchart&s=T^lsg&p=0&t=32&dm=0&vol=1|hxxp://portfolio.finanztreff.de/depot_portfolio.htn?u=18986&k=PtNJ4Hyd6On2O1ufyxPTVg|hxxp://www.dealgigant.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
URLSearchHooks-{b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
MSConfigStartUp-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Ulead AutoDetector - c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-01 23:47
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
Zeit der Fertigstellung: 2012-07-01 23:48:35
ComboFix-quarantined-files.txt 2012-07-01 21:48
.
Vor Suchlauf: 10 Verzeichnis(se), 423.961.796.608 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 424.201.703.424 Bytes frei
.
- - End Of File - - CE8F698AF63C4130C9F0751E79AA8E6C
|
|
02.07.2012, 11:36
| #6 |
| /// Malware-holic | Live Security Platinium Infektion download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Live Security Platinium Infektion |
|
08.07.2012, 12:56
| #7 |
| | Live Security Platinium Infektion Sorry hat etwas länger gedauert, aber kann den PC nur am WE bearbeiten. Also so geht es weiter hier der TDS-Killer log bei übersprungenen funden: Code:
ATTFilter 13:54:04.0824 5896 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
13:54:05.0069 5896 ============================================================
13:54:05.0069 5896 Current date / time: 2012/07/08 13:54:05.0069
13:54:05.0069 5896 SystemInfo:
13:54:05.0069 5896
13:54:05.0070 5896 OS Version: 6.0.6002 ServicePack: 2.0
13:54:05.0070 5896 Product type: Workstation
13:54:05.0070 5896 ComputerName: USERS-COM
13:54:05.0070 5896 UserName: USER
13:54:05.0070 5896 Windows directory: C:\Windows
13:54:05.0070 5896 System windows directory: C:\Windows
13:54:05.0070 5896 Processor architecture: Intel x86
13:54:05.0070 5896 Number of processors: 4
13:54:05.0071 5896 Page size: 0x1000
13:54:05.0071 5896 Boot type: Normal boot
13:54:05.0071 5896 ============================================================
13:54:06.0261 5896 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:54:06.0309 5896 Drive \Device\Harddisk4\DR4 - Size: 0x1E3C00000 (7.56 Gb), SectorSize: 0x200, Cylinders: 0x3DA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:54:06.0310 5896 ============================================================
13:54:06.0310 5896 \Device\Harddisk0\DR0:
13:54:06.0362 5896 MBR partitions:
13:54:06.0362 5896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37B83000
13:54:06.0388 5896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x37B8383F, BlocksNum 0x2801402
13:54:06.0388 5896 \Device\Harddisk4\DR4:
13:54:06.0390 5896 MBR partitions:
13:54:06.0390 5896 \Device\Harddisk4\DR4\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xF1DFE0
13:54:06.0390 5896 ============================================================
13:54:06.0465 5896 C: <-> \Device\Harddisk0\DR0\Partition0
13:54:06.0475 5896 D: <-> \Device\Harddisk0\DR0\Partition1
13:54:06.0476 5896 ============================================================
13:54:06.0476 5896 Initialize success
13:54:06.0476 5896 ============================================================
13:54:25.0667 5884 ============================================================
13:54:25.0667 5884 Scan started
13:54:25.0667 5884 Mode: Manual; SigCheck; TDLFS;
13:54:25.0667 5884 ============================================================
13:54:26.0342 5884 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:54:26.0548 5884 ACPI - ok
13:54:26.0600 5884 ADM851X (e8b85009b41a010ee95fe3fc5c7808ad) C:\Windows\system32\DRIVERS\ADM851X.SYS
13:54:26.0643 5884 ADM851X - ok
13:54:26.0949 5884 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:54:26.0969 5884 AdobeARMservice - ok
13:54:27.0127 5884 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:54:27.0153 5884 AdobeFlashPlayerUpdateSvc - ok
13:54:27.0200 5884 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:54:27.0249 5884 adp94xx - ok
13:54:27.0294 5884 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:54:27.0335 5884 adpahci - ok
13:54:27.0361 5884 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:54:27.0387 5884 adpu160m - ok
13:54:27.0456 5884 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:54:27.0482 5884 adpu320 - ok
13:54:27.0514 5884 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:54:27.0601 5884 AeLookupSvc - ok
13:54:27.0663 5884 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:54:27.0722 5884 AFD - ok
13:54:27.0753 5884 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:54:27.0776 5884 agp440 - ok
13:54:27.0826 5884 ahcix86s (8dc09f3b54ddcaeb52e0dcfa1d55b26a) C:\Windows\system32\DRIVERS\ahcix86s.sys
13:54:27.0871 5884 ahcix86s - ok
13:54:28.0133 5884 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:54:28.0234 5884 aic78xx - ok
13:54:28.0285 5884 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:54:28.0414 5884 ALG - ok
13:54:28.0437 5884 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:54:28.0460 5884 aliide - ok
13:54:28.0491 5884 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:54:28.0515 5884 amdagp - ok
13:54:28.0553 5884 amdide (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
13:54:28.0570 5884 amdide - ok
13:54:28.0588 5884 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:54:28.0645 5884 AmdK7 - ok
13:54:28.0669 5884 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:54:28.0740 5884 AmdK8 - ok
13:54:28.0753 5884 AmdLLD - ok
13:54:28.0835 5884 AnyDVD (7e0323162c933dce87d2bbf11a255174) C:\Windows\system32\Drivers\AnyDVD.sys
13:54:28.0849 5884 AnyDVD - ok
13:54:28.0901 5884 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:54:28.0952 5884 Appinfo - ok
13:54:29.0045 5884 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:54:29.0061 5884 arc - ok
13:54:29.0098 5884 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:54:29.0123 5884 arcsas - ok
13:54:29.0136 5884 ASPI32 - ok
13:54:29.0161 5884 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:54:29.0217 5884 AsyncMac - ok
13:54:29.0267 5884 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:54:29.0290 5884 atapi - ok
13:54:29.0302 5884 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:54:29.0345 5884 AtiPcie - ok
13:54:29.0398 5884 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:54:29.0452 5884 AudioEndpointBuilder - ok
13:54:29.0460 5884 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:54:29.0498 5884 Audiosrv - ok
13:54:29.0513 5884 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:54:29.0577 5884 Beep - ok
13:54:29.0632 5884 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:54:29.0669 5884 BFE - ok
13:54:29.0770 5884 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
13:54:29.0840 5884 BITS - ok
13:54:29.0861 5884 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:54:29.0887 5884 blbdrive - ok
13:54:29.0912 5884 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:54:29.0942 5884 bowser - ok
13:54:29.0967 5884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:54:29.0999 5884 BrFiltLo - ok
13:54:30.0010 5884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:54:30.0053 5884 BrFiltUp - ok
13:54:30.0096 5884 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:54:30.0150 5884 Browser - ok
13:54:30.0187 5884 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:54:30.0363 5884 Brserid - ok
13:54:30.0379 5884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:54:30.0462 5884 BrSerWdm - ok
13:54:30.0492 5884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:54:30.0553 5884 BrUsbMdm - ok
13:54:30.0572 5884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:54:30.0632 5884 BrUsbSer - ok
13:54:30.0651 5884 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:54:30.0709 5884 BTHMODEM - ok
13:54:30.0751 5884 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
13:54:30.0784 5884 BthServ - ok
13:54:30.0850 5884 catchme - ok
13:54:30.0879 5884 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:54:30.0927 5884 cdfs - ok
13:54:30.0968 5884 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:54:31.0003 5884 cdrom - ok
13:54:31.0047 5884 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:54:31.0088 5884 CertPropSvc - ok
13:54:31.0162 5884 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:54:31.0216 5884 circlass - ok
13:54:31.0439 5884 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:54:31.0481 5884 CLFS - ok
13:54:31.0631 5884 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:54:31.0654 5884 clr_optimization_v2.0.50727_32 - ok
13:54:31.0741 5884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:54:31.0763 5884 clr_optimization_v4.0.30319_32 - ok
13:54:31.0799 5884 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:54:31.0821 5884 cmdide - ok
13:54:31.0841 5884 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
13:54:31.0863 5884 Compbatt - ok
13:54:31.0868 5884 COMSysApp - ok
13:54:31.0887 5884 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:54:31.0910 5884 crcdisk - ok
13:54:31.0949 5884 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:54:32.0003 5884 Crusoe - ok
13:54:32.0048 5884 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
13:54:32.0112 5884 CryptSvc - ok
13:54:32.0298 5884 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:54:32.0353 5884 DcomLaunch - ok
13:54:32.0384 5884 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:54:32.0436 5884 DfsC - ok
13:54:32.0674 5884 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:54:32.0834 5884 DFSR - ok
13:54:33.0164 5884 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:54:33.0253 5884 Dhcp - ok
13:54:33.0306 5884 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:54:33.0334 5884 disk - ok
13:54:33.0380 5884 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:54:33.0422 5884 Dnscache - ok
13:54:33.0456 5884 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:54:33.0490 5884 dot3svc - ok
13:54:33.0545 5884 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:54:33.0588 5884 DPS - ok
13:54:33.0624 5884 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:54:33.0674 5884 drmkaud - ok
13:54:33.0873 5884 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:54:33.0898 5884 DXGKrnl - ok
13:54:33.0935 5884 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:54:33.0971 5884 E1G60 - ok
13:54:33.0988 5884 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:54:34.0008 5884 EapHost - ok
13:54:34.0071 5884 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:54:34.0086 5884 Ecache - ok
13:54:34.0240 5884 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:54:34.0290 5884 ehRecvr - ok
13:54:34.0316 5884 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:54:34.0357 5884 ehSched - ok
13:54:34.0387 5884 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:54:34.0421 5884 ehstart - ok
13:54:34.0462 5884 ElbyCDIO (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:54:34.0481 5884 ElbyCDIO - ok
13:54:34.0563 5884 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:54:34.0599 5884 elxstor - ok
13:54:34.0777 5884 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:54:34.0856 5884 EMDMgmt - ok
13:54:34.0883 5884 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:54:34.0938 5884 ErrDev - ok
13:54:34.0979 5884 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:54:35.0030 5884 EventSystem - ok
13:54:35.0082 5884 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:54:35.0132 5884 exfat - ok
13:54:35.0202 5884 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:54:35.0254 5884 fastfat - ok
13:54:35.0275 5884 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:54:35.0331 5884 fdc - ok
13:54:35.0380 5884 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:54:35.0424 5884 fdPHost - ok
13:54:35.0442 5884 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:54:35.0501 5884 FDResPub - ok
13:54:35.0512 5884 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:54:35.0525 5884 FileInfo - ok
13:54:35.0548 5884 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:54:35.0608 5884 Filetrace - ok
13:54:35.0636 5884 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:54:35.0676 5884 flpydisk - ok
13:54:35.0720 5884 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:54:35.0748 5884 FltMgr - ok
13:54:35.0898 5884 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:54:35.0977 5884 FontCache - ok
13:54:36.0108 5884 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:54:36.0129 5884 FontCache3.0.0.0 - ok
13:54:36.0181 5884 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:54:36.0219 5884 Fs_Rec - ok
13:54:36.0268 5884 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
13:54:36.0287 5884 FTDIBUS - ok
13:54:36.0341 5884 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
13:54:36.0358 5884 FTSER2K - ok
13:54:36.0382 5884 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:54:36.0406 5884 gagp30kx - ok
13:54:36.0457 5884 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:54:36.0539 5884 gpsvc - ok
13:54:36.0607 5884 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:54:36.0720 5884 HdAudAddService - ok
13:54:36.0862 5884 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:54:36.0933 5884 HDAudBus - ok
13:54:36.0959 5884 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:54:37.0047 5884 HidBth - ok
13:54:37.0066 5884 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:54:37.0129 5884 HidIr - ok
13:54:37.0171 5884 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
13:54:37.0192 5884 hidserv - ok
13:54:37.0231 5884 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:54:37.0272 5884 HidUsb - ok
13:54:37.0333 5884 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:54:37.0401 5884 hkmsvc - ok
13:54:37.0446 5884 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:54:37.0469 5884 HpCISSs - ok
13:54:37.0523 5884 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:54:37.0594 5884 HTTP - ok
13:54:37.0629 5884 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:54:37.0652 5884 i2omp - ok
13:54:37.0684 5884 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:54:37.0727 5884 i8042prt - ok
13:54:37.0751 5884 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:54:37.0787 5884 iaStorV - ok
13:54:38.0008 5884 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:54:38.0025 5884 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:54:38.0025 5884 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:54:38.0158 5884 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:54:38.0222 5884 idsvc - ok
13:54:38.0241 5884 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:54:38.0262 5884 iirsp - ok
13:54:38.0449 5884 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:54:38.0500 5884 IKEEXT - ok
13:54:38.0758 5884 IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
13:54:38.0857 5884 IntcAzAudAddService - ok
13:54:39.0048 5884 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:54:39.0073 5884 intelide - ok
13:54:39.0110 5884 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:54:39.0165 5884 intelppm - ok
13:54:39.0192 5884 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:54:39.0251 5884 IPBusEnum - ok
13:54:39.0289 5884 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:54:39.0347 5884 IpFilterDriver - ok
13:54:39.0427 5884 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:54:39.0473 5884 iphlpsvc - ok
13:54:39.0480 5884 IpInIp - ok
13:54:39.0518 5884 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:54:39.0564 5884 IPMIDRV - ok
13:54:39.0665 5884 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:54:39.0716 5884 IPNAT - ok
13:54:39.0737 5884 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:54:39.0781 5884 IRENUM - ok
13:54:39.0800 5884 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:54:39.0823 5884 isapnp - ok
13:54:39.0874 5884 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:54:39.0902 5884 iScsiPrt - ok
13:54:39.0924 5884 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:54:39.0946 5884 iteatapi - ok
13:54:39.0978 5884 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:54:40.0000 5884 iteraid - ok
13:54:40.0047 5884 Iviaspi (94a8c9436c36cd9657cfed0043066b9c) C:\Windows\system32\drivers\iviaspi.sys
13:54:40.0055 5884 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
13:54:40.0056 5884 Iviaspi - detected UnsignedFile.Multi.Generic (1)
13:54:40.0074 5884 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:54:40.0086 5884 kbdclass - ok
13:54:40.0127 5884 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:54:40.0154 5884 kbdhid - ok
13:54:40.0190 5884 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:54:40.0241 5884 KeyIso - ok
13:54:40.0292 5884 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:54:40.0327 5884 KSecDD - ok
13:54:40.0382 5884 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:54:40.0472 5884 KtmRm - ok
13:54:40.0506 5884 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
13:54:40.0552 5884 LanmanServer - ok
13:54:40.0596 5884 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:54:40.0645 5884 LanmanWorkstation - ok
13:54:40.0679 5884 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:54:40.0719 5884 lltdio - ok
13:54:40.0816 5884 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:54:40.0871 5884 lltdsvc - ok
13:54:40.0898 5884 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:54:40.0977 5884 lmhosts - ok
13:54:41.0025 5884 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:54:41.0039 5884 LSI_FC - ok
13:54:41.0063 5884 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:54:41.0077 5884 LSI_SAS - ok
13:54:41.0095 5884 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:54:41.0109 5884 LSI_SCSI - ok
13:54:41.0146 5884 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:54:41.0200 5884 luafv - ok
13:54:41.0458 5884 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys
13:54:41.0547 5884 LVcKap - ok
13:54:41.0696 5884 LVCOMSer (14e4cc4d46169759d874f57604ea6be5) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
13:54:41.0718 5884 LVCOMSer - ok
13:54:42.0127 5884 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\Windows\system32\DRIVERS\LVMVDrv.sys
13:54:42.0219 5884 LVMVDrv - ok
13:54:42.0568 5884 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
13:54:42.0585 5884 LVPr2Mon - ok
13:54:42.0713 5884 LVPrcSrv (b2d04e813ba12ab179daf0b9fdecba3d) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
13:54:42.0734 5884 LVPrcSrv - ok
13:54:42.0759 5884 LVSrvLauncher (a7a2ef5000007ca361da1e2b99df8c57) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
13:54:42.0781 5884 LVSrvLauncher - ok
13:54:42.0818 5884 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\Windows\system32\drivers\LVUSBSta.sys
13:54:42.0835 5884 LVUSBSta - ok
13:54:42.0863 5884 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:54:42.0884 5884 MBAMProtector - ok
13:54:43.0094 5884 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:54:43.0162 5884 MBAMService - ok
13:54:43.0187 5884 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:54:43.0212 5884 Mcx2Svc - ok
13:54:43.0278 5884 MDM (352d5c438a675fa9721e8cf6e02b92b1) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:54:43.0308 5884 MDM ( UnsignedFile.Multi.Generic ) - warning
13:54:43.0308 5884 MDM - detected UnsignedFile.Multi.Generic (1)
13:54:43.0348 5884 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:54:43.0371 5884 megasas - ok
13:54:43.0423 5884 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:54:43.0473 5884 MegaSR - ok
13:54:43.0489 5884 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:54:43.0551 5884 MMCSS - ok
13:54:43.0575 5884 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:54:43.0616 5884 Modem - ok
13:54:43.0634 5884 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:54:43.0676 5884 monitor - ok
13:54:43.0712 5884 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:54:43.0725 5884 mouclass - ok
13:54:43.0732 5884 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:54:43.0760 5884 mouhid - ok
13:54:43.0894 5884 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:54:43.0920 5884 MountMgr - ok
13:54:43.0985 5884 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:54:44.0009 5884 MozillaMaintenance - ok
13:54:44.0066 5884 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
13:54:44.0095 5884 MpFilter - ok
13:54:44.0119 5884 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:54:44.0145 5884 mpio - ok
13:54:44.0163 5884 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:54:44.0183 5884 MpNWMon - ok
13:54:44.0197 5884 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:54:44.0247 5884 mpsdrv - ok
13:54:44.0372 5884 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:54:44.0434 5884 MpsSvc - ok
13:54:44.0460 5884 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:54:44.0481 5884 Mraid35x - ok
13:54:44.0509 5884 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:54:44.0531 5884 MRxDAV - ok
13:54:44.0552 5884 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:54:44.0581 5884 mrxsmb - ok
13:54:44.0610 5884 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:54:44.0655 5884 mrxsmb10 - ok
13:54:44.0680 5884 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:54:44.0700 5884 mrxsmb20 - ok
13:54:44.0722 5884 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:54:44.0734 5884 msahci - ok
13:54:44.0767 5884 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:54:44.0782 5884 msdsm - ok
13:54:44.0834 5884 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:54:44.0879 5884 MSDTC - ok
13:54:44.0892 5884 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:54:44.0919 5884 Msfs - ok
13:54:44.0941 5884 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:54:44.0954 5884 msisadrv - ok
13:54:44.0973 5884 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:54:45.0010 5884 MSiSCSI - ok
13:54:45.0014 5884 msiserver - ok
13:54:45.0034 5884 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:54:45.0072 5884 MSKSSRV - ok
13:54:45.0258 5884 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
13:54:45.0280 5884 MsMpSvc - ok
13:54:45.0310 5884 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:54:45.0354 5884 MSPCLOCK - ok
13:54:45.0411 5884 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:54:45.0462 5884 MSPQM - ok
13:54:45.0702 5884 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:54:45.0738 5884 MsRPC - ok
13:54:45.0759 5884 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:54:45.0781 5884 mssmbios - ok
13:54:45.0803 5884 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:54:45.0846 5884 MSTEE - ok
13:54:45.0870 5884 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:54:45.0893 5884 Mup - ok
13:54:45.0943 5884 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:54:45.0999 5884 napagent - ok
13:54:46.0034 5884 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:54:46.0060 5884 NativeWifiP - ok
13:54:46.0114 5884 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:54:46.0157 5884 NDIS - ok
13:54:46.0208 5884 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:54:46.0258 5884 NdisTapi - ok
13:54:46.0269 5884 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:54:46.0314 5884 Ndisuio - ok
13:54:46.0352 5884 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:54:46.0379 5884 NdisWan - ok
13:54:46.0491 5884 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:54:46.0512 5884 NDProxy - ok
13:54:46.0536 5884 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:54:46.0586 5884 NetBIOS - ok
13:54:47.0028 5884 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:54:47.0088 5884 netbt - ok
13:54:47.0117 5884 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:54:47.0139 5884 Netlogon - ok
13:54:47.0399 5884 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:54:47.0465 5884 Netman - ok
13:54:47.0508 5884 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:54:47.0574 5884 netprofm - ok
13:54:47.0788 5884 netr28u (df938648626332e830a9bd153110aa75) C:\Windows\system32\DRIVERS\netr28u.sys
13:54:47.0871 5884 netr28u - ok
13:54:47.0975 5884 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:54:47.0989 5884 NetTcpPortSharing - ok
13:54:48.0039 5884 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:54:48.0057 5884 nfrd960 - ok
13:54:48.0103 5884 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:54:48.0123 5884 NisDrv - ok
13:54:48.0438 5884 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
13:54:48.0469 5884 NisSrv - ok
13:54:48.0667 5884 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:54:48.0714 5884 NlaSvc - ok
13:54:48.0739 5884 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:54:48.0771 5884 Npfs - ok
13:54:48.0779 5884 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:54:48.0808 5884 nsi - ok
13:54:48.0881 5884 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:54:48.0943 5884 nsiproxy - ok
13:54:49.0125 5884 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:54:49.0183 5884 Ntfs - ok
13:54:49.0211 5884 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:54:49.0278 5884 ntrigdigi - ok
13:54:49.0290 5884 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:54:49.0328 5884 Null - ok
13:54:52.0515 5884 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:54:53.0122 5884 nvlddmkm - ok
13:54:53.0587 5884 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:54:53.0615 5884 nvraid - ok
13:54:53.0645 5884 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:54:53.0669 5884 nvstor - ok
13:54:53.0774 5884 nvsvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
13:54:53.0797 5884 nvsvc - ok
13:54:54.0150 5884 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:54:54.0257 5884 nvUpdatusService - ok
13:54:54.0635 5884 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:54:54.0663 5884 nv_agp - ok
13:54:54.0669 5884 NwlnkFlt - ok
13:54:54.0678 5884 NwlnkFwd - ok
13:54:54.0710 5884 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:54:54.0755 5884 ohci1394 - ok
13:54:54.0866 5884 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:54:54.0879 5884 ose - ok
13:54:55.0313 5884 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:54:55.0517 5884 osppsvc - ok
13:54:55.0801 5884 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:54:55.0885 5884 p2pimsvc - ok
13:54:55.0897 5884 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:54:55.0936 5884 p2psvc - ok
13:54:56.0043 5884 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:54:56.0138 5884 Parport - ok
13:54:56.0162 5884 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:54:56.0175 5884 partmgr - ok
13:54:56.0192 5884 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:54:56.0259 5884 Parvdm - ok
13:54:56.0298 5884 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:54:56.0340 5884 PcaSvc - ok
13:54:56.0367 5884 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:54:56.0382 5884 pci - ok
13:54:56.0415 5884 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
13:54:56.0427 5884 pciide - ok
13:54:56.0458 5884 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:54:56.0475 5884 pcmcia - ok
13:54:56.0557 5884 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:54:56.0631 5884 PEAUTH - ok
13:54:56.0660 5884 pepifilter (c5d5ea6a29523e0f6016741e9851c6db) C:\Windows\system32\DRIVERS\lv302af.sys
13:54:56.0670 5884 pepifilter - ok
13:54:56.0901 5884 PID_PEPI (3f96dcd4ac98c8e0d3c03c24fd49a2fe) C:\Windows\system32\DRIVERS\LV302V32.SYS
13:54:56.0982 5884 PID_PEPI - ok
13:54:57.0142 5884 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:54:57.0245 5884 pla - ok
13:54:57.0414 5884 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:54:57.0478 5884 PlugPlay - ok
13:54:57.0548 5884 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:54:57.0588 5884 PNRPAutoReg - ok
13:54:57.0597 5884 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:54:57.0621 5884 PNRPsvc - ok
13:54:57.0735 5884 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:54:57.0793 5884 PolicyAgent - ok
13:54:57.0847 5884 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:54:57.0897 5884 PptpMiniport - ok
13:54:57.0962 5884 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
13:54:58.0017 5884 Processor - ok
13:54:58.0050 5884 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:54:58.0089 5884 ProfSvc - ok
13:54:58.0186 5884 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:54:58.0208 5884 ProtectedStorage - ok
13:54:58.0383 5884 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:54:58.0473 5884 ql2300 - ok
13:54:58.0562 5884 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:54:58.0587 5884 ql40xx - ok
13:54:58.0704 5884 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:54:58.0785 5884 QWAVE - ok
13:54:58.0895 5884 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:54:58.0938 5884 QWAVEdrv - ok
13:54:59.0147 5884 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
13:54:59.0160 5884 RapiMgr - ok
13:54:59.0199 5884 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:54:59.0249 5884 RasAcd - ok
13:54:59.0277 5884 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:54:59.0341 5884 RasAuto - ok
13:54:59.0375 5884 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:54:59.0406 5884 Rasl2tp - ok
13:54:59.0442 5884 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:54:59.0477 5884 RasMan - ok
13:54:59.0506 5884 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:54:59.0526 5884 RasPppoe - ok
13:54:59.0541 5884 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:54:59.0555 5884 RasSstp - ok
13:54:59.0601 5884 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:54:59.0656 5884 rdbss - ok
13:54:59.0698 5884 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:54:59.0739 5884 RDPCDD - ok
13:54:59.0778 5884 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:54:59.0828 5884 rdpdr - ok
13:54:59.0833 5884 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:54:59.0877 5884 RDPENCDD - ok
13:54:59.0909 5884 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
13:54:59.0960 5884 RDPWD - ok
13:55:00.0003 5884 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:55:00.0051 5884 RemoteAccess - ok
13:55:00.0122 5884 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:55:00.0144 5884 RemoteRegistry - ok
13:55:00.0183 5884 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:55:00.0218 5884 RpcLocator - ok
13:55:00.0278 5884 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:55:00.0311 5884 RpcSs - ok
13:55:00.0322 5884 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:55:00.0360 5884 rspndr - ok
13:55:00.0414 5884 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:55:00.0437 5884 RTL8169 - ok
13:55:00.0451 5884 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:55:00.0467 5884 SamSs - ok
13:55:00.0592 5884 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:55:00.0615 5884 sbp2port - ok
13:55:00.0699 5884 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:55:00.0771 5884 SCardSvr - ok
13:55:00.0930 5884 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:55:01.0043 5884 Schedule - ok
13:55:01.0098 5884 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:55:01.0132 5884 SCPolicySvc - ok
13:55:01.0271 5884 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:55:01.0313 5884 SDRSVC - ok
13:55:01.0326 5884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:55:01.0383 5884 secdrv - ok
13:55:01.0404 5884 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:55:01.0431 5884 seclogon - ok
13:55:01.0443 5884 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
13:55:01.0485 5884 SENS - ok
13:55:01.0519 5884 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
13:55:01.0549 5884 Serenum - ok
13:55:01.0565 5884 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
13:55:01.0596 5884 Serial - ok
13:55:01.0681 5884 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:55:01.0742 5884 sermouse - ok
13:55:01.0771 5884 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:55:01.0821 5884 SessionEnv - ok
13:55:01.0864 5884 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:55:01.0903 5884 sffdisk - ok
13:55:01.0916 5884 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:55:01.0961 5884 sffp_mmc - ok
13:55:01.0967 5884 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:55:02.0011 5884 sffp_sd - ok
13:55:02.0031 5884 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:55:02.0116 5884 sfloppy - ok
13:55:02.0451 5884 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:55:02.0512 5884 SharedAccess - ok
13:55:02.0652 5884 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:55:02.0708 5884 ShellHWDetection - ok
13:55:02.0732 5884 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:55:02.0756 5884 sisagp - ok
13:55:02.0776 5884 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:55:02.0799 5884 SiSRaid2 - ok
13:55:02.0835 5884 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:55:02.0860 5884 SiSRaid4 - ok
13:55:03.0389 5884 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:55:03.0590 5884 slsvc - ok
13:55:03.0811 5884 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:55:03.0849 5884 SLUINotify - ok
13:55:03.0935 5884 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:55:03.0976 5884 Smb - ok
13:55:04.0026 5884 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:55:04.0049 5884 SNMPTRAP - ok
13:55:04.0086 5884 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:55:04.0110 5884 spldr - ok
13:55:04.0171 5884 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:55:04.0218 5884 Spooler - ok
13:55:04.0285 5884 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
13:55:04.0286 5884 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
13:55:04.0289 5884 sptd ( LockedFile.Multi.Generic ) - warning
13:55:04.0290 5884 sptd - detected LockedFile.Multi.Generic (1)
13:55:04.0384 5884 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:55:04.0432 5884 srv - ok
13:55:04.0491 5884 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:55:04.0537 5884 srv2 - ok
13:55:04.0558 5884 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:55:04.0594 5884 srvnet - ok
13:55:04.0666 5884 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:55:04.0717 5884 SSDPSRV - ok
13:55:04.0751 5884 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:55:04.0781 5884 SstpSvc - ok
13:55:04.0854 5884 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:55:04.0942 5884 stisvc - ok
13:55:04.0980 5884 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:55:05.0005 5884 swenum - ok
13:55:05.0057 5884 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:55:05.0127 5884 swprv - ok
13:55:05.0187 5884 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:55:05.0208 5884 Symc8xx - ok
13:55:05.0241 5884 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:55:05.0263 5884 Sym_hi - ok
13:55:05.0316 5884 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:55:05.0340 5884 Sym_u3 - ok
13:55:05.0446 5884 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:55:05.0514 5884 SysMain - ok
13:55:05.0564 5884 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:55:05.0585 5884 TabletInputService - ok
13:55:05.0655 5884 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:55:05.0687 5884 TapiSrv - ok
13:55:05.0699 5884 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:55:05.0739 5884 TBS - ok
13:55:05.0841 5884 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
13:55:05.0901 5884 Tcpip - ok
13:55:05.0919 5884 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
13:55:05.0971 5884 Tcpip6 - ok
13:55:05.0989 5884 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
13:55:06.0015 5884 tcpipreg - ok
13:55:06.0034 5884 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:55:06.0071 5884 TDPIPE - ok
13:55:06.0085 5884 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:55:06.0139 5884 TDTCP - ok
13:55:06.0196 5884 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:55:06.0233 5884 tdx - ok
13:55:06.0277 5884 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:55:06.0294 5884 TermDD - ok
13:55:06.0341 5884 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:55:06.0372 5884 TermService - ok
13:55:06.0408 5884 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:55:06.0426 5884 Themes - ok
13:55:06.0460 5884 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:55:06.0499 5884 THREADORDER - ok
13:55:06.0554 5884 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:55:06.0595 5884 TrkWks - ok
13:55:06.0658 5884 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:55:06.0682 5884 TrustedInstaller - ok
13:55:06.0745 5884 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:55:06.0786 5884 tssecsrv - ok
13:55:06.0843 5884 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:55:06.0869 5884 tunmp - ok
13:55:06.0912 5884 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:55:06.0945 5884 tunnel - ok
13:55:06.0968 5884 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:55:06.0993 5884 uagp35 - ok
13:55:07.0025 5884 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:55:07.0082 5884 udfs - ok
13:55:07.0144 5884 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:55:07.0210 5884 UI0Detect - ok
13:55:07.0324 5884 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
13:55:07.0332 5884 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
13:55:07.0333 5884 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
13:55:07.0378 5884 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:55:07.0399 5884 uliagpkx - ok
13:55:07.0426 5884 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:55:07.0455 5884 uliahci - ok
13:55:07.0492 5884 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:55:07.0505 5884 UlSata - ok
13:55:07.0524 5884 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:55:07.0539 5884 ulsata2 - ok
13:55:07.0560 5884 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:55:07.0586 5884 umbus - ok
13:55:07.0623 5884 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:55:07.0658 5884 upnphost - ok
13:55:07.0776 5884 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:55:07.0814 5884 usbaudio - ok
13:55:07.0842 5884 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:55:07.0875 5884 usbccgp - ok
13:55:07.0896 5884 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:55:07.0945 5884 usbcir - ok
13:55:07.0969 5884 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:55:08.0001 5884 usbehci - ok
13:55:08.0042 5884 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:55:08.0081 5884 usbhub - ok
13:55:08.0098 5884 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:55:08.0125 5884 usbohci - ok
13:55:08.0138 5884 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:55:08.0177 5884 usbprint - ok
13:55:08.0203 5884 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:55:08.0251 5884 usbscan - ok
13:55:08.0489 5884 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:55:08.0578 5884 USBSTOR - ok
13:55:08.0627 5884 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:55:08.0671 5884 usbuhci - ok
13:55:08.0702 5884 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:55:08.0752 5884 UxSms - ok
13:55:08.0823 5884 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:55:08.0871 5884 vds - ok
13:55:08.0897 5884 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:55:08.0953 5884 vga - ok
13:55:08.0969 5884 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:55:09.0000 5884 VgaSave - ok
13:55:09.0017 5884 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:55:09.0030 5884 viaagp - ok
13:55:09.0048 5884 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:55:09.0073 5884 ViaC7 - ok
13:55:09.0097 5884 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:55:09.0109 5884 viaide - ok
13:55:09.0120 5884 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:55:09.0133 5884 volmgr - ok
13:55:09.0169 5884 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:55:09.0195 5884 volmgrx - ok
13:55:09.0269 5884 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:55:09.0299 5884 volsnap - ok
13:55:09.0333 5884 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:55:09.0351 5884 vsmraid - ok
13:55:09.0463 5884 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:55:09.0578 5884 VSS - ok
13:55:09.0718 5884 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:55:09.0763 5884 W32Time - ok
13:55:09.0865 5884 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:55:09.0954 5884 WacomPen - ok
13:55:09.0967 5884 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:55:10.0001 5884 Wanarp - ok
13:55:10.0007 5884 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:55:10.0042 5884 Wanarpv6 - ok
13:55:10.0133 5884 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
13:55:10.0168 5884 WcesComm - ok
13:55:10.0208 5884 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:55:10.0238 5884 wcncsvc - ok
13:55:10.0269 5884 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:55:10.0306 5884 WcsPlugInService - ok
13:55:10.0323 5884 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:55:10.0337 5884 Wd - ok
13:55:10.0372 5884 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:55:10.0411 5884 Wdf01000 - ok
13:55:10.0428 5884 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:55:10.0466 5884 WdiServiceHost - ok
13:55:10.0471 5884 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:55:10.0498 5884 WdiSystemHost - ok
13:55:10.0686 5884 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:55:10.0737 5884 WebClient - ok
13:55:10.0786 5884 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:55:10.0836 5884 Wecsvc - ok
13:55:10.0851 5884 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:55:10.0905 5884 wercplsupport - ok
13:55:10.0946 5884 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:55:10.0986 5884 WerSvc - ok
13:55:11.0078 5884 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:55:11.0108 5884 WinDefend - ok
13:55:11.0116 5884 WinHttpAutoProxySvc - ok
13:55:11.0190 5884 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:55:11.0228 5884 Winmgmt - ok
13:55:11.0357 5884 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:55:11.0465 5884 WinRM - ok
13:55:11.0555 5884 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
13:55:11.0590 5884 winusb - ok
13:55:11.0668 5884 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:55:11.0747 5884 Wlansvc - ok
13:55:11.0768 5884 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
13:55:11.0801 5884 WmiAcpi - ok
13:55:11.0845 5884 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:55:11.0877 5884 wmiApSrv - ok
13:55:12.0286 5884 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:55:12.0353 5884 WMPNetworkSvc - ok
13:55:12.0394 5884 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:55:12.0463 5884 WPCSvc - ok
13:55:12.0520 5884 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:55:12.0557 5884 WPDBusEnum - ok
13:55:12.0619 5884 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:55:12.0651 5884 WpdUsb - ok
13:55:12.0913 5884 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:55:12.0990 5884 WPFFontCache_v0400 - ok
13:55:13.0045 5884 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:55:13.0117 5884 ws2ifsl - ok
13:55:13.0154 5884 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
13:55:13.0182 5884 wscsvc - ok
13:55:13.0189 5884 WSearch - ok
13:55:13.0557 5884 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:55:13.0671 5884 wuauserv - ok
13:55:13.0864 5884 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:55:13.0938 5884 WUDFRd - ok
13:55:14.0049 5884 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:55:14.0142 5884 wudfsvc - ok
13:55:14.0262 5884 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
13:55:14.0278 5884 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
13:55:14.0308 5884 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:55:15.0857 5884 \Device\Harddisk0\DR0 - ok
13:55:15.0864 5884 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
13:55:19.0607 5884 \Device\Harddisk4\DR4 - ok
13:55:19.0625 5884 Boot (0x1200) (4e5f708e6b4728c35bd4d0648bd42a88) \Device\Harddisk0\DR0\Partition0
13:55:19.0627 5884 \Device\Harddisk0\DR0\Partition0 - ok
13:55:19.0650 5884 Boot (0x1200) (b7b853fee4e5f7e85b0e2afc1f779e0d) \Device\Harddisk0\DR0\Partition1
13:55:19.0651 5884 \Device\Harddisk0\DR0\Partition1 - ok
13:55:19.0659 5884 Boot (0x1200) (b28f1ef549ccba906f2669a8a30b3018) \Device\Harddisk4\DR4\Partition0
13:55:19.0661 5884 \Device\Harddisk4\DR4\Partition0 - ok
13:55:19.0662 5884 ============================================================
13:55:19.0662 5884 Scan finished
13:55:19.0662 5884 ============================================================
13:55:19.0682 5924 Detected object count: 5
13:55:19.0682 5924 Actual detected object count: 5
13:55:33.0877 5924 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:33.0877 5924 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:33.0881 5924 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:33.0881 5924 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:33.0885 5924 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:33.0885 5924 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:33.0889 5924 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:55:33.0889 5924 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:55:33.0892 5924 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:33.0892 5924 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
09.07.2012, 17:33
| #8 | |
| /// Malware-holic | Live Security Platinium Infektion hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.07.2012, 09:12
| #9 |
| | Live Security Platinium Infektion Hier der 2. Combofix log Code:
ATTFilter ComboFix 12-07-13.03 - USER 14.07.2012 9:03.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1824 [GMT 2:00]
ausgeführt von:: c:\users\USER\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-14 bis 2012-07-14 ))))))))))))))))))))))))))))))
.
.
2012-07-14 07:10 . 2012-07-14 07:10 -------- d-----w- c:\users\USER\AppData\Local\temp
2012-07-14 07:10 . 2012-07-14 07:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-14 07:10 . 2012-07-14 07:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-14 07:10 . 2012-07-14 07:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 07:00 . 2012-07-14 07:00 711240 ----a-w- c:\windows\is-ML7LC.exe
2012-07-12 06:19 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F14EDDA5-6C1D-48DD-A3A4-6D0C03593393}\mpengine.dll
2012-07-12 06:15 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 06:22 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 06:22 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 06:22 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 06:22 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 06:22 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 06:22 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-30 16:36 . 2012-06-30 16:36 -------- d-----w- c:\program files\Common Files\Java
2012-06-30 16:30 . 2012-06-30 16:30 -------- d-----w- c:\program files\Oracle
2012-06-30 16:30 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-30 10:00 . 2012-06-30 10:00 -------- d-----w- c:\users\USER\AppData\Roaming\Malwarebytes
2012-06-30 10:00 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 10:00 . 2012-06-30 10:00 -------- d-----w- c:\programdata\Malwarebytes
2012-06-30 10:00 . 2012-07-14 07:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-30 09:08 . 2012-06-30 09:08 -------- d-----w- c:\programdata\B7E85B2C0004202101238016570F1C8B
2012-06-30 07:30 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-30 07:30 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-30 07:30 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-30 07:30 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-30 07:22 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-30 07:22 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-30 07:22 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-30 07:22 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-30 07:21 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-30 07:21 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-30 07:21 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-30 07:21 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-30 07:21 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 05:56 . 2012-06-25 05:56 -------- d-----w- c:\users\USER\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 06:55 . 2012-05-14 18:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 06:55 . 2012-01-16 15:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 17:29 . 2010-12-28 17:48 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-30 09:54 . 2011-04-01 07:49 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"dradio-RecorderTimer"="c:\program files\dradio-Recorder\phonostarTimer.exe" [2012-04-03 41472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"InnoSetupRegFile.0000000001"="c:\windows\is-ML7LC.exe" [2012-07-14 711240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 11:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-RecorderTimer]
2012-04-03 15:14 41472 ----a-w- c:\program files\dradio-Recorder\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2010-09-15 09:11 339312 ----a-w- c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 14:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 14:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 08:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 23:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2004-11-26 09:43 90112 ------w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3768843071-2336861419-4020039175-1000]
"EnableNotificationsRef"=dword:00000003
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ADM851X.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 06:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937
mStart Page = hxxp://de.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: t-home.de\www
Trusted Zone: telekom.de\serviceportal
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\lucle53z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.teleboerse.de/|hxxp://de.advfn.com/p.php?pid=staticchart&s=T^lsg&p=0&t=32&dm=0&vol=1|hxxp://portfolio.finanztreff.de/depot_portfolio.htn?u=18986&k=PtNJ4Hyd6On2O1ufyxPTVg|hxxp://www.dealgigant.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-14 09:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
Zeit der Fertigstellung: 2012-07-14 09:12:18
ComboFix-quarantined-files.txt 2012-07-14 07:12
.
Vor Suchlauf: 12 Verzeichnis(se), 423.950.872.576 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 423.917.297.664 Bytes frei
.
- - End Of File - - 94F27950EAFA78A6F0FED1D1E1D600ED
|
|
14.07.2012, 15:21
| #10 |
| /// Malware-holic | Live Security Platinium Infektion hi lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.07.2012, 18:58
| #11 |
| | Live Security Platinium Infektion hier der install log: Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.07.2012 11.3.300.265 unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.07.2012 11.3.300.265 unbekannt Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 29.04.2012 118MB 10.1.3 notwendig AFPL Ghostscript 8.54 07.02.2012 28,4MB unbekannt AFPL Ghostscript Fonts 07.02.2012 4,81MB unbekannt Ask Toolbar Ask.com 05.04.2012 4,64MB 1.14.1.0 unnötig Ask Toolbar Updater Ask.com 05.04.2012 1,36MB 1.2.0.20007 unnötig ATI Catalyst Install Manager ATI Technologies, Inc. 17.08.2009 13,8MB 3.0.664.0 unbekannt CCleaner Piriform 22.06.2012 4,20MB 3.20 notwendig (für log datei) CyberLink PowerDVD 10 CyberLink Corp. 26.03.2010 210MB 10.0.1516 notwendig dradio-Recorder Version 3.02.6 01.06.2012 38,0MB notwendig Fotoservice 26.05.2010 167MB notwendig Google Chrome Google Inc. 14.07.2012 189MB 20.0.1132.57 unnötig Haufe iDesk-Browser Haufe-Lexware GmbH & Co. KG 27.12.2010 26,4MB 10.10.14.0000 notwendig Haufe iDesk-Service Haufe 27.12.2010 136MB 10.10.25.7810 notwendig InterVideo MediaOne Gallery 19.05.2010 119MB notwendig Java(TM) 7 Update 5 Oracle 30.06.2012 99,3MB 7.0.50 unbekannt JavaFX 2.1.1 Oracle Corporation 30.06.2012 20,8MB 2.1.1 unbekannt Konz 2012 USM 27.12.2011 11,3MB 1.00.0000 notwendig Lexware Info Service Haufe-Lexware GmbH & Co.KG 27.12.2010 12,4MB 2.70.00.0081 notwendig Logitech QuickCam Logitech Inc. 18.10.2009 33,9MB 11.10.2030 notwendig Logitech® Camera-Treiber 18.10.2009 31,6MB q notwendig Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 14.07.2012 11,6MB 1.62.0.1300 notwendig (???) Medion Media Center for Medion Medion 19.05.2010 1.0.0.0 notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 21.05.2011 36,9MB notwendig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 17.08.2009 27,8MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 18.06.2011 120MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 18.06.2011 24,5MB 4.0.30319 unbekannt Microsoft Office Professional 2010 Microsoft Corporation 12.12.2011 824MB 14.0.6029.1000 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 05.09.2011 294KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 21.05.2011 199KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 26.05.2010 1,36MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 27.12.2011 222KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.06.2011 594KB 9.0.30729.6161 unbekannt Mozilla Firefox 13.0.1 (x86 de) Mozilla 30.06.2012 39,5MB 13.0.1 notwendig Mozilla Maintenance Service Mozilla 30.06.2012 204KB 13.0.1 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.02.2010 35,0KB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.02.2010 1,33MB 4.20.9876.0 unbekannt NVIDIA Display Control Panel NVIDIA Corporation 02.02.2010 19,6MB 6.14.11.9621 notwendig NVIDIA Grafiktreiber 275.33 NVIDIA Corporation 05.09.2011 187MB 275.33 notwendig NVIDIA PhysX NVIDIA Corporation 17.08.2009 119MB 9.09.0428 notwendig NVIDIA Update 1.3.5 NVIDIA Corporation 05.09.2011 6,37MB 1.3.5 notwendig PDF Blender 07.02.2012 1,27MB unnötig Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista Realtek 17.08.2009 1,37MB 1.00.0000 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 17.08.2009 11,0MB 6.0.1.5911 notwendig ScanWizard 5 20.05.2010 3,72MB notwendig Skype™ 5.3 Skype Technologies S.A. 14.05.2011 22,6MB 5.3.111 notwendig Spybot - Search & Destroy Safer Networking Limited 01.11.2011 46,6MB 1.6.2 unnötig ??? Steuer 2008 Lexware 11.11.2009 150MB 15.00.00.0033 notwendig Steuer 2009 Haufe-Lexware GmbH & Co. KG 02.04.2012 16.14.00.0001 notwendig Steuer 2010 Haufe-Lexware GmbH & Co.KG 02.04.2012 17.07.00.0001 notwendig Steuer 2011 Buhl Data Service GmbH 27.12.2011 571MB 19.00.7304 notwendig Steuer Hilfesammlung Haufe Mediengruppe 11.11.2009 114MB 15.0.0.0 notwendig Steuer-Hilfesammlung 2009 Haufe Mediengruppe 14.01.2010 16.0.1.0 notwendig Steuer-Hilfesammlung 2010 Haufe-Lexware GmbH & Co. KG 02.02.2011 17.10.0.0 notwendig Ulead PhotoImpact 10 Ulead System 19.05.2010 215MB 10.0 notwendig VLC media player 1.0.5 VideoLAN Team 21.05.2010 75,6MB 1.0.5 notwendig Warcraft III 15.01.2012 1,11GB unnötig Warcraft III: All Products 15.01.2012 1,11GB unnötig Windows Live Anmelde-Assistent Microsoft Corporation 09.08.2010 1,93MB 5.000.818.5 unnötig Windows Live Essentials Microsoft Corporation 09.08.2010 43,8MB 14.0.8117.0416 unnötig Windows Live-Uploadtool Microsoft Corporation 09.08.2010 225KB 14.0.8014.1029 unnötig Windows Mobile-Gerätecenter Microsoft Corporation 07.02.2010 27,5MB 6.1.6965.0 unnötig Windows Mobile-Gerätecenter: Treiberupdate Microsoft Corporation 07.02.2010 42,4MB 6.1.6965.0 unnötig WinRAR 4.20 (32-bit) win.rar GmbH 01.07.2012 3,62MB 4.20.0 notwendig Yahoo! Messenger Yahoo! Inc. 09.08.2010 27,6MB notwendig Yahoo! Suche Schutzvorkehrung 09.08.2010 86,7MB unnötig Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.07.2012 11.3.300.265 unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.07.2012 11.3.300.265 unbekannt Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 29.04.2012 118MB 10.1.3 notwendig AFPL Ghostscript 8.54 07.02.2012 28,4MB unbekannt AFPL Ghostscript Fonts 07.02.2012 4,81MB unbekannt Ask Toolbar Ask.com 05.04.2012 4,64MB 1.14.1.0 unnötig Ask Toolbar Updater Ask.com 05.04.2012 1,36MB 1.2.0.20007 unnötig ATI Catalyst Install Manager ATI Technologies, Inc. 17.08.2009 13,8MB 3.0.664.0 unbekannt CCleaner Piriform 22.06.2012 4,20MB 3.20 notwendig (für log datei) CyberLink PowerDVD 10 CyberLink Corp. 26.03.2010 210MB 10.0.1516 notwendig dradio-Recorder Version 3.02.6 01.06.2012 38,0MB notwendig Fotoservice 26.05.2010 167MB notwendig Google Chrome Google Inc. 14.07.2012 189MB 20.0.1132.57 unnötig Haufe iDesk-Browser Haufe-Lexware GmbH & Co. KG 27.12.2010 26,4MB 10.10.14.0000 notwendig Haufe iDesk-Service Haufe 27.12.2010 136MB 10.10.25.7810 notwendig InterVideo MediaOne Gallery 19.05.2010 119MB notwendig Java(TM) 7 Update 5 Oracle 30.06.2012 99,3MB 7.0.50 unbekannt JavaFX 2.1.1 Oracle Corporation 30.06.2012 20,8MB 2.1.1 unbekannt Konz 2012 USM 27.12.2011 11,3MB 1.00.0000 notwendig Lexware Info Service Haufe-Lexware GmbH & Co.KG 27.12.2010 12,4MB 2.70.00.0081 notwendig Logitech QuickCam Logitech Inc. 18.10.2009 33,9MB 11.10.2030 notwendig Logitech® Camera-Treiber 18.10.2009 31,6MB q notwendig Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 14.07.2012 11,6MB 1.62.0.1300 notwendig (???) Medion Media Center for Medion Medion 19.05.2010 1.0.0.0 notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 21.05.2011 36,9MB notwendig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 17.08.2009 27,8MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 18.06.2011 120MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 18.06.2011 24,5MB 4.0.30319 unbekannt Microsoft Office Professional 2010 Microsoft Corporation 12.12.2011 824MB 14.0.6029.1000 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 05.09.2011 294KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 21.05.2011 199KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 26.05.2010 1,36MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 27.12.2011 222KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.06.2011 594KB 9.0.30729.6161 unbekannt Mozilla Firefox 13.0.1 (x86 de) Mozilla 30.06.2012 39,5MB 13.0.1 notwendig Mozilla Maintenance Service Mozilla 30.06.2012 204KB 13.0.1 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.02.2010 35,0KB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.02.2010 1,33MB 4.20.9876.0 unbekannt NVIDIA Display Control Panel NVIDIA Corporation 02.02.2010 19,6MB 6.14.11.9621 notwendig NVIDIA Grafiktreiber 275.33 NVIDIA Corporation 05.09.2011 187MB 275.33 notwendig NVIDIA PhysX NVIDIA Corporation 17.08.2009 119MB 9.09.0428 notwendig NVIDIA Update 1.3.5 NVIDIA Corporation 05.09.2011 6,37MB 1.3.5 notwendig PDF Blender 07.02.2012 1,27MB unnötig Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista Realtek 17.08.2009 1,37MB 1.00.0000 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 17.08.2009 11,0MB 6.0.1.5911 notwendig ScanWizard 5 20.05.2010 3,72MB notwendig Skype™ 5.3 Skype Technologies S.A. 14.05.2011 22,6MB 5.3.111 notwendig Spybot - Search & Destroy Safer Networking Limited 01.11.2011 46,6MB 1.6.2 unnötig ??? Steuer 2008 Lexware 11.11.2009 150MB 15.00.00.0033 notwendig Steuer 2009 Haufe-Lexware GmbH & Co. KG 02.04.2012 16.14.00.0001 notwendig Steuer 2010 Haufe-Lexware GmbH & Co.KG 02.04.2012 17.07.00.0001 notwendig Steuer 2011 Buhl Data Service GmbH 27.12.2011 571MB 19.00.7304 notwendig Steuer Hilfesammlung Haufe Mediengruppe 11.11.2009 114MB 15.0.0.0 notwendig Steuer-Hilfesammlung 2009 Haufe Mediengruppe 14.01.2010 16.0.1.0 notwendig Steuer-Hilfesammlung 2010 Haufe-Lexware GmbH & Co. KG 02.02.2011 17.10.0.0 notwendig Ulead PhotoImpact 10 Ulead System 19.05.2010 215MB 10.0 notwendig VLC media player 1.0.5 VideoLAN Team 21.05.2010 75,6MB 1.0.5 notwendig Warcraft III 15.01.2012 1,11GB unnötig Warcraft III: All Products 15.01.2012 1,11GB unnötig Windows Live Anmelde-Assistent Microsoft Corporation 09.08.2010 1,93MB 5.000.818.5 unnötig Windows Live Essentials Microsoft Corporation 09.08.2010 43,8MB 14.0.8117.0416 unnötig Windows Live-Uploadtool Microsoft Corporation 09.08.2010 225KB 14.0.8014.1029 unnötig Windows Mobile-Gerätecenter Microsoft Corporation 07.02.2010 27,5MB 6.1.6965.0 unnötig Windows Mobile-Gerätecenter: Treiberupdate Microsoft Corporation 07.02.2010 42,4MB 6.1.6965.0 unnötig WinRAR 4.20 (32-bit) win.rar GmbH 01.07.2012 3,62MB 4.20.0 notwendig Yahoo! Messenger Yahoo! Inc. 09.08.2010 27,6MB notwendig Yahoo! Suche Schutzvorkehrung 09.08.2010 86,7MB unnötig Geändert von Plex1234 (14.07.2012 um 19:06 Uhr) Grund: Sorry für Doppel Post |
|
16.07.2012, 18:25
| #12 |
| /// Malware-holic | Live Security Platinium Infektion deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Ask beide Spybot Warcraft : beide Windows Live : alle für dich unnötigen Yahoo! Suche Schutzvorkehrung öffne CCleaner analysieren, starten öffne otl, cealnup, pc startet neu, testen wie er läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Live Security Platinium Infektion |
| autorun, bho, document, entfernen, error, excel, failed, firefox, firefox 13.0.1, flash player, format, home, install.exe, internet, kaspersky, lexware, logfile, microsoft office word, nvidia update, plug-in, prozess, realtek, registry, rundll, scan, searchscopes, security, senden, svchost.exe, symantec, usb, viren, vista |
Linear-Darstellung
