| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Yahoo Mail Acc verschickt Spam Mails an persönliche KontakteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.08.2012, 11:54
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.08.2012, 18:37
| #17 |
 | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte hier der report zum TDSS-killer:
__________________Code:
ATTFilter 19:28:23.0692 3576 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:28:23.0739 3576 ============================================================
19:28:23.0739 3576 Current date / time: 2012/08/08 19:28:23.0739
19:28:23.0739 3576 SystemInfo:
19:28:23.0739 3576
19:28:23.0739 3576 OS Version: 6.0.6002 ServicePack: 2.0
19:28:23.0739 3576 Product type: Workstation
19:28:23.0739 3576 ComputerName: THOMAS-PC
19:28:23.0739 3576 UserName: Thomas
19:28:23.0739 3576 Windows directory: C:\Windows
19:28:23.0739 3576 System windows directory: C:\Windows
19:28:23.0739 3576 Running under WOW64
19:28:23.0739 3576 Processor architecture: Intel x64
19:28:23.0739 3576 Number of processors: 2
19:28:23.0739 3576 Page size: 0x1000
19:28:23.0739 3576 Boot type: Normal boot
19:28:23.0739 3576 ============================================================
19:28:24.0239 3576 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:28:24.0254 3576 ============================================================
19:28:24.0254 3576 \Device\Harddisk0\DR0:
19:28:24.0254 3576 MBR partitions:
19:28:24.0254 3576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8EBF64
19:28:24.0270 3576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE8EBFE2, BlocksNum 0xE108121
19:28:24.0285 3576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x1C9F4142, BlocksNum 0x7D043F
19:28:24.0285 3576 ============================================================
19:28:24.0317 3576 C: <-> \Device\Harddisk0\DR0\Partition0
19:28:24.0395 3576 D: <-> \Device\Harddisk0\DR0\Partition1
19:28:24.0410 3576 E: <-> \Device\Harddisk0\DR0\Partition2
19:28:24.0410 3576 ============================================================
19:28:24.0410 3576 Initialize success
19:28:24.0410 3576 ============================================================
19:29:54.0780 1664 ============================================================
19:29:54.0780 1664 Scan started
19:29:54.0780 1664 Mode: Manual; SigCheck; TDLFS;
19:29:54.0780 1664 ============================================================
19:29:55.0108 1664 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:29:55.0217 1664 ACPI - ok
19:29:55.0358 1664 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:29:55.0358 1664 AdobeFlashPlayerUpdateSvc - ok
19:29:55.0436 1664 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:29:55.0467 1664 adp94xx - ok
19:29:55.0514 1664 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:29:55.0545 1664 adpahci - ok
19:29:55.0577 1664 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:29:55.0592 1664 adpu160m - ok
19:29:55.0639 1664 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:29:55.0663 1664 adpu320 - ok
19:29:55.0726 1664 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
19:29:55.0898 1664 AeLookupSvc - ok
19:29:55.0976 1664 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
19:29:56.0056 1664 AFD - ok
19:29:56.0087 1664 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:29:56.0103 1664 agp440 - ok
19:29:56.0134 1664 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:29:56.0150 1664 aic78xx - ok
19:29:56.0181 1664 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
19:29:56.0353 1664 ALG - ok
19:29:56.0384 1664 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:29:56.0400 1664 aliide - ok
19:29:56.0431 1664 AMD External Events Utility (dceee24e57e8176115207312f827c130) C:\Windows\system32\atiesrxx.exe
19:29:56.0525 1664 AMD External Events Utility - ok
19:29:56.0541 1664 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:29:56.0556 1664 amdide - ok
19:29:56.0572 1664 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:29:56.0619 1664 AmdK8 - ok
19:29:56.0978 1664 amdkmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
19:29:57.0322 1664 amdkmdag - ok
19:29:57.0462 1664 amdkmdap (20b63276a1920b41e1c56720b395049b) C:\Windows\system32\DRIVERS\atikmpag.sys
19:29:57.0509 1664 amdkmdap - ok
19:29:57.0572 1664 AnyDVD (ace1f390f0398e7b3fe36c98fba67575) C:\Windows\system32\Drivers\AnyDVD.sys
19:29:57.0619 1664 AnyDVD - ok
19:29:57.0650 1664 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
19:29:57.0681 1664 Appinfo - ok
19:29:58.0056 1664 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:29:58.0072 1664 Apple Mobile Device - ok
19:29:58.0119 1664 AppMgmt (3da98c07b18a676180fe7eed924d1673) C:\Windows\System32\appmgmts.dll
19:29:58.0181 1664 AppMgmt - ok
19:29:58.0212 1664 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:29:58.0228 1664 arc - ok
19:29:58.0259 1664 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:29:58.0275 1664 arcsas - ok
19:29:58.0306 1664 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:29:58.0369 1664 AsyncMac - ok
19:29:58.0416 1664 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:29:58.0416 1664 atapi - ok
19:29:58.0462 1664 AtiHDAudioService (5d6566d19fccaf8a10d46b6c479227a9) C:\Windows\system32\drivers\AtihdLH6.sys
19:29:58.0478 1664 AtiHDAudioService - ok
19:29:58.0775 1664 AtiHdmiService (1251677c31ca7d08795a6ee939f2e605) C:\Windows\system32\drivers\AtiHdmi.sys
19:29:58.0791 1664 AtiHdmiService - ok
19:30:04.0896 1664 atikmdag (f6640d83af0fd74c50e23e68548ea9a0) C:\Windows\system32\DRIVERS\atikmdag.sys
19:30:05.0131 1664 atikmdag - ok
19:30:06.0545 1664 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
19:30:06.0561 1664 atksgt - ok
19:30:06.0624 1664 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:30:06.0670 1664 AudioEndpointBuilder - ok
19:30:06.0686 1664 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:30:06.0717 1664 AudioSrv - ok
19:30:06.0811 1664 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:30:06.0858 1664 blbdrive - ok
19:30:07.0046 1664 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:30:07.0078 1664 Bonjour Service - ok
19:30:07.0141 1664 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:30:07.0188 1664 bowser - ok
19:30:07.0204 1664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:30:07.0251 1664 BrFiltLo - ok
19:30:07.0282 1664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:30:07.0329 1664 BrFiltUp - ok
19:30:07.0360 1664 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
19:30:07.0407 1664 Browser - ok
19:30:07.0438 1664 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:30:07.0642 1664 Brserid - ok
19:30:07.0658 1664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:30:07.0736 1664 BrSerWdm - ok
19:30:07.0783 1664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:30:07.0892 1664 BrUsbMdm - ok
19:30:07.0908 1664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:30:07.0986 1664 BrUsbSer - ok
19:30:08.0017 1664 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:30:08.0143 1664 BTHMODEM - ok
19:30:08.0190 1664 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:30:08.0252 1664 cdfs - ok
19:30:08.0284 1664 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:30:08.0315 1664 cdrom - ok
19:30:08.0362 1664 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:30:08.0409 1664 CertPropSvc - ok
19:30:08.0550 1664 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:30:08.0597 1664 circlass - ok
19:30:08.0644 1664 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:30:08.0675 1664 CLFS - ok
19:30:08.0770 1664 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:30:08.0786 1664 clr_optimization_v2.0.50727_32 - ok
19:30:08.0833 1664 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:30:08.0848 1664 clr_optimization_v2.0.50727_64 - ok
19:30:08.0911 1664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:30:08.0942 1664 clr_optimization_v4.0.30319_32 - ok
19:30:08.0958 1664 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:30:08.0973 1664 clr_optimization_v4.0.30319_64 - ok
19:30:08.0989 1664 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:30:09.0004 1664 cmdide - ok
19:30:09.0020 1664 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
19:30:09.0036 1664 Compbatt - ok
19:30:09.0051 1664 COMSysApp - ok
19:30:09.0067 1664 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:30:09.0083 1664 crcdisk - ok
19:30:09.0145 1664 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
19:30:09.0194 1664 CryptSvc - ok
19:30:09.0241 1664 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
19:30:09.0319 1664 CSC - ok
19:30:09.0366 1664 CscService (1b5f256d31836ed2ba60b3a6c800200c) C:\Windows\System32\cscsvc.dll
19:30:09.0428 1664 CscService - ok
19:30:09.0491 1664 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:30:09.0553 1664 DcomLaunch - ok
19:30:09.0819 1664 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:30:09.0866 1664 DfsC - ok
19:30:14.0827 1664 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
19:30:15.0014 1664 DFSR - ok
19:30:15.0124 1664 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
19:30:15.0186 1664 Dhcp - ok
19:30:15.0592 1664 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:30:15.0624 1664 disk - ok
19:30:15.0702 1664 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
19:30:15.0764 1664 Dnscache - ok
19:30:15.0795 1664 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
19:30:15.0842 1664 dot3svc - ok
19:30:15.0874 1664 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
19:30:15.0936 1664 DPS - ok
19:30:15.0983 1664 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:30:16.0280 1664 drmkaud - ok
19:30:16.0366 1664 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:30:16.0445 1664 DXGKrnl - ok
19:30:16.0507 1664 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:30:16.0882 1664 E1G60 - ok
19:30:16.0921 1664 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
19:30:17.0314 1664 EapHost - ok
19:30:17.0361 1664 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:30:17.0376 1664 Ecache - ok
19:30:17.0423 1664 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
19:30:17.0611 1664 ehRecvr - ok
19:30:17.0626 1664 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
19:30:17.0751 1664 ehSched - ok
19:30:17.0783 1664 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
19:30:17.0955 1664 ehstart - ok
19:30:18.0001 1664 ElbyCDIO (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys
19:30:18.0017 1664 ElbyCDIO - ok
19:30:18.0064 1664 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:30:18.0126 1664 elxstor - ok
19:30:18.0173 1664 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
19:30:18.0236 1664 EMDMgmt - ok
19:30:18.0267 1664 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:30:18.0314 1664 ErrDev - ok
19:30:18.0376 1664 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
19:30:18.0439 1664 EventSystem - ok
19:30:18.0736 1664 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:30:18.0798 1664 exfat - ok
19:30:18.0830 1664 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:30:18.0892 1664 fastfat - ok
19:30:18.0939 1664 Fax (989a776a2ff32a148fcf15c44058b129) C:\Windows\system32\fxssvc.exe
19:30:19.0001 1664 Fax - ok
19:30:19.0017 1664 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:30:19.0080 1664 fdc - ok
19:30:19.0142 1664 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
19:30:19.0189 1664 fdPHost - ok
19:30:19.0205 1664 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
19:30:19.0267 1664 FDResPub - ok
19:30:19.0298 1664 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:30:19.0314 1664 FileInfo - ok
19:30:19.0330 1664 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:30:19.0376 1664 Filetrace - ok
19:30:19.0431 1664 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:30:19.0462 1664 flpydisk - ok
19:30:19.0478 1664 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:30:19.0541 1664 FltMgr - ok
19:30:19.0791 1664 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
19:30:19.0900 1664 FontCache - ok
19:30:20.0056 1664 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:30:20.0072 1664 FontCache3.0.0.0 - ok
19:30:20.0119 1664 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
19:30:20.0166 1664 Fs_Rec - ok
19:30:20.0181 1664 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
19:30:20.0197 1664 fvevol - ok
19:30:20.0213 1664 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:30:20.0229 1664 gagp30kx - ok
19:30:20.0276 1664 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:30:20.0276 1664 GEARAspiWDM - ok
19:30:20.0621 1664 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
19:30:20.0746 1664 gpsvc - ok
19:30:20.0839 1664 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
19:30:20.0871 1664 HdAudAddService - ok
19:30:23.0511 1664 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:30:23.0589 1664 HDAudBus - ok
19:30:23.0761 1664 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:30:23.0824 1664 HidBth - ok
19:30:23.0933 1664 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:30:23.0996 1664 HidIr - ok
19:30:24.0027 1664 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
19:30:24.0058 1664 hidserv - ok
19:30:24.0152 1664 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:30:24.0214 1664 HidUsb - ok
19:30:24.0230 1664 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
19:30:24.0292 1664 hkmsvc - ok
19:30:24.0339 1664 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:30:24.0355 1664 HpCISSs - ok
19:30:24.0886 1664 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:30:24.0964 1664 HTTP - ok
19:30:24.0980 1664 hwdatacard - ok
19:30:25.0011 1664 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:30:25.0011 1664 i2omp - ok
19:30:25.0042 1664 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:30:25.0089 1664 i8042prt - ok
19:30:25.0199 1664 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:30:25.0246 1664 iaStorV - ok
19:30:25.0964 1664 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:30:26.0011 1664 idsvc - ok
19:30:26.0042 1664 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:30:26.0058 1664 iirsp - ok
19:30:26.0246 1664 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
19:30:26.0309 1664 IKEEXT - ok
19:30:28.0918 1664 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
19:30:29.0137 1664 IntcAzAudAddService - ok
19:30:29.0887 1664 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:30:29.0903 1664 intelide - ok
19:30:29.0918 1664 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:30:29.0965 1664 intelppm - ok
19:30:30.0372 1664 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
19:30:30.0434 1664 IPBusEnum - ok
19:30:30.0559 1664 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:30:30.0606 1664 IpFilterDriver - ok
19:30:30.0622 1664 IpInIp - ok
19:30:30.0747 1664 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:30:30.0793 1664 IPMIDRV - ok
19:30:31.0177 1664 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:30:31.0227 1664 IPNAT - ok
19:30:33.0545 1664 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
19:30:33.0829 1664 iPod Service - ok
19:30:33.0948 1664 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:30:33.0987 1664 IRENUM - ok
19:30:34.0014 1664 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:30:34.0027 1664 isapnp - ok
19:30:34.0075 1664 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:30:34.0101 1664 iScsiPrt - ok
19:30:34.0123 1664 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:30:34.0134 1664 iteatapi - ok
19:30:34.0195 1664 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:30:34.0227 1664 iteraid - ok
19:30:34.0333 1664 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:30:34.0365 1664 kbdclass - ok
19:30:34.0380 1664 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:30:34.0427 1664 kbdhid - ok
19:30:34.0458 1664 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:30:34.0505 1664 KeyIso - ok
19:30:34.0583 1664 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
19:30:34.0615 1664 KSecDD - ok
19:30:34.0646 1664 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:30:34.0693 1664 ksthunk - ok
19:30:34.0740 1664 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
19:30:34.0818 1664 KtmRm - ok
19:30:34.0912 1664 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
19:30:34.0912 1664 L8042Kbd - ok
19:30:34.0958 1664 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
19:30:35.0005 1664 LanmanServer - ok
19:30:35.0053 1664 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
19:30:35.0116 1664 LanmanWorkstation - ok
19:30:35.0772 1664 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
19:30:35.0803 1664 LBTServ - ok
19:30:35.0866 1664 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:30:35.0881 1664 LHidFilt - ok
19:30:35.0928 1664 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
19:30:35.0944 1664 lirsgt - ok
19:30:35.0944 1664 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:30:36.0006 1664 lltdio - ok
19:30:36.0913 1664 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
19:30:36.0975 1664 lltdsvc - ok
19:30:37.0030 1664 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
19:30:37.0100 1664 lmhosts - ok
19:30:37.0147 1664 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:30:37.0163 1664 LMouFilt - ok
19:30:37.0209 1664 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:30:37.0225 1664 LSI_FC - ok
19:30:37.0303 1664 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:30:37.0336 1664 LSI_SAS - ok
19:30:37.0352 1664 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:30:37.0368 1664 LSI_SCSI - ok
19:30:37.0430 1664 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:30:37.0493 1664 luafv - ok
19:30:37.0555 1664 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:30:37.0571 1664 MBAMProtector - ok
19:30:37.0946 1664 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:30:38.0164 1664 MBAMService - ok
19:30:38.0196 1664 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
19:30:38.0289 1664 Mcx2Svc - ok
19:30:38.0414 1664 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:30:38.0446 1664 megasas - ok
19:30:39.0321 1664 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:30:39.0539 1664 MegaSR - ok
19:30:39.0680 1664 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\9C32.tmp
19:30:39.0696 1664 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning
19:30:39.0696 1664 MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)
19:30:39.0930 1664 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:30:39.0930 1664 Microsoft Office Groove Audit Service - ok
19:30:39.0961 1664 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:30:40.0024 1664 MMCSS - ok
19:30:40.0039 1664 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:30:40.0086 1664 Modem - ok
19:30:40.0133 1664 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:30:40.0180 1664 monitor - ok
19:30:40.0196 1664 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:30:40.0211 1664 mouclass - ok
19:30:40.0227 1664 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:30:40.0289 1664 mouhid - ok
19:30:40.0540 1664 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:30:40.0556 1664 MountMgr - ok
19:30:40.0619 1664 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:30:40.0634 1664 MozillaMaintenance - ok
19:30:40.0681 1664 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:30:40.0697 1664 mpio - ok
19:30:40.0712 1664 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:30:40.0744 1664 mpsdrv - ok
19:30:40.0744 1664 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:30:40.0759 1664 Mraid35x - ok
19:30:40.0790 1664 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:30:40.0822 1664 MRxDAV - ok
19:30:40.0869 1664 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:30:40.0900 1664 mrxsmb - ok
19:30:41.0119 1664 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:30:41.0165 1664 mrxsmb10 - ok
19:30:41.0181 1664 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:30:41.0212 1664 mrxsmb20 - ok
19:30:41.0244 1664 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:30:41.0259 1664 msahci - ok
19:30:41.0556 1664 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:30:41.0603 1664 msdsm - ok
19:30:42.0009 1664 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
19:30:42.0056 1664 MSDTC - ok
19:30:42.0087 1664 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:30:42.0134 1664 Msfs - ok
19:30:42.0165 1664 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:30:42.0181 1664 msisadrv - ok
19:30:42.0212 1664 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
19:30:42.0244 1664 MSiSCSI - ok
19:30:42.0244 1664 msiserver - ok
19:30:42.0290 1664 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:30:42.0337 1664 MSKSSRV - ok
19:30:42.0369 1664 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:30:42.0415 1664 MSPCLOCK - ok
19:30:42.0431 1664 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:30:42.0462 1664 MSPQM - ok
19:30:42.0947 1664 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:30:42.0978 1664 MsRPC - ok
19:30:43.0150 1664 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:30:43.0181 1664 mssmbios - ok
19:30:43.0212 1664 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:30:43.0259 1664 MSTEE - ok
19:30:43.0495 1664 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:30:43.0541 1664 Mup - ok
19:30:43.0916 1664 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
19:30:43.0979 1664 napagent - ok
19:30:44.0026 1664 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:30:44.0104 1664 NativeWifiP - ok
19:30:44.0323 1664 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:30:44.0370 1664 NDIS - ok
19:30:44.0416 1664 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:30:44.0463 1664 NdisTapi - ok
19:30:44.0557 1664 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:30:44.0620 1664 Ndisuio - ok
19:30:45.0073 1664 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:30:45.0120 1664 NdisWan - ok
19:30:45.0323 1664 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:30:45.0354 1664 NDProxy - ok
19:30:45.0385 1664 Netaapl - ok
19:30:45.0416 1664 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:30:45.0463 1664 NetBIOS - ok
19:30:46.0402 1664 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:30:46.0449 1664 netbt - ok
19:30:46.0480 1664 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:30:46.0496 1664 Netlogon - ok
19:30:46.0667 1664 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
19:30:46.0746 1664 Netman - ok
19:30:47.0841 1664 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
19:30:47.0888 1664 netprofm - ok
19:30:49.0453 1664 netr28ux (c553716f6f7bca3444cee52dfb7c9016) C:\Windows\system32\DRIVERS\netr28ux.sys
19:30:49.0499 1664 netr28ux - ok
19:30:49.0945 1664 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:30:49.0960 1664 NetTcpPortSharing - ok
19:30:50.0039 1664 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:30:50.0054 1664 nfrd960 - ok
19:30:50.0093 1664 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
19:30:50.0156 1664 NlaSvc - ok
19:30:50.0374 1664 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:30:50.0445 1664 Npfs - ok
19:30:50.0551 1664 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
19:30:50.0604 1664 nsi - ok
19:30:50.0634 1664 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:30:50.0689 1664 nsiproxy - ok
19:30:51.0420 1664 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:30:51.0518 1664 Ntfs - ok
19:30:54.0110 1664 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:30:54.0157 1664 Null - ok
19:30:54.0453 1664 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:30:54.0477 1664 nvraid - ok
19:30:54.0500 1664 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:30:54.0514 1664 nvstor - ok
19:30:54.0567 1664 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:30:54.0594 1664 nv_agp - ok
19:30:54.0594 1664 NwlnkFlt - ok
19:30:54.0610 1664 NwlnkFwd - ok
19:30:55.0862 1664 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:30:55.0909 1664 odserv - ok
19:30:55.0940 1664 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
19:30:55.0994 1664 ohci1394 - ok
19:30:56.0073 1664 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:30:56.0088 1664 ose - ok
19:30:56.0987 1664 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:30:57.0073 1664 p2pimsvc - ok
19:30:57.0088 1664 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:30:57.0112 1664 p2psvc - ok
19:30:57.0174 1664 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
19:30:57.0229 1664 Parport - ok
19:30:57.0570 1664 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
19:30:57.0588 1664 partmgr - ok
19:30:57.0636 1664 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
19:30:57.0683 1664 PcaSvc - ok
19:30:57.0730 1664 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:30:57.0745 1664 pci - ok
19:30:57.0808 1664 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
19:30:57.0839 1664 pciide - ok
19:30:57.0863 1664 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:30:57.0886 1664 pcmcia - ok
19:30:57.0972 1664 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:30:58.0074 1664 PEAUTH - ok
19:30:59.0575 1664 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
19:30:59.0632 1664 PerfHost - ok
19:31:00.0008 1664 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
19:31:00.0110 1664 pla - ok
19:31:01.0379 1664 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
19:31:01.0447 1664 PlugPlay - ok
19:31:03.0877 1664 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:31:03.0908 1664 PNRPAutoReg - ok
19:31:03.0924 1664 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:31:03.0963 1664 PNRPsvc - ok
19:31:04.0010 1664 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
19:31:04.0072 1664 PolicyAgent - ok
19:31:04.0119 1664 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:31:04.0166 1664 PptpMiniport - ok
19:31:04.0197 1664 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:31:04.0244 1664 Processor - ok
19:31:04.0260 1664 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
19:31:04.0307 1664 ProfSvc - ok
19:31:04.0354 1664 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:31:04.0354 1664 ProtectedStorage - ok
19:31:04.0729 1664 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:31:04.0776 1664 PSched - ok
19:31:05.0182 1664 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:31:05.0244 1664 ql2300 - ok
19:31:05.0635 1664 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:31:05.0651 1664 ql40xx - ok
19:31:06.0541 1664 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
19:31:06.0604 1664 QWAVE - ok
19:31:06.0619 1664 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:31:06.0651 1664 QWAVEdrv - ok
19:31:06.0682 1664 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:31:06.0729 1664 RasAcd - ok
19:31:06.0744 1664 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
19:31:06.0807 1664 RasAuto - ok
19:31:07.0198 1664 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:31:07.0245 1664 Rasl2tp - ok
19:31:07.0292 1664 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
19:31:07.0339 1664 RasMan - ok
19:31:07.0558 1664 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:31:07.0643 1664 RasPppoe - ok
19:31:07.0924 1664 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:31:07.0971 1664 RasSstp - ok
19:31:08.0018 1664 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:31:08.0065 1664 rdbss - ok
19:31:08.0096 1664 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:31:08.0143 1664 RDPCDD - ok
19:31:08.0894 1664 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
19:31:08.0925 1664 rdpdr - ok
19:31:09.0003 1664 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:31:09.0066 1664 RDPENCDD - ok
19:31:09.0785 1664 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
19:31:09.0832 1664 RDPWD - ok
19:31:09.0895 1664 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
19:31:09.0957 1664 RemoteAccess - ok
19:31:10.0725 1664 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
19:31:10.0803 1664 RemoteRegistry - ok
19:31:10.0897 1664 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
19:31:10.0912 1664 RpcLocator - ok
19:31:11.0069 1664 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:31:11.0115 1664 RpcSs - ok
19:31:11.0256 1664 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:31:11.0287 1664 rspndr - ok
19:31:11.0365 1664 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
19:31:11.0412 1664 RTL8169 - ok
19:31:11.0459 1664 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:31:11.0475 1664 SamSs - ok
19:31:11.0506 1664 SAVRKBootTasks - ok
19:31:11.0537 1664 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:31:11.0553 1664 sbp2port - ok
19:31:11.0615 1664 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
19:31:11.0662 1664 SCardSvr - ok
19:31:13.0055 1664 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
19:31:13.0117 1664 Schedule - ok
19:31:13.0149 1664 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:31:13.0180 1664 SCPolicySvc - ok
19:31:13.0664 1664 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
19:31:13.0711 1664 SDRSVC - ok
19:31:13.0727 1664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:31:13.0804 1664 secdrv - ok
19:31:13.0929 1664 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
19:31:13.0984 1664 seclogon - ok
19:31:14.0249 1664 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
19:31:14.0296 1664 SENS - ok
19:31:14.0390 1664 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
19:31:14.0452 1664 Serenum - ok
19:31:14.0491 1664 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
19:31:14.0546 1664 Serial - ok
19:31:14.0648 1664 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:31:14.0695 1664 sermouse - ok
19:31:14.0991 1664 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
19:31:15.0077 1664 SessionEnv - ok
19:31:15.0124 1664 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:31:15.0179 1664 sffdisk - ok
19:31:15.0195 1664 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:31:15.0249 1664 sffp_mmc - ok
19:31:15.0312 1664 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:31:15.0366 1664 sffp_sd - ok
19:31:15.0374 1664 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:31:15.0445 1664 sfloppy - ok
19:31:16.0539 1664 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
19:31:16.0602 1664 ShellHWDetection - ok
19:31:16.0633 1664 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:31:16.0633 1664 SiSRaid2 - ok
19:31:16.0664 1664 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:31:16.0680 1664 SiSRaid4 - ok
19:31:17.0289 1664 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:31:17.0305 1664 SkypeUpdate - ok
19:31:19.0305 1664 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
19:31:19.0492 1664 slsvc - ok
19:31:22.0024 1664 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
19:31:22.0055 1664 SLUINotify - ok
19:31:22.0461 1664 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:31:22.0539 1664 Smb - ok
19:31:22.0586 1664 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
19:31:22.0617 1664 SNMPTRAP - ok
19:31:22.0633 1664 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:31:22.0649 1664 spldr - ok
19:31:22.0680 1664 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
19:31:22.0727 1664 Spooler - ok
19:31:24.0039 1664 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\System32\Drivers\sptd.sys
19:31:24.0086 1664 sptd - ok
19:31:25.0633 1664 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:31:25.0711 1664 srv - ok
19:31:25.0758 1664 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:31:25.0820 1664 srv2 - ok
19:31:25.0836 1664 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:31:25.0852 1664 srvnet - ok
19:31:25.0899 1664 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
19:31:25.0945 1664 SSDPSRV - ok
19:31:25.0992 1664 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
19:31:26.0024 1664 SstpSvc - ok
19:31:26.0274 1664 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
19:31:26.0320 1664 stisvc - ok
19:31:26.0352 1664 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:31:26.0367 1664 swenum - ok
19:31:27.0024 1664 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
19:31:27.0070 1664 swprv - ok
19:31:27.0289 1664 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:31:27.0305 1664 Symc8xx - ok
19:31:27.0320 1664 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:31:27.0336 1664 Sym_hi - ok
19:31:27.0352 1664 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:31:27.0367 1664 Sym_u3 - ok
19:31:27.0977 1664 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
19:31:28.0055 1664 SysMain - ok
19:31:28.0383 1664 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
19:31:28.0414 1664 TabletInputService - ok
19:31:28.0445 1664 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
19:31:28.0492 1664 TapiSrv - ok
19:31:28.0524 1664 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
19:31:28.0570 1664 TBS - ok
19:31:29.0352 1664 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
19:31:29.0445 1664 Tcpip - ok
19:31:33.0852 1664 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
19:31:33.0977 1664 Tcpip6 - ok
19:31:34.0602 1664 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:31:34.0617 1664 tcpipreg - ok
19:31:34.0727 1664 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:31:34.0789 1664 TDPIPE - ok
19:31:34.0820 1664 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:31:34.0867 1664 TDTCP - ok
19:31:34.0883 1664 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:31:34.0914 1664 tdx - ok
19:31:35.0039 1664 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:31:35.0055 1664 TermDD - ok
19:31:35.0102 1664 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
19:31:35.0195 1664 TermService - ok
19:31:36.0275 1664 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
19:31:36.0290 1664 Themes - ok
19:31:36.0446 1664 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:31:36.0493 1664 THREADORDER - ok
19:31:36.0931 1664 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
19:31:36.0993 1664 TrkWks - ok
19:31:37.0040 1664 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
19:31:37.0071 1664 TrustedInstaller - ok
19:31:37.0220 1664 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:31:37.0251 1664 tssecsrv - ok
19:31:37.0282 1664 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:31:37.0314 1664 tunmp - ok
19:31:37.0376 1664 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:31:37.0407 1664 tunnel - ok
19:31:37.0423 1664 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:31:37.0439 1664 uagp35 - ok
19:31:38.0126 1664 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:31:38.0189 1664 udfs - ok
19:31:38.0345 1664 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
19:31:38.0407 1664 UI0Detect - ok
19:31:38.0673 1664 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:31:38.0689 1664 uliagpkx - ok
19:31:38.0720 1664 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:31:38.0736 1664 uliahci - ok
19:31:38.0767 1664 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:31:38.0782 1664 UlSata - ok
19:31:38.0798 1664 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:31:38.0829 1664 ulsata2 - ok
19:31:38.0845 1664 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:31:38.0892 1664 umbus - ok
19:31:39.0048 1664 UmRdpService (dc5e34f189b827199b9cc8481c648269) C:\Windows\System32\umrdp.dll
19:31:39.0079 1664 UmRdpService - ok
19:31:39.0595 1664 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
19:31:39.0657 1664 upnphost - ok
19:31:39.0704 1664 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:31:39.0736 1664 USBAAPL64 - ok
19:31:39.0798 1664 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
19:31:39.0829 1664 usbaudio - ok
19:31:39.0876 1664 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:31:39.0923 1664 usbccgp - ok
19:31:39.0939 1664 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:31:40.0001 1664 usbcir - ok
19:31:40.0126 1664 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:31:40.0173 1664 usbehci - ok
19:31:40.0204 1664 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:31:40.0251 1664 usbhub - ok
19:31:40.0314 1664 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:31:40.0392 1664 usbohci - ok
19:31:40.0501 1664 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
19:31:40.0548 1664 usbprint - ok
19:31:40.0595 1664 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
19:31:40.0642 1664 usbscan - ok
19:31:40.0657 1664 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:31:40.0704 1664 USBSTOR - ok
19:31:40.0736 1664 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:31:40.0767 1664 usbuhci - ok
19:31:40.0876 1664 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
19:31:40.0923 1664 UxSms - ok
19:31:40.0954 1664 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
19:31:41.0017 1664 vds - ok
19:31:41.0142 1664 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:31:41.0189 1664 vga - ok
19:31:41.0236 1664 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:31:41.0282 1664 VgaSave - ok
19:31:41.0345 1664 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:31:41.0361 1664 viaide - ok
19:31:41.0407 1664 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:31:41.0423 1664 volmgr - ok
19:31:41.0470 1664 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:31:41.0501 1664 volmgrx - ok
19:31:42.0439 1664 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:31:42.0470 1664 volsnap - ok
19:31:43.0048 1664 vpnagent (5ea22cb6b100212837a97f281edb3c47) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
19:31:43.0079 1664 vpnagent - ok
19:31:43.0204 1664 vpnva (0e4df91e83da5739ffb18535d4db10aa) C:\Windows\system32\DRIVERS\vpnva64.sys
19:31:43.0236 1664 vpnva - ok
19:31:43.0267 1664 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:31:43.0282 1664 vsmraid - ok
19:31:48.0095 1664 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
19:31:48.0204 1664 VSS - ok
19:31:49.0142 1664 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
19:31:49.0204 1664 W32Time - ok
19:31:49.0423 1664 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:31:49.0486 1664 WacomPen - ok
19:31:49.0532 1664 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:31:49.0579 1664 Wanarp - ok
19:31:49.0579 1664 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:31:49.0611 1664 Wanarpv6 - ok
19:31:51.0079 1664 wbengine (48eee289df9e4989128b2283f3eeacc6) C:\Windows\system32\wbengine.exe
19:31:51.0142 1664 wbengine - ok
19:31:52.0048 1664 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
19:31:52.0095 1664 wcncsvc - ok
19:31:52.0126 1664 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
19:31:52.0173 1664 WcsPlugInService - ok
19:31:52.0517 1664 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:31:52.0532 1664 Wd - ok
19:31:54.0064 1664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:31:54.0111 1664 Wdf01000 - ok
19:31:54.0376 1664 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:31:54.0454 1664 WdiServiceHost - ok
19:31:54.0454 1664 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:31:54.0486 1664 WdiSystemHost - ok
19:31:54.0532 1664 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
19:31:54.0564 1664 WebClient - ok
19:31:55.0048 1664 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
19:31:55.0095 1664 Wecsvc - ok
19:31:55.0329 1664 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
19:31:55.0407 1664 wercplsupport - ok
19:31:55.0579 1664 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
19:31:55.0642 1664 WerSvc - ok
19:31:55.0642 1664 WinHttpAutoProxySvc - ok
19:31:56.0814 1664 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
19:31:56.0892 1664 Winmgmt - ok
19:31:59.0486 1664 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
19:31:59.0611 1664 WinRM - ok
19:32:01.0220 1664 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
19:32:01.0267 1664 Wlansvc - ok
19:32:01.0611 1664 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:32:01.0657 1664 WmiAcpi - ok
19:32:02.0064 1664 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
19:32:02.0111 1664 wmiApSrv - ok
19:32:02.0157 1664 WMPNetworkSvc - ok
19:32:02.0782 1664 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
19:32:02.0829 1664 WPCSvc - ok
19:32:02.0877 1664 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
19:32:02.0940 1664 WPDBusEnum - ok
19:32:03.0049 1664 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:32:03.0065 1664 WpdUsb - ok
19:32:06.0065 1664 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:32:06.0127 1664 WPFFontCache_v0400 - ok
19:32:06.0174 1664 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:32:06.0221 1664 ws2ifsl - ok
19:32:06.0237 1664 WSearch - ok
19:32:06.0596 1664 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:32:06.0643 1664 WUDFRd - ok
19:32:06.0674 1664 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
19:32:06.0721 1664 wudfsvc - ok
19:32:06.0768 1664 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:32:08.0065 1664 \Device\Harddisk0\DR0 - ok
19:32:08.0080 1664 Boot (0x1200) (37a339b461cb30f0a5ddef20e1e4e0eb) \Device\Harddisk0\DR0\Partition0
19:32:08.0112 1664 \Device\Harddisk0\DR0\Partition0 - ok
19:32:08.0143 1664 Boot (0x1200) (b3ebdd0f2bc4c1a3b99e232d07edcb3d) \Device\Harddisk0\DR0\Partition1
19:32:08.0158 1664 \Device\Harddisk0\DR0\Partition1 - ok
19:32:08.0174 1664 Boot (0x1200) (5b71a2e3e44e129c3a035332fec3caf4) \Device\Harddisk0\DR0\Partition2
19:32:08.0205 1664 \Device\Harddisk0\DR0\Partition2 - ok
19:32:08.0205 1664 ============================================================
19:32:08.0205 1664 Scan finished
19:32:08.0205 1664 ============================================================
19:32:08.0221 4792 Detected object count: 1
19:32:08.0221 4792 Actual detected object count: 1
19:32:43.0373 4792 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:43.0373 4792 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
kurze Frage noch: wäer es eigetnlich möglich ,dass man mails versendet, die mich als absender abzeigen, obowhl mein acc gar nicht verwendet wurde ? (hieße das, den "head" zu manipulieren? ) viele grüße |
|
09.08.2012, 13:32
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
09.08.2012, 16:40
| #19 |
| | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte ein ding hat er wohl gefunden... Combofix Logfile: Code:
ATTFilter ComboFix 12-08-09.01 - Thomas 09.08.2012 16:44:15.1.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.43.1031.18.3263.1908 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-09 bis 2012-08-09 ))))))))))))))))))))))))))))))
.
.
2012-08-09 15:20 . 2012-08-09 15:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 16:31 . 2009-05-18 11:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-08 16:31 . 2008-04-17 10:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-08 16:31 . 2008-04-17 10:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files\iPod
2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files\iTunes
2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\iTunes
2012-08-08 16:29 . 2012-08-08 16:29 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-08 16:27 . 2012-08-08 16:28 -------- d-----w- c:\windows\LastGood.Tmp
2012-08-08 16:27 . 2012-08-08 16:27 -------- d-----w- c:\program files\Common Files\Apple
2012-08-08 16:26 . 2012-08-08 16:26 -------- d-----w- c:\program files\Bonjour
2012-08-08 16:26 . 2012-08-08 16:26 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-08 16:26 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-07 07:16 . 2012-08-07 07:16 -------- d-----w- C:\_OTL
2012-08-04 10:20 . 2012-08-04 10:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-31 09:16 . 2012-07-31 09:16 -------- d-----w- c:\program files (x86)\ESET
2012-07-31 01:26 . 2012-07-31 01:26 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes
2012-07-31 01:26 . 2012-07-31 01:26 -------- d-----w- c:\programdata\Malwarebytes
2012-07-31 01:26 . 2012-07-31 01:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-31 01:26 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 01:18 . 2011-05-12 12:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-07-30 20:28 . 2011-05-12 12:03 6144 ----a-w- c:\windows\system32\9C32.tmp
2012-07-30 20:27 . 2011-05-12 12:03 6144 ----a-w- c:\windows\system32\52F8.tmp
2012-07-30 20:27 . 2012-07-30 20:27 -------- d-----w- c:\program files (x86)\Sophos
2012-07-21 11:34 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{732E4FBC-E4ED-454D-B042-A5683AD6D3DE}\mpengine.dll
2012-07-12 01:01 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-12 01:01 . 2012-06-02 12:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-12 01:01 . 2012-06-02 08:27 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-12 01:01 . 2012-06-02 08:26 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-12 01:01 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-12 01:01 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-12 01:01 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 14:58 . 2012-07-01 09:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 14:58 . 2012-02-29 08:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:04 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-30 14:52 . 2012-06-30 14:52 30208 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-06-02 22:19 . 2012-06-30 15:22 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-30 15:23 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-30 15:23 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-30 15:23 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-30 15:22 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-30 15:22 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-30 15:22 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-30 15:23 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-30 15:22 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-30 15:22 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 13:19 . 2012-06-30 15:22 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:19 . 2012-06-30 15:22 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 13:15 . 2012-06-30 15:22 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 13:12 . 2012-06-30 15:22 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-31 10:25 . 2009-10-03 12:39 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . B8844F93D2C5F1DCDB179AAA9AF134B7 . 381952 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F5D8053\Belkinwcui.exe [2007-9-17 1732608]
Logitech SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-6-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 14:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.telekom.at
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\kv5mvy10.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\9C32.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-09 17:30:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-09 15:30
.
Vor Suchlauf: 11 Verzeichnis(se), 23.991.259.136 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 23.772.803.072 Bytes frei
.
- - End Of File - - 27030DE42F5F0881613A21F76136D78B
viele grüße tom |
|
10.08.2012, 19:33
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\windows\system32\9C32.tmp
c:\windows\system32\52F8.tmp
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.08.2012, 21:03
| #21 |
| | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte er hat nun die zwei von dir in der codebox geposteten dateien gelöscht ; ich war ne zeitlang nicht am pc und er hat den neustart damach selbständig durchgeführt... anbei nun das ComboFix Logfile: Code:
ATTFilter ComboFix 12-08-09.01 - Thomas 10.08.2012 21:07:03.2.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.43.1031.18.3263.1996 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Thomas\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\52F8.tmp"
"c:\windows\system32\9C32.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\52F8.tmp
c:\windows\system32\9C32.tmp
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-10 bis 2012-08-10 ))))))))))))))))))))))))))))))
.
.
2012-08-10 19:48 . 2012-08-10 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-09 18:58 . 2012-08-09 18:58 -------- d-----w- c:\program files (x86)\Microsoft
2012-08-08 16:31 . 2009-05-18 11:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-08 16:31 . 2008-04-17 10:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-08 16:31 . 2008-04-17 10:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files\iPod
2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files\iTunes
2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\iTunes
2012-08-08 16:29 . 2012-08-08 16:29 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-08 16:27 . 2012-08-08 16:27 -------- d-----w- c:\program files\Common Files\Apple
2012-08-08 16:26 . 2012-08-08 16:26 -------- d-----w- c:\program files\Bonjour
2012-08-08 16:26 . 2012-08-08 16:26 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-08 16:26 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-07 07:16 . 2012-08-07 07:16 -------- d-----w- C:\_OTL
2012-08-04 10:20 . 2012-08-04 10:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-31 09:16 . 2012-07-31 09:16 -------- d-----w- c:\program files (x86)\ESET
2012-07-31 01:26 . 2012-07-31 01:26 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes
2012-07-31 01:26 . 2012-07-31 01:26 -------- d-----w- c:\programdata\Malwarebytes
2012-07-31 01:26 . 2012-07-31 01:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-31 01:26 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 01:18 . 2011-05-12 12:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-07-30 20:27 . 2012-07-30 20:27 -------- d-----w- c:\program files (x86)\Sophos
2012-07-21 11:34 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{732E4FBC-E4ED-454D-B042-A5683AD6D3DE}\mpengine.dll
2012-07-12 01:01 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-12 01:01 . 2012-06-02 12:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-12 01:01 . 2012-06-02 08:27 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-12 01:01 . 2012-06-02 08:26 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-12 01:01 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-12 01:01 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-12 01:01 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 14:58 . 2012-07-01 09:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 14:58 . 2012-02-29 08:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:04 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-30 14:52 . 2012-06-30 14:52 30208 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-06-02 22:19 . 2012-06-30 15:22 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-30 15:23 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-30 15:23 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-30 15:23 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-30 15:22 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-30 15:22 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-30 15:22 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-30 15:23 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-30 15:22 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-30 15:22 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 13:19 . 2012-06-30 15:22 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:19 . 2012-06-30 15:22 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 13:15 . 2012-06-30 15:22 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 13:12 . 2012-06-30 15:22 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-31 10:25 . 2009-10-03 12:39 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . B8844F93D2C5F1DCDB179AAA9AF134B7 . 381952 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-08-09_15.23.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:09 . 2012-08-10 18:20 50578 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:44 . 2012-08-10 19:52 91776 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-10 18:04 . 2012-08-10 19:52 14394 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4234183825-735942597-2788852999-1000_UserData.bin
+ 2012-08-10 19:50 . 2012-08-10 19:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-09 15:22 . 2012-08-09 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-09 15:22 . 2012-08-09 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-10 19:50 . 2012-08-10 19:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:46 . 2012-08-08 19:11 600532 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-10 18:25 600532 c:\windows\system32\perfh009.dat
- 2008-01-21 10:46 . 2012-08-08 19:11 643898 c:\windows\system32\perfh007.dat
+ 2008-01-21 10:46 . 2012-08-10 18:25 643898 c:\windows\system32\perfh007.dat
+ 2006-11-02 12:46 . 2012-08-10 18:25 108414 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-08-08 19:11 108414 c:\windows\system32\perfc009.dat
- 2008-01-21 10:46 . 2012-08-08 19:11 131214 c:\windows\system32\perfc007.dat
+ 2008-01-21 10:46 . 2012-08-10 18:25 131214 c:\windows\system32\perfc007.dat
- 2012-02-15 12:13 . 2012-08-09 15:21 369012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-15 12:13 . 2012-08-10 19:48 369012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-09 18:58 . 2012-08-09 18:58 553472 c:\windows\Installer\c71b86.msi
+ 2012-03-09 22:57 . 2012-08-10 19:49 5257400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4234183825-735942597-2788852999-1000-4096.dat
- 2012-03-09 22:57 . 2012-08-09 15:21 5257400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4234183825-735942597-2788852999-1000-4096.dat
+ 2012-02-15 12:13 . 2012-08-10 19:49 33626048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4234183825-735942597-2788852999-1000-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F5D8053\Belkinwcui.exe [2007-9-17 1732608]
Logitech SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-6-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 14:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"combofix"="c:\combofix\CF3540.3XE" [2008-01-21 363008]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.telekom.at
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\kv5mvy10.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-10 21:58:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-10 19:58
ComboFix2.txt 2012-08-09 15:30
.
Vor Suchlauf: 16 Verzeichnis(se), 23.391.744.000 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 22.793.711.616 Bytes frei
.
- - End Of File - - B334AA31FE590A0596E77C9B7F6D01E0
viele grüße |
|
11.08.2012, 16:35
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte Hm, deine services.exe ist leider immer noch infiziert. Mach mal bitte innerhalb des Windows-Ordners eine Suche nach services.exe - poste bitte die Ergebnisse
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.08.2012, 19:03
| #23 |
| | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte ich weiß leider nicht genau, wie du das jetzt meinst... habe im windows ordner im explorer nach "services.exe" im suchfeld gesucht die gefundenen Dateien als screenshot angehängt. Hoffe, dass dir das auch etwas bringt!? soll ich probieren etwaige dateien manuell zu löschen? Viele Grüße |
|
11.08.2012, 20:27
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte Das ist schon ok so. Normalweise zeigen mir die Logs von CF oder OTL noch andere Orte von Backups dieser Datei an, aber in deinem Fall leider nicht  Normalerweise hätte CF auch diese Datei automatisch durch eine intakte Kopie ersetzt... Lad mir mal bitte die letzte Datei services aus der Sicht deines Screenshots (direkt die vor services.exe.mui) bitte bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.08.2012, 10:05
| #25 |
| | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte Grüß dich! Also ich habe nun nach deiner Anleitung "services.exe" hochgeladen, diejenige, die auf dem screenshot direkt vor der "services.exe.mui" war, sowie die system32 Datei! Viele Grüße tom |
|
12.08.2012, 14:00
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte Ok, gut Die Datei, du du in services.exe_3 umbenannt hast, bitte mal nach c:\cosinus kopieren Den Ordner cosinus auf c: musst du neu anlegen Dann gehts so weiter: Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter FCopy::
c:\cosinus\services.exe_3 | c:\windows\system32\services.exe
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (13.08.2012 um 14:05 Uhr) |
|
12.08.2012, 14:31
| #27 |
| | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte sorry, ich hätte zwei fragen: 1. ich war so dumm und habe mir nicht genau notiert , welche die dritte von mir hochgeladene datei war . eine hatte ich aus dem "system32" ordner genommen und zwei aus dem "winsxs" -- einmal aus dem unterordner "amd64" , einmal aus dem "x86". Kannst du mir da weiterhelfen, welche in den /cosinus gehört? 2. bei dem von dir in der gelben codebox geposteten "FCopy" hast du "service.exe_3" ohne "s" geschrieben... soll ich das so übernehmen , oder war das ein tippfehler? vielen dank für deine zeit an der stelle auch mal :P |
|
13.08.2012, 14:07
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte Danke für die Hinweise, das fehlende S hab ich hineineditiert ins Script Welche Datei aus welchem Ordner das ist weiß ich so auch nicht, aber die Datei die ich meine hat als einzige eine Größe von 384.512 Bytes, sollte die Größte von den dreien sein, die anderen haben nur eine Größe von 279.552 Bytes
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.08.2012, 08:29
| #29 |
| | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte danke für die info, mit der dateigröße habe ichs finden können! ich glaube aber, dass die "services.exe" leider noch im eimer ist. hier das Combofix Logfile: (edit: sehe gerade,dass ich das ganze auf auf c/porgramme/cosinus statt c/cosinus durchgeführt habe... das sollte aber kein prob sein oder?) Code:
ATTFilter ComboFix 12-08-13.01 - Thomas 14.08.2012 8:23.3.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.43.1031.18.3263.1816 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Thomas\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-14 bis 2012-08-14 ))))))))))))))))))))))))))))))
.
.
2012-08-14 07:09 . 2012-08-14 07:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 06:17 . 2012-08-14 06:18 -------- d-----w- C:\Cosinus
2012-08-09 18:58 . 2012-08-09 18:58 -------- d-----w- c:\program files (x86)\Microsoft
2012-08-08 16:31 . 2009-05-18 11:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-08 16:31 . 2008-04-17 10:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-08 16:31 . 2008-04-17 10:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files\iPod
2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files\iTunes
2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\iTunes
2012-08-08 16:29 . 2012-08-08 16:29 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-08 16:27 . 2012-08-08 16:27 -------- d-----w- c:\program files\Common Files\Apple
2012-08-08 16:26 . 2012-08-08 16:26 -------- d-----w- c:\program files\Bonjour
2012-08-08 16:26 . 2012-08-08 16:26 -------- d-----w- c:\program files (x86)\Bonjour
2012-08-08 16:26 . 2012-08-08 16:30 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-07 07:16 . 2012-08-07 07:16 -------- d-----w- C:\_OTL
2012-08-04 10:20 . 2012-08-04 10:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-31 09:16 . 2012-07-31 09:16 -------- d-----w- c:\program files (x86)\ESET
2012-07-31 01:26 . 2012-07-31 01:26 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes
2012-07-31 01:26 . 2012-07-31 01:26 -------- d-----w- c:\programdata\Malwarebytes
2012-07-31 01:26 . 2012-07-31 01:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-31 01:26 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 01:18 . 2011-05-12 12:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-07-30 20:27 . 2012-07-30 20:27 -------- d-----w- c:\program files (x86)\Sophos
2012-07-21 11:34 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{732E4FBC-E4ED-454D-B042-A5683AD6D3DE}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 14:58 . 2012-07-01 09:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 14:58 . 2012-02-29 08:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:04 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-30 14:52 . 2012-06-30 14:52 30208 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-06-13 13:58 . 2012-07-12 01:01 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-11 20:11 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 20:11 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 20:11 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 20:11 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 20:11 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 20:11 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-30 15:22 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-30 15:23 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-30 15:23 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-30 15:23 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-30 15:22 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-30 15:22 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-30 15:22 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-30 15:23 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-30 15:22 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-30 15:22 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 13:19 . 2012-06-30 15:22 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:19 . 2012-06-30 15:22 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 13:15 . 2012-06-30 15:22 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 13:12 . 2012-06-30 15:22 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 12:49 . 2012-07-12 01:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 01:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 01:02 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 01:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 01:02 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 01:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 01:02 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 01:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 01:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 01:02 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 01:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 01:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 01:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 01:02 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 01:02 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 01:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 01:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 01:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 01:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 00:22 . 2012-07-11 20:11 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 20:11 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 20:11 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 20:11 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 20:11 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-05-31 10:25 . 2009-10-03 12:39 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[7] 2008-01-21 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[-] 2009-04-11 . B8844F93D2C5F1DCDB179AAA9AF134B7 . 381952 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-08-09_15.23.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:09 . 2012-08-13 20:16 50602 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:44 . 2012-08-13 20:16 91904 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-10 18:04 . 2012-08-13 20:17 14410 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4234183825-735942597-2788852999-1000_UserData.bin
+ 2012-08-13 20:15 . 2012-08-13 20:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-09 15:22 . 2012-08-09 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-13 20:15 . 2012-08-13 20:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-09 15:22 . 2012-08-09 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2012-08-13 20:21 600532 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-08-08 19:11 600532 c:\windows\system32\perfh009.dat
- 2008-01-21 10:46 . 2012-08-08 19:11 643898 c:\windows\system32\perfh007.dat
+ 2008-01-21 10:46 . 2012-08-13 20:21 643898 c:\windows\system32\perfh007.dat
+ 2006-11-02 12:46 . 2012-08-13 20:21 108414 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-08-08 19:11 108414 c:\windows\system32\perfc009.dat
- 2008-01-21 10:46 . 2012-08-08 19:11 131214 c:\windows\system32\perfc007.dat
+ 2008-01-21 10:46 . 2012-08-13 20:21 131214 c:\windows\system32\perfc007.dat
- 2012-02-15 12:13 . 2012-08-09 15:21 369012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-15 12:13 . 2012-08-13 18:33 369012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-09 18:58 . 2012-08-09 18:58 553472 c:\windows\Installer\c71b86.msi
+ 2012-03-09 22:57 . 2012-08-13 18:33 5571500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4234183825-735942597-2788852999-1000-4096.dat
+ 2012-02-15 12:13 . 2012-08-13 18:33 34724232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4234183825-735942597-2788852999-1000-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F5D8053\Belkinwcui.exe [2007-9-17 1732608]
Logitech SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-6-8 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 14:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\kv5mvy10.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2012-08-14 09:12:06
ComboFix-quarantined-files.txt 2012-08-14 07:12
ComboFix2.txt 2012-08-10 19:58
ComboFix3.txt 2012-08-09 15:30
.
Vor Suchlauf: 16 Verzeichnis(se), 26.452.623.360 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 26.301.489.152 Bytes frei
.
- - End Of File - - 578B3518D70C776F4E21DDA132360A29
viele grüße tom |
|
14.08.2012, 15:47
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte Doch das ist ein Problem! Die echte services.exe muss CF auch finden können, du kannst da nicht irgendeinen Pfad angeben! CF wird mit dem Script angewiesen die services.exe_3 nach c:\windows\system zu kopieren, wenn die Datei dort nicht liegt, dann wird sich auch nichts an deinem System verändern! Bitte mach es doch einfach genau so wie ich geschrieben habe
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte |
| 00000008.@, administrator, adobe, adobe flash player, adware.hotbar.gen, affiliate.downloader, autorun, bho, browser, explorer, failed, firefox, flash player, format, helper, icreinstall, install.exe, intranet, logfile, löschen, malware, mozilla, mp3, plug-in, programme, pup.adware.rkn, realtek, registry, rootkit.dropper, security, senden, software, spam, vista, win32/agent.dyxwumy, win32/sirefef.ez, win32/sirefef.fd, yahoo mail |
Linear-Darstellung
