| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Polizei Trojaner - PC gesperrtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.09.2012, 10:42
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Polizei Trojaner - PC gesperrt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=84&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=84&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{7ACC0A0D-A1F7-46E1-B9D8-59B0BB9F34BF}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE:64bit: - HKLM\..\SearchScopes\{A0B29474-D005-4DD8-86EE-2FCD888E4184}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=84&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=84&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7ACC0A0D-A1F7-46E1-B9D8-59B0BB9F34BF}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKLM\..\SearchScopes\{A0B29474-D005-4DD8-86EE-2FCD888E4184}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-4112115548-1098581963-2275993260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=84&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-4112115548-1098581963-2275993260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.at/ws/eBayISAPI.dll?MyEbayForGuests&guest=1&MyeBay=&MyEbay=&guest=1
IE - HKU\S-1-5-21-4112115548-1098581963-2275993260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4112115548-1098581963-2275993260-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4112115548-1098581963-2275993260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4112115548-1098581963-2275993260-1000\..\SearchScopes\{7ACC0A0D-A1F7-46E1-B9D8-59B0BB9F34BF}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKU\S-1-5-21-4112115548-1098581963-2275993260-1000\..\SearchScopes\{A0B29474-D005-4DD8-86EE-2FCD888E4184}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-4112115548-1098581963-2275993260-1000\..\SearchScopes\{B3732E0F-DC7C-449A-B3F1-135D4D81714B}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-4112115548-1098581963-2275993260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=84&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-4112115548-1098581963-2275993260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=84&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-4112115548-1098581963-2275993260-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF - prefs.js..network.proxy.ftp: ":"
FF - prefs.js..network.proxy.gopher: ":"
FF - prefs.js..network.proxy.http: ":"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":"
FF - prefs.js..network.proxy.ssl: ":"
FF - user.js - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\install.exe
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\Reinhard\Documents\Installationsdateien\SoftonicDownloader_fuer_frostwire.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.09.2012, 11:19
| #17 |
 | Polizei Trojaner - PC gesperrtCode:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7ACC0A0D-A1F7-46E1-B9D8-59B0BB9F34BF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ACC0A0D-A1F7-46E1-B9D8-59B0BB9F34BF}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A0B29474-D005-4DD8-86EE-2FCD888E4184}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0B29474-D005-4DD8-86EE-2FCD888E4184}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7ACC0A0D-A1F7-46E1-B9D8-59B0BB9F34BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ACC0A0D-A1F7-46E1-B9D8-59B0BB9F34BF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A0B29474-D005-4DD8-86EE-2FCD888E4184}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0B29474-D005-4DD8-86EE-2FCD888E4184}\ not found.
HKU\S-1-5-21-4112115548-1098581963-2275993260-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-4112115548-1098581963-2275993260-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-4112115548-1098581963-2275993260-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKEY_USERS\S-1-5-21-4112115548-1098581963-2275993260-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4112115548-1098581963-2275993260-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4112115548-1098581963-2275993260-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7ACC0A0D-A1F7-46E1-B9D8-59B0BB9F34BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ACC0A0D-A1F7-46E1-B9D8-59B0BB9F34BF}\ not found.
Registry key HKEY_USERS\S-1-5-21-4112115548-1098581963-2275993260-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A0B29474-D005-4DD8-86EE-2FCD888E4184}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0B29474-D005-4DD8-86EE-2FCD888E4184}\ not found.
Registry key HKEY_USERS\S-1-5-21-4112115548-1098581963-2275993260-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B3732E0F-DC7C-449A-B3F1-135D4D81714B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3732E0F-DC7C-449A-B3F1-135D4D81714B}\ not found.
HKU\S-1-5-21-4112115548-1098581963-2275993260-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-4112115548-1098581963-2275993260-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-4112115548-1098581963-2275993260-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: ":" removed from network.proxy.ftp
Prefs.js: ":" removed from network.proxy.gopher
Prefs.js: ":" removed from network.proxy.http
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: ":" removed from network.proxy.socks
Prefs.js: ":" removed from network.proxy.ssl
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:Control_RunDLL "sysdm.cpl" deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:credssp.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:credssp.dll deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
C:\install.exe moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Reinhard\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\Reinhard\Documents\Installationsdateien\SoftonicDownloader_fuer_frostwire.exe moved successfully.
< ipconfig /flushdns /c >
C:\Users\Reinhard\Desktop\cmd.bat deleted successfully.
C:\Users\Reinhard\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Reinhard
->Temp folder emptied: 1320885 bytes
->Temporary Internet Files folder emptied: 6983762 bytes
->FireFox cache emptied: 84542717 bytes
->Flash cache emptied: 1886467 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1056354 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35782797 bytes
RecycleBin emptied: 213651030 bytes
Total Files Cleaned = 329,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: Reinhard
->Flash cache emptied: 0 bytes
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.0 log created on 09072012_121332
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP000000136E100795359E9BAA not found!
File\Folder C:\Windows\temp\TMP0000001482979A6BE6AA01BA not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
09.09.2012, 20:30
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Trojaner - PC gesperrt Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
10.09.2012, 09:40
| #19 |
| | Polizei Trojaner - PC gesperrtCode:
ATTFilter 10:33:21.0262 4492 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:33:21.0379 4492 ============================================================
10:33:21.0379 4492 Current date / time: 2012/09/10 10:33:21.0379
10:33:21.0379 4492 SystemInfo:
10:33:21.0379 4492
10:33:21.0379 4492 OS Version: 6.0.6002 ServicePack: 2.0
10:33:21.0379 4492 Product type: Workstation
10:33:21.0379 4492 ComputerName: REINHARD-PC
10:33:21.0379 4492 UserName: Reinhard
10:33:21.0379 4492 Windows directory: C:\Windows
10:33:21.0379 4492 System windows directory: C:\Windows
10:33:21.0379 4492 Running under WOW64
10:33:21.0379 4492 Processor architecture: Intel x64
10:33:21.0379 4492 Number of processors: 4
10:33:21.0379 4492 Page size: 0x1000
10:33:21.0379 4492 Boot type: Normal boot
10:33:21.0379 4492 ============================================================
10:33:21.0827 4492 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:33:21.0844 4492 ============================================================
10:33:21.0844 4492 \Device\Harddisk0\DR0:
10:33:21.0844 4492 MBR partitions:
10:33:21.0844 4492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x72A4F8B0
10:33:21.0844 4492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72A4F8EF, BlocksNum 0x1CB60D2
10:33:21.0844 4492 ============================================================
10:33:21.0871 4492 C: <-> \Device\Harddisk0\DR0\Partition1
10:33:21.0945 4492 D: <-> \Device\Harddisk0\DR0\Partition2
10:33:21.0945 4492 ============================================================
10:33:21.0945 4492 Initialize success
10:33:21.0945 4492 ============================================================
10:35:38.0391 3276 ============================================================
10:35:38.0391 3276 Scan started
10:35:38.0391 3276 Mode: Manual; SigCheck; TDLFS;
10:35:38.0391 3276 ============================================================
10:35:38.0641 3276 ================ Scan system memory ========================
10:35:38.0641 3276 System memory - ok
10:35:38.0641 3276 ================ Scan services =============================
10:35:38.0803 3276 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
10:35:38.0918 3276 ACPI - ok
10:35:39.0043 3276 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:35:39.0056 3276 AdobeFlashPlayerUpdateSvc - ok
10:35:39.0096 3276 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:35:39.0123 3276 adp94xx - ok
10:35:39.0152 3276 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:35:39.0171 3276 adpahci - ok
10:35:39.0200 3276 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:35:39.0213 3276 adpu160m - ok
10:35:39.0244 3276 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:35:39.0259 3276 adpu320 - ok
10:35:39.0286 3276 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:35:39.0351 3276 AeLookupSvc - ok
10:35:39.0429 3276 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
10:35:39.0482 3276 AFD - ok
10:35:39.0535 3276 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:35:39.0547 3276 agp440 - ok
10:35:39.0584 3276 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:35:39.0597 3276 aic78xx - ok
10:35:39.0618 3276 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
10:35:39.0706 3276 ALG - ok
10:35:39.0724 3276 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
10:35:39.0735 3276 aliide - ok
10:35:39.0738 3276 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
10:35:39.0749 3276 amdide - ok
10:35:39.0767 3276 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:35:39.0824 3276 AmdK8 - ok
10:35:39.0922 3276 [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
10:35:39.0938 3276 AntiVirMailService - ok
10:35:39.0989 3276 [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:35:39.0999 3276 AntiVirSchedulerService - ok
10:35:40.0010 3276 [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:35:40.0020 3276 AntiVirService - ok
10:35:40.0035 3276 [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
10:35:40.0051 3276 AntiVirWebService - ok
10:35:40.0065 3276 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
10:35:40.0133 3276 Appinfo - ok
10:35:40.0157 3276 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
10:35:40.0170 3276 arc - ok
10:35:40.0200 3276 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:35:40.0213 3276 arcsas - ok
10:35:40.0242 3276 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:35:40.0288 3276 AsyncMac - ok
10:35:40.0313 3276 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
10:35:40.0324 3276 atapi - ok
10:35:40.0364 3276 [ F88EF61BCD43ADDF2C9555430C16CD96 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
10:35:40.0508 3276 atksgt - ok
10:35:40.0537 3276 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:35:40.0619 3276 AudioEndpointBuilder - ok
10:35:40.0637 3276 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:35:40.0676 3276 AudioSrv - ok
10:35:40.0733 3276 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:35:40.0746 3276 avgntflt - ok
10:35:40.0762 3276 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:35:40.0773 3276 avipbb - ok
10:35:40.0803 3276 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:35:40.0813 3276 avkmgr - ok
10:35:40.0850 3276 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
10:35:40.0920 3276 BFE - ok
10:35:40.0982 3276 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
10:35:41.0141 3276 BITS - ok
10:35:41.0196 3276 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:35:41.0242 3276 blbdrive - ok
10:35:41.0266 3276 [ DAA72C9154459E613EED88502624C340 ] BlueletAudio C:\Windows\system32\DRIVERS\blueletaudio.sys
10:35:41.0276 3276 BlueletAudio - ok
10:35:41.0282 3276 [ 8AF05BCB15D846E1E8B34AF0635879C9 ] BlueletSCOAudio C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
10:35:41.0291 3276 BlueletSCOAudio - ok
10:35:41.0334 3276 [ E460DBC78B9162A569C6CE3B7D31216D ] BlueSoleil Hid Service C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
10:35:41.0344 3276 BlueSoleil Hid Service - ok
10:35:41.0408 3276 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:35:41.0438 3276 bowser - ok
10:35:41.0460 3276 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:35:41.0484 3276 BrFiltLo - ok
10:35:41.0498 3276 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:35:41.0558 3276 BrFiltUp - ok
10:35:41.0598 3276 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
10:35:41.0634 3276 Browser - ok
10:35:41.0658 3276 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
10:35:41.0711 3276 Brserid - ok
10:35:41.0739 3276 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:35:41.0823 3276 BrSerWdm - ok
10:35:41.0839 3276 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:35:41.0902 3276 BrUsbMdm - ok
10:35:41.0906 3276 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:35:41.0975 3276 BrUsbSer - ok
10:35:42.0075 3276 [ 0F890E854FCBE98F4574ACC6423FCCEF ] BT C:\Windows\system32\DRIVERS\btnetdrv.sys
10:35:42.0084 3276 BT - ok
10:35:42.0176 3276 [ 7C5893EA5AA483E051B8311BDB36E19A ] Btcsrusb C:\Windows\system32\Drivers\btcusb.sys
10:35:42.0185 3276 Btcsrusb - ok
10:35:42.0188 3276 BtHidBus - ok
10:35:42.0203 3276 [ E49A371185D5E79C103765DA93856EE1 ] BTHidEnum C:\Windows\system32\Drivers\vbtenum.sys
10:35:42.0212 3276 BTHidEnum - ok
10:35:42.0236 3276 [ 8FA060B557C7DE309D2D5C16C3DA2EF6 ] BTHidMgr C:\Windows\system32\Drivers\BTHidMgr.sys
10:35:42.0245 3276 BTHidMgr - ok
10:35:42.0257 3276 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:35:42.0302 3276 BTHMODEM - ok
10:35:42.0365 3276 [ 40AAAB64465E42C72B6411AAEB3EEF0F ] btnetBUs C:\Windows\system32\Drivers\btnetBus.sys
10:35:42.0374 3276 btnetBUs - ok
10:35:42.0379 3276 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:35:42.0422 3276 cdfs - ok
10:35:42.0473 3276 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:35:42.0510 3276 cdrom - ok
10:35:42.0543 3276 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
10:35:42.0580 3276 CertPropSvc - ok
10:35:42.0602 3276 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
10:35:42.0650 3276 circlass - ok
10:35:42.0663 3276 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
10:35:42.0699 3276 CLFS - ok
10:35:42.0806 3276 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:35:42.0819 3276 clr_optimization_v2.0.50727_32 - ok
10:35:42.0890 3276 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:35:42.0902 3276 clr_optimization_v2.0.50727_64 - ok
10:35:42.0935 3276 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:35:42.0946 3276 cmdide - ok
10:35:42.0995 3276 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:35:43.0007 3276 Compbatt - ok
10:35:43.0011 3276 COMSysApp - ok
10:35:43.0044 3276 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:35:43.0056 3276 crcdisk - ok
10:35:43.0138 3276 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:35:43.0168 3276 CryptSvc - ok
10:35:43.0201 3276 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
10:35:43.0238 3276 DcomLaunch - ok
10:35:43.0266 3276 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:35:43.0294 3276 DfsC - ok
10:35:43.0364 3276 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
10:35:43.0630 3276 DFSR - ok
10:35:43.0701 3276 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:35:43.0741 3276 Dhcp - ok
10:35:43.0785 3276 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
10:35:43.0797 3276 disk - ok
10:35:43.0955 3276 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:35:43.0968 3276 Dnscache - ok
10:35:44.0051 3276 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
10:35:44.0075 3276 dot3svc - ok
10:35:44.0105 3276 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
10:35:44.0149 3276 Dot4 - ok
10:35:44.0185 3276 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:35:44.0228 3276 Dot4Print - ok
10:35:44.0280 3276 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
10:35:44.0323 3276 dot4usb - ok
10:35:44.0345 3276 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
10:35:44.0400 3276 DPS - ok
10:35:44.0430 3276 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:35:44.0468 3276 drmkaud - ok
10:35:44.0543 3276 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:35:44.0587 3276 DXGKrnl - ok
10:35:44.0620 3276 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
10:35:44.0690 3276 E1G60 - ok
10:35:44.0706 3276 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
10:35:44.0779 3276 EapHost - ok
10:35:44.0803 3276 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
10:35:44.0818 3276 Ecache - ok
10:35:44.0866 3276 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:35:44.0882 3276 ehRecvr - ok
10:35:44.0922 3276 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
10:35:44.0945 3276 ehSched - ok
10:35:44.0949 3276 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
10:35:44.0965 3276 ehstart - ok
10:35:45.0004 3276 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:35:45.0025 3276 elxstor - ok
10:35:45.0069 3276 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:35:45.0099 3276 EMDMgmt - ok
10:35:45.0123 3276 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:35:45.0168 3276 ErrDev - ok
10:35:45.0212 3276 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
10:35:45.0284 3276 EventSystem - ok
10:35:45.0345 3276 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
10:35:45.0359 3276 exfat - ok
10:35:45.0363 3276 ezSharedSvc - ok
10:35:45.0425 3276 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:35:45.0477 3276 fastfat - ok
10:35:45.0506 3276 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:35:45.0536 3276 fdc - ok
10:35:45.0568 3276 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
10:35:45.0619 3276 fdPHost - ok
10:35:45.0646 3276 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
10:35:45.0708 3276 FDResPub - ok
10:35:45.0723 3276 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:35:45.0740 3276 FileInfo - ok
10:35:45.0756 3276 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:35:45.0788 3276 Filetrace - ok
10:35:45.0797 3276 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:35:45.0827 3276 flpydisk - ok
10:35:45.0864 3276 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:35:45.0879 3276 FltMgr - ok
10:35:45.0933 3276 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
10:35:46.0052 3276 FontCache - ok
10:35:46.0149 3276 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:35:46.0160 3276 FontCache3.0.0.0 - ok
10:35:46.0209 3276 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:35:46.0231 3276 Fs_Rec - ok
10:35:46.0254 3276 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:35:46.0266 3276 gagp30kx - ok
10:35:46.0321 3276 [ CC1C8068B05283D63EC5FE782D2D3946 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
10:35:46.0333 3276 GameConsoleService - ok
10:35:46.0382 3276 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
10:35:46.0413 3276 gpsvc - ok
10:35:46.0497 3276 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:35:46.0507 3276 gupdate - ok
10:35:46.0519 3276 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:35:46.0529 3276 gupdatem - ok
10:35:46.0553 3276 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:35:46.0564 3276 gusvc - ok
10:35:46.0632 3276 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:35:46.0744 3276 HDAudBus - ok
10:35:46.0772 3276 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:35:46.0850 3276 HidBth - ok
10:35:46.0864 3276 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:35:46.0925 3276 HidIr - ok
10:35:46.0946 3276 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
10:35:46.0979 3276 hidserv - ok
10:35:46.0994 3276 [ D02C82CB3A20F391C8AEFF94E8E0BAA1 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:35:47.0038 3276 HidUsb - ok
10:35:47.0060 3276 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
10:35:47.0090 3276 hkmsvc - ok
10:35:47.0130 3276 [ A3A30438C48D2D71556E120C9C7BA7A0 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:35:47.0147 3276 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
10:35:47.0147 3276 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
10:35:47.0162 3276 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:35:47.0174 3276 HpCISSs - ok
10:35:47.0215 3276 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:35:47.0256 3276 HTTP - ok
10:35:47.0281 3276 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:35:47.0292 3276 i2omp - ok
10:35:47.0320 3276 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:35:47.0343 3276 i8042prt - ok
10:35:47.0440 3276 [ 5B19DFC29A9563A5DA5CA559BED83AA8 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:35:47.0454 3276 IAANTMON - ok
10:35:47.0537 3276 [ 8EACF469269FB1509561961A3188F670 ] iaStor C:\Windows\system32\drivers\iastor.sys
10:35:47.0551 3276 iaStor - ok
10:35:47.0587 3276 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:35:47.0602 3276 iaStorV - ok
10:35:47.0679 3276 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:35:47.0721 3276 idsvc - ok
10:35:47.0766 3276 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:35:47.0777 3276 iirsp - ok
10:35:47.0804 3276 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
10:35:47.0855 3276 IKEEXT - ok
10:35:47.0964 3276 [ BFBABCB231628A4551DBB10D0EA25D62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:35:48.0031 3276 IntcAzAudAddService - ok
10:35:48.0080 3276 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
10:35:48.0092 3276 intelide - ok
10:35:48.0107 3276 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:35:48.0137 3276 intelppm - ok
10:35:48.0161 3276 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:35:48.0192 3276 IPBusEnum - ok
10:35:48.0205 3276 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:35:48.0248 3276 IpFilterDriver - ok
10:35:48.0294 3276 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:35:48.0308 3276 iphlpsvc - ok
10:35:48.0311 3276 IpInIp - ok
10:35:48.0341 3276 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:35:48.0394 3276 IPMIDRV - ok
10:35:48.0437 3276 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:35:48.0492 3276 IPNAT - ok
10:35:48.0517 3276 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:35:48.0547 3276 IRENUM - ok
10:35:48.0558 3276 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:35:48.0570 3276 isapnp - ok
10:35:48.0629 3276 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:35:48.0643 3276 iScsiPrt - ok
10:35:48.0656 3276 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:35:48.0667 3276 iteatapi - ok
10:35:48.0699 3276 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:35:48.0710 3276 iteraid - ok
10:35:48.0713 3276 IvtBtBUs - ok
10:35:48.0743 3276 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:35:48.0755 3276 kbdclass - ok
10:35:48.0786 3276 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:35:48.0835 3276 kbdhid - ok
10:35:48.0899 3276 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
10:35:48.0927 3276 KeyIso - ok
10:35:48.0959 3276 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:35:48.0984 3276 KSecDD - ok
10:35:49.0016 3276 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:35:49.0071 3276 ksthunk - ok
10:35:49.0098 3276 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
10:35:49.0144 3276 KtmRm - ok
10:35:49.0170 3276 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:35:49.0198 3276 LanmanServer - ok
10:35:49.0256 3276 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:35:49.0280 3276 LanmanWorkstation - ok
10:35:49.0335 3276 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:35:49.0339 3276 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:35:49.0339 3276 LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:35:49.0352 3276 [ 8E4CA9AFD55EF6B509C80A8715ABF8C6 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
10:35:49.0364 3276 lirsgt - ok
10:35:49.0369 3276 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:35:49.0414 3276 lltdio - ok
10:35:49.0443 3276 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:35:49.0503 3276 lltdsvc - ok
10:35:49.0530 3276 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:35:49.0565 3276 lmhosts - ok
10:35:49.0601 3276 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:35:49.0614 3276 LSI_FC - ok
10:35:49.0649 3276 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:35:49.0662 3276 LSI_SAS - ok
10:35:49.0687 3276 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:35:49.0700 3276 LSI_SCSI - ok
10:35:49.0731 3276 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
10:35:49.0769 3276 luafv - ok
10:35:49.0784 3276 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:35:49.0797 3276 Mcx2Svc - ok
10:35:49.0828 3276 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
10:35:49.0840 3276 megasas - ok
10:35:49.0900 3276 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
10:35:49.0921 3276 MegaSR - ok
10:35:50.0016 3276 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:35:50.0027 3276 Microsoft Office Groove Audit Service - ok
10:35:50.0060 3276 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
10:35:50.0096 3276 MMCSS - ok
10:35:50.0112 3276 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
10:35:50.0154 3276 Modem - ok
10:35:50.0182 3276 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:35:50.0211 3276 monitor - ok
10:35:50.0228 3276 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:35:50.0240 3276 mouclass - ok
10:35:50.0257 3276 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:35:50.0308 3276 mouhid - ok
10:35:50.0337 3276 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:35:50.0349 3276 MountMgr - ok
10:35:50.0395 3276 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:35:50.0406 3276 MozillaMaintenance - ok
10:35:50.0429 3276 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
10:35:50.0442 3276 mpio - ok
10:35:50.0473 3276 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:35:50.0503 3276 mpsdrv - ok
10:35:50.0538 3276 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
10:35:50.0574 3276 MpsSvc - ok
10:35:50.0604 3276 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:35:50.0615 3276 Mraid35x - ok
10:35:50.0656 3276 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:35:50.0686 3276 MRxDAV - ok
10:35:50.0714 3276 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:35:50.0758 3276 mrxsmb - ok
10:35:50.0804 3276 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:35:50.0820 3276 mrxsmb10 - ok
10:35:50.0824 3276 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:35:50.0844 3276 mrxsmb20 - ok
10:35:50.0873 3276 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
10:35:50.0885 3276 msahci - ok
10:35:50.0911 3276 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:35:50.0924 3276 msdsm - ok
10:35:50.0933 3276 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
10:35:50.0964 3276 MSDTC - ok
10:35:50.0980 3276 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:35:51.0024 3276 Msfs - ok
10:35:51.0028 3276 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:35:51.0040 3276 msisadrv - ok
10:35:51.0065 3276 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:35:51.0111 3276 MSiSCSI - ok
10:35:51.0114 3276 msiserver - ok
10:35:51.0142 3276 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:35:51.0191 3276 MSKSSRV - ok
10:35:51.0205 3276 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:35:51.0242 3276 MSPCLOCK - ok
10:35:51.0259 3276 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:35:51.0294 3276 MSPQM - ok
10:35:51.0318 3276 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:35:51.0336 3276 MsRPC - ok
10:35:51.0346 3276 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:35:51.0357 3276 mssmbios - ok
10:35:51.0370 3276 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:35:51.0416 3276 MSTEE - ok
10:35:51.0428 3276 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
10:35:51.0441 3276 Mup - ok
10:35:51.0482 3276 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
10:35:51.0553 3276 napagent - ok
10:35:51.0610 3276 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:35:51.0639 3276 NativeWifiP - ok
10:35:51.0693 3276 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:35:51.0719 3276 NDIS - ok
10:35:51.0728 3276 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:35:51.0767 3276 NdisTapi - ok
10:35:51.0786 3276 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:35:51.0830 3276 Ndisuio - ok
10:35:51.0849 3276 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:35:51.0883 3276 NdisWan - ok
10:35:51.0895 3276 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:35:51.0947 3276 NDProxy - ok
10:35:52.0048 3276 [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
10:35:52.0082 3276 Nero BackItUp Scheduler 3 - ok
10:35:52.0109 3276 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:35:52.0113 3276 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:35:52.0113 3276 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:35:52.0122 3276 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:35:52.0174 3276 NetBIOS - ok
10:35:52.0224 3276 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:35:52.0257 3276 netbt - ok
10:35:52.0267 3276 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
10:35:52.0279 3276 Netlogon - ok
10:35:52.0300 3276 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
10:35:52.0336 3276 Netman - ok
10:35:52.0360 3276 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
10:35:52.0399 3276 netprofm - ok
10:35:52.0436 3276 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:35:52.0447 3276 NetTcpPortSharing - ok
10:35:52.0470 3276 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:35:52.0481 3276 nfrd960 - ok
10:35:52.0498 3276 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
10:35:52.0540 3276 NlaSvc - ok
10:35:52.0590 3276 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
10:35:52.0607 3276 NMIndexingService - ok
10:35:52.0611 3276 nmwcdnsucx64 - ok
10:35:52.0633 3276 nmwcdnsux64 - ok
10:35:52.0675 3276 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:35:52.0711 3276 Npfs - ok
10:35:52.0731 3276 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
10:35:52.0779 3276 nsi - ok
10:35:52.0783 3276 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:35:52.0833 3276 nsiproxy - ok
10:35:52.0882 3276 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:35:52.0980 3276 Ntfs - ok
10:35:52.0984 3276 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
10:35:53.0053 3276 Null - ok
10:35:53.0342 3276 [ 828E3D31D9E5B81A4927885D3752C996 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:35:53.0912 3276 nvlddmkm - ok
10:35:53.0954 3276 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:35:53.0968 3276 nvraid - ok
10:35:53.0984 3276 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:35:53.0995 3276 nvstor - ok
10:35:54.0060 3276 [ 1C63E34632CEBD6A37B82DC77C4F7575 ] nvsvc C:\Windows\system32\nvvsvc.exe
10:35:54.0097 3276 nvsvc - ok
10:35:54.0167 3276 [ 4A5A9DDEF3C7E4E37EB22DE00AE8B9F1 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:35:54.0319 3276 nvUpdatusService - ok
10:35:54.0348 3276 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:35:54.0361 3276 nv_agp - ok
10:35:54.0365 3276 NwlnkFlt - ok
10:35:54.0369 3276 NwlnkFwd - ok
10:35:54.0424 3276 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:35:54.0458 3276 odserv - ok
10:35:54.0566 3276 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:35:54.0596 3276 ohci1394 - ok
10:35:54.0635 3276 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:35:54.0647 3276 ose - ok
10:35:54.0704 3276 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:35:54.0775 3276 p2pimsvc - ok
10:35:54.0802 3276 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
10:35:54.0847 3276 p2psvc - ok
10:35:54.0890 3276 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
10:35:54.0967 3276 Parport - ok
10:35:55.0026 3276 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:35:55.0038 3276 partmgr - ok
10:35:55.0058 3276 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
10:35:55.0072 3276 PcaSvc - ok
10:35:55.0118 3276 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
10:35:55.0147 3276 pccsmcfd - ok
10:35:55.0173 3276 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
10:35:55.0188 3276 pci - ok
10:35:55.0221 3276 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
10:35:55.0232 3276 pciide - ok
10:35:55.0277 3276 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:35:55.0291 3276 pcmcia - ok
10:35:55.0328 3276 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:35:55.0388 3276 PEAUTH - ok
10:35:55.0463 3276 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:35:55.0500 3276 PerfHost - ok
10:35:55.0543 3276 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
10:35:55.0625 3276 pla - ok
10:35:55.0652 3276 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
10:35:55.0664 3276 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
10:35:55.0664 3276 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
10:35:55.0693 3276 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:35:55.0719 3276 PlugPlay - ok
10:35:55.0743 3276 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:35:55.0747 3276 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:35:55.0747 3276 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:35:55.0772 3276 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:35:55.0795 3276 PNRPAutoReg - ok
10:35:55.0839 3276 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:35:55.0861 3276 PNRPsvc - ok
10:35:55.0923 3276 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:35:55.0995 3276 PolicyAgent - ok
10:35:56.0027 3276 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:35:56.0061 3276 PptpMiniport - ok
10:35:56.0078 3276 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
10:35:56.0139 3276 Processor - ok
10:35:56.0174 3276 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
10:35:56.0222 3276 ProfSvc - ok
10:35:56.0246 3276 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
10:35:56.0258 3276 ProtectedStorage - ok
10:35:56.0285 3276 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
10:35:56.0308 3276 Ps2 - ok
10:35:56.0333 3276 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:35:56.0355 3276 PSched - ok
10:35:56.0397 3276 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:35:56.0464 3276 ql2300 - ok
10:35:56.0499 3276 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:35:56.0512 3276 ql40xx - ok
10:35:56.0553 3276 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
10:35:56.0585 3276 QWAVE - ok
10:35:56.0601 3276 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:35:56.0614 3276 QWAVEdrv - ok
10:35:56.0624 3276 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:35:56.0666 3276 RasAcd - ok
10:35:56.0682 3276 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
10:35:56.0737 3276 RasAuto - ok
10:35:56.0780 3276 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:35:56.0834 3276 Rasl2tp - ok
10:35:56.0864 3276 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
10:35:56.0890 3276 RasMan - ok
10:35:56.0924 3276 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:35:56.0952 3276 RasPppoe - ok
10:35:56.0974 3276 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:35:56.0995 3276 RasSstp - ok
10:35:57.0081 3276 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:35:57.0107 3276 rdbss - ok
10:35:57.0123 3276 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:35:57.0152 3276 RDPCDD - ok
10:35:57.0189 3276 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:35:57.0234 3276 rdpdr - ok
10:35:57.0238 3276 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:35:57.0267 3276 RDPENCDD - ok
10:35:57.0326 3276 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:35:57.0365 3276 RDPWD - ok
10:35:57.0395 3276 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:35:57.0452 3276 RemoteAccess - ok
10:35:57.0500 3276 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:35:57.0532 3276 RemoteRegistry - ok
10:35:57.0535 3276 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
10:35:57.0565 3276 ROOTMODEM - ok
10:35:57.0587 3276 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
10:35:57.0604 3276 RpcLocator - ok
10:35:57.0650 3276 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
10:35:57.0682 3276 RpcSs - ok
10:35:57.0689 3276 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:35:57.0720 3276 rspndr - ok
10:35:57.0746 3276 [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
10:35:57.0764 3276 RTL8169 - ok
10:35:57.0779 3276 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
10:35:57.0791 3276 SamSs - ok
10:35:57.0825 3276 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:35:57.0837 3276 sbp2port - ok
10:35:57.0867 3276 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:35:57.0900 3276 SCardSvr - ok
10:35:57.0946 3276 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
10:35:58.0009 3276 Schedule - ok
10:35:58.0021 3276 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:35:58.0043 3276 SCPolicySvc - ok
10:35:58.0071 3276 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:35:58.0128 3276 SDRSVC - ok
10:35:58.0151 3276 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:35:58.0203 3276 secdrv - ok
10:35:58.0222 3276 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
10:35:58.0258 3276 seclogon - ok
10:35:58.0272 3276 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
10:35:58.0308 3276 SENS - ok
10:35:58.0324 3276 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:35:58.0376 3276 Serenum - ok
10:35:58.0394 3276 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
10:35:58.0454 3276 Serial - ok
10:35:58.0474 3276 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:35:58.0504 3276 sermouse - ok
10:35:58.0608 3276 [ 77FAA749C34193F003F666D2E368A1F8 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
10:35:58.0650 3276 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
10:35:58.0651 3276 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
10:35:58.0692 3276 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
10:35:58.0723 3276 SessionEnv - ok
10:35:58.0734 3276 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:35:58.0783 3276 sffdisk - ok
10:35:58.0810 3276 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:35:58.0840 3276 sffp_mmc - ok
10:35:58.0850 3276 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:35:58.0880 3276 sffp_sd - ok
10:35:58.0891 3276 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:35:58.0959 3276 sfloppy - ok
10:35:59.0003 3276 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:35:59.0048 3276 SharedAccess - ok
10:35:59.0074 3276 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:35:59.0096 3276 ShellHWDetection - ok
10:35:59.0109 3276 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:35:59.0121 3276 SiSRaid2 - ok
10:35:59.0139 3276 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:35:59.0152 3276 SiSRaid4 - ok
10:35:59.0229 3276 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:35:59.0240 3276 SkypeUpdate - ok
10:35:59.0298 3276 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
10:35:59.0520 3276 slsvc - ok
10:35:59.0541 3276 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:35:59.0577 3276 SLUINotify - ok
10:35:59.0621 3276 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:35:59.0674 3276 Smb - ok
10:35:59.0714 3276 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:35:59.0734 3276 SNMPTRAP - ok
10:35:59.0761 3276 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
10:35:59.0773 3276 spldr - ok
10:35:59.0805 3276 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
10:35:59.0820 3276 Spooler - ok
10:35:59.0883 3276 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
10:35:59.0946 3276 srv - ok
10:36:00.0001 3276 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:36:00.0032 3276 srv2 - ok
10:36:00.0072 3276 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:36:00.0100 3276 srvnet - ok
10:36:00.0170 3276 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:36:00.0226 3276 SSDPSRV - ok
10:36:00.0281 3276 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:36:00.0301 3276 SstpSvc - ok
10:36:00.0326 3276 [ 9D1A8732718438DC8C472D4D7762DE5F ] Start BT in service C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
10:36:00.0335 3276 Start BT in service - ok
10:36:00.0363 3276 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
10:36:00.0416 3276 stisvc - ok
10:36:00.0447 3276 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:36:00.0458 3276 swenum - ok
10:36:00.0489 3276 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
10:36:00.0519 3276 swprv - ok
10:36:00.0538 3276 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:36:00.0550 3276 Symc8xx - ok
10:36:00.0564 3276 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:36:00.0575 3276 Sym_hi - ok
10:36:00.0594 3276 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:36:00.0605 3276 Sym_u3 - ok
10:36:00.0640 3276 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
10:36:00.0735 3276 SysMain - ok
10:36:00.0777 3276 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:36:00.0799 3276 TabletInputService - ok
10:36:00.0833 3276 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:36:00.0860 3276 TapiSrv - ok
10:36:00.0874 3276 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
10:36:00.0906 3276 TBS - ok
10:36:00.0983 3276 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:36:01.0060 3276 Tcpip - ok
10:36:01.0123 3276 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:36:01.0185 3276 Tcpip6 - ok
10:36:01.0273 3276 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:36:01.0301 3276 tcpipreg - ok
10:36:01.0317 3276 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:36:01.0378 3276 TDPIPE - ok
10:36:01.0408 3276 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:36:01.0453 3276 TDTCP - ok
10:36:01.0488 3276 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:36:01.0519 3276 tdx - ok
10:36:01.0531 3276 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:36:01.0544 3276 TermDD - ok
10:36:01.0569 3276 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
10:36:01.0614 3276 TermService - ok
10:36:01.0653 3276 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
10:36:01.0668 3276 Themes - ok
10:36:01.0697 3276 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
10:36:01.0729 3276 THREADORDER - ok
10:36:01.0759 3276 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
10:36:01.0805 3276 TrkWks - ok
10:36:01.0837 3276 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:36:01.0866 3276 TrustedInstaller - ok
10:36:01.0883 3276 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:36:01.0914 3276 tssecsrv - ok
10:36:01.0924 3276 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:36:01.0959 3276 tunmp - ok
10:36:02.0015 3276 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:36:02.0035 3276 tunnel - ok
10:36:02.0045 3276 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:36:02.0057 3276 uagp35 - ok
10:36:02.0083 3276 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:36:02.0123 3276 udfs - ok
10:36:02.0151 3276 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:36:02.0182 3276 UI0Detect - ok
10:36:02.0271 3276 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:36:02.0283 3276 uliagpkx - ok
10:36:02.0355 3276 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:36:02.0372 3276 uliahci - ok
10:36:02.0392 3276 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:36:02.0405 3276 UlSata - ok
10:36:02.0434 3276 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:36:02.0448 3276 ulsata2 - ok
10:36:02.0466 3276 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:36:02.0497 3276 umbus - ok
10:36:02.0566 3276 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
10:36:02.0616 3276 upnphost - ok
10:36:02.0620 3276 upperdev - ok
10:36:02.0666 3276 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:36:02.0705 3276 usbccgp - ok
10:36:02.0721 3276 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:36:02.0787 3276 usbcir - ok
10:36:02.0840 3276 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:36:02.0871 3276 usbehci - ok
10:36:02.0930 3276 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:36:02.0962 3276 usbhub - ok
10:36:02.0981 3276 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:36:03.0034 3276 usbohci - ok
10:36:03.0046 3276 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:36:03.0075 3276 usbprint - ok
10:36:03.0095 3276 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:36:03.0133 3276 usbscan - ok
10:36:03.0506 3276 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:36:03.0551 3276 USBSTOR - ok
10:36:03.0572 3276 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:36:03.0595 3276 usbuhci - ok
10:36:03.0612 3276 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:36:03.0644 3276 usbvideo - ok
10:36:03.0670 3276 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
10:36:03.0693 3276 UxSms - ok
10:36:03.0711 3276 [ B9B0A0B9232A51BBDE9F28CA41716D61 ] VComm C:\Windows\system32\DRIVERS\VComm.sys
10:36:03.0721 3276 VComm - ok
10:36:03.0792 3276 [ F1B2D9AC422F8B72BF417C8D77C85A3B ] VcommMgr C:\Windows\system32\Drivers\VcommMgr.sys
10:36:03.0802 3276 VcommMgr - ok
10:36:03.0845 3276 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
10:36:03.0938 3276 vds - ok
10:36:03.0958 3276 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:36:03.0988 3276 vga - ok
10:36:04.0006 3276 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:36:04.0035 3276 VgaSave - ok
10:36:04.0064 3276 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
10:36:04.0075 3276 viaide - ok
10:36:04.0116 3276 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:36:04.0129 3276 volmgr - ok
10:36:04.0190 3276 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:36:04.0210 3276 volmgrx - ok
10:36:04.0266 3276 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:36:04.0283 3276 volsnap - ok
10:36:04.0300 3276 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:36:04.0315 3276 vsmraid - ok
10:36:04.0363 3276 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
10:36:04.0428 3276 VSS - ok
10:36:04.0476 3276 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
10:36:04.0512 3276 W32Time - ok
10:36:04.0554 3276 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:36:04.0598 3276 WacomPen - ok
10:36:04.0625 3276 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:36:04.0675 3276 Wanarp - ok
10:36:04.0679 3276 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:36:04.0701 3276 Wanarpv6 - ok
10:36:04.0742 3276 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:36:04.0823 3276 wcncsvc - ok
10:36:04.0885 3276 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:36:04.0924 3276 WcsPlugInService - ok
10:36:04.0939 3276 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
10:36:04.0951 3276 Wd - ok
10:36:04.0979 3276 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:36:05.0029 3276 Wdf01000 - ok
10:36:05.0085 3276 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:36:05.0138 3276 WdiServiceHost - ok
10:36:05.0156 3276 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:36:05.0188 3276 WdiSystemHost - ok
10:36:05.0209 3276 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
10:36:05.0226 3276 WebClient - ok
10:36:05.0256 3276 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:36:05.0289 3276 Wecsvc - ok
10:36:05.0317 3276 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:36:05.0343 3276 wercplsupport - ok
10:36:05.0353 3276 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
10:36:05.0385 3276 WerSvc - ok
10:36:05.0400 3276 WinDefend - ok
10:36:05.0405 3276 WinHttpAutoProxySvc - ok
10:36:05.0497 3276 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:36:05.0521 3276 Winmgmt - ok
10:36:05.0555 3276 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll
10:36:05.0674 3276 WinRM - ok
10:36:05.0750 3276 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:36:05.0820 3276 Wlansvc - ok
10:36:05.0859 3276 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:36:05.0896 3276 WmiAcpi - ok
10:36:05.0922 3276 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:36:05.0949 3276 wmiApSrv - ok
10:36:05.0968 3276 WMPNetworkSvc - ok
10:36:06.0097 3276 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:36:06.0126 3276 WPCSvc - ok
10:36:06.0331 3276 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:36:06.0438 3276 WPDBusEnum - ok
10:36:06.0467 3276 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:36:06.0500 3276 WpdUsb - ok
10:36:06.0517 3276 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:36:06.0556 3276 ws2ifsl - ok
10:36:06.0582 3276 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
10:36:06.0596 3276 wscsvc - ok
10:36:06.0599 3276 WSearch - ok
10:36:06.0688 3276 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:36:06.0801 3276 wuauserv - ok
10:36:06.0826 3276 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:36:06.0885 3276 WUDFRd - ok
10:36:06.0922 3276 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:36:06.0953 3276 wudfsvc - ok
10:36:06.0959 3276 ================ Scan global ===============================
10:36:07.0036 3276 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
10:36:07.0097 3276 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
10:36:07.0119 3276 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
10:36:07.0158 3276 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
10:36:07.0161 3276 [Global] - ok
10:36:07.0162 3276 ================ Scan MBR ==================================
10:36:07.0171 3276 [ A5EF69613E96C38F1EE5912A74381181 ] \Device\Harddisk0\DR0
10:36:07.0550 3276 \Device\Harddisk0\DR0 - ok
10:36:07.0551 3276 ================ Scan VBR ==================================
10:36:07.0553 3276 [ E227CD1FAB7103FC0F04012A981A76CE ] \Device\Harddisk0\DR0\Partition1
10:36:07.0555 3276 \Device\Harddisk0\DR0\Partition1 - ok
10:36:07.0557 3276 [ 6BE4A431806E3B3D06CA0F9E9D1CB232 ] \Device\Harddisk0\DR0\Partition2
10:36:07.0558 3276 \Device\Harddisk0\DR0\Partition2 - ok
10:36:07.0559 3276 ============================================================
10:36:07.0559 3276 Scan finished
10:36:07.0559 3276 ============================================================
10:36:07.0567 4124 Detected object count: 6
10:36:07.0567 4124 Actual detected object count: 6
10:36:33.0657 4124 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:33.0657 4124 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:33.0659 4124 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:33.0659 4124 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:33.0661 4124 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:33.0661 4124 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:33.0662 4124 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:33.0662 4124 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:33.0663 4124 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:33.0663 4124 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:33.0664 4124 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:33.0664 4124 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.09.2012, 16:27
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Trojaner - PC gesperrt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2012, 08:24
| #21 |
| | Polizei Trojaner - PC gesperrtCode:
ATTFilter ComboFix 12-09-10.04 - Reinhard 11.09.2012 8:57.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.4094.2294 [GMT 2:00]
ausgeführt von:: c:\users\Reinhard\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\nud0repor.pad
c:\windows\IsUn0407.exe
c:\windows\SysWow64\fldlckun.exe
c:\windows\SysWow64\jucheck.exe
c:\windows\SysWow64\jusched.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-11 bis 2012-09-11 ))))))))))))))))))))))))))))))
.
.
2012-09-11 07:09 . 2012-09-11 07:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-11 07:09 . 2012-09-11 07:09 -------- d-----w- c:\users\Reinhard\AppData\Local\temp
2012-09-11 07:09 . 2012-09-11 07:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-11 06:45 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F685A09-6C2D-4CDA-B16E-C36B07B368F4}\mpengine.dll
2012-09-07 10:13 . 2012-09-07 10:13 -------- d-----w- C:\_OTL
2012-09-02 05:58 . 2012-09-02 05:58 -------- d-----w- c:\program files (x86)\ESET
2012-09-01 17:45 . 2012-09-01 17:45 -------- d-----w- c:\users\Reinhard\AppData\Roaming\Malwarebytes
2012-09-01 17:44 . 2012-09-01 17:44 -------- d-----w- c:\programdata\Malwarebytes
2012-09-01 17:44 . 2012-09-01 17:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-01 17:44 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 18:50 . 2012-08-31 18:51 -------- d-----w- c:\users\Reinhard\AppData\Roaming\Ad-Aware Antivirus
2012-08-31 16:05 . 2012-08-31 16:05 -------- d-----w- c:\program files (x86)\Lavasoft
2012-08-31 16:05 . 2012-08-31 18:41 -------- d-----w- c:\programdata\Lavasoft
2012-08-16 15:01 . 2012-07-04 14:33 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 14:11 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2012-08-16 14:11 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2012-08-16 14:10 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 10:17 . 2012-04-08 09:23 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-28 10:17 . 2011-05-28 18:09 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 14:56 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-07-18 16:41 . 2012-07-18 16:46 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-18 16:41 . 2012-07-18 16:46 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-18 16:41 . 2012-07-18 16:46 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-18 11:23 . 2012-06-18 11:23 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-18 11:23 . 2010-04-24 17:57 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Hofer_FotoSuite_Download"="c:\program files (x86)\Hofer Foto Service\Hofer_Foto_Service\FotoSuite.exe" [2008-11-13 1257472]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-01 348664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Reinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Internet - Verknüpfung.lnk - [N/A]
Windows Mail.lnk - c:\program files\Windows Mail\WinMail.exe [2008-1-21 400896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250568]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 10:17]
.
2012-09-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-01 20:29]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-16 09:21]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-16 09:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-11 178712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\513zsmdg.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.at/ws/eBayISAPI.dll?MyEbayBeta&MyEbay=&MyeBay=&guest=1&guest=1|hxxp://www.google.at/|hxxp://www.gmx.at|hxxp://www.facebook.com/index.php?lh=a28bcef16fcd0e757437c98c8d7d3ea1&eu=PFX076kBu1BPoCDp0alwVw
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-09-11 09:20:36
ComboFix-quarantined-files.txt 2012-09-11 07:20
.
Vor Suchlauf: 11 Verzeichnis(se), 440.255.561.728 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 442.029.514.752 Bytes frei
.
- - End Of File - - 4729540EBCB53E298721CD91648A17B7
|
|
11.09.2012, 16:04
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Trojaner - PC gesperrt Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2012, 18:53
| #23 |
| | Polizei Trojaner - PC gesperrt Muss mich mal wieder für die Hilfe bedanken, und eine frage hätte ich : Ist dieser aufwendige Prozess die übliche Vorgehensweise bei Trojanern oder ist mein Rechner so extrem verseucht ? Danke |
|
11.09.2012, 23:02
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Trojaner - PC gesperrt Das ist schon die übliche Vorgehensweise, es sei denn man hat es wirklich nur mit Cookies oder nur nervigen Toolbars zu tun Da man nicht weiß was die echten Schädlinge noch nachladen muss man so tief graben
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 09:46
| #25 |
| | Polizei Trojaner - PC gesperrtCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 10:27:31
-----------------------------
10:27:31.852 OS Version: Windows x64 6.0.6002 Service Pack 2
10:27:31.852 Number of processors: 4 586 0xF0B
10:27:31.852 ComputerName: REINHARD-PC UserName: Reinhard
10:27:34.027 Initialize success
10:31:11.074 AVAST engine defs: 12091101
10:33:17.893 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:33:17.895 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
10:33:17.915 Disk 0 MBR read successfully
10:33:17.917 Disk 0 MBR scan
10:33:17.922 Disk 0 unknown MBR code
10:33:17.924 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 939167 MB offset 63
10:33:17.978 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14700 MB offset 1923414255
10:33:18.063 Disk 0 scanning C:\Windows\system32\drivers
10:33:33.041 Service scanning
10:33:52.249 Modules scanning
10:33:52.255 Disk 0 trace - called modules:
10:33:52.264 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
10:33:52.267 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fe2790]
10:33:52.599 3 CLASSPNP.SYS[fffffa60011d5c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004977050]
10:33:55.020 AVAST engine scan C:\Windows
10:34:04.031 AVAST engine scan C:\Windows\system32
10:37:42.260 AVAST engine scan C:\Windows\system32\drivers
10:37:57.084 AVAST engine scan C:\Users\Reinhard
10:42:36.993 Disk 0 MBR has been saved successfully to "C:\Users\Reinhard\Documents\Eigene Dateien\MBR.dat"
10:42:36.998 The log file has been saved successfully to "C:\Users\Reinhard\Documents\Eigene Dateien\aswMBR.txt"
OSAM hat funktioniert, aber ich kann kein logfile erstellen, wenn ich draufklicke passiert nichts ??? |
|
12.09.2012, 16:58
| #27 |
| | Polizei Trojaner - PC gesperrt Ja mit winrar entpackt, scan hat Ja auch funktioniert, aber wenn ich zum Schluss auf log klicke, passiert nichts. Habs 3x versucht ! |
|
12.09.2012, 20:11
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Trojaner - PC gesperrt Hm ja, das kann unter Umständen schon auf 64-Bit-Systemen passieren... Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.09.2012, 11:01
| #29 |
| | Polizei Trojaner - PC gesperrt daten hab ich schon alle gesichert, mach jetzt das log ! Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-13 12:29:28
-----------------------------
12:29:28.356 OS Version: Windows x64 6.0.6002 Service Pack 2
12:29:28.356 Number of processors: 4 586 0xF0B
12:29:28.357 ComputerName: REINHARD-PC UserName: Reinhard
12:29:30.413 Initialize success
12:29:42.995 AVAST engine defs: 12091300
12:29:59.322 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:29:59.324 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
12:29:59.390 Disk 0 MBR read successfully
12:29:59.392 Disk 0 MBR scan
12:29:59.395 Disk 0 Windows VISTA default MBR code
12:29:59.398 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 939167 MB offset 63
12:29:59.486 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14700 MB offset 1923414255
12:29:59.559 Disk 0 scanning C:\Windows\system32\drivers
12:30:18.341 Service scanning
12:30:39.405 Modules scanning
12:30:39.411 Disk 0 trace - called modules:
12:30:39.486 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
12:30:39.490 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006865790]
12:30:39.821 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800496a050]
12:30:42.208 AVAST engine scan C:\Windows
12:30:51.152 AVAST engine scan C:\Windows\system32
12:35:09.989 AVAST engine scan C:\Windows\system32\drivers
12:35:42.969 AVAST engine scan C:\Users\Reinhard
12:58:31.367 AVAST engine scan C:\ProgramData
13:01:30.384 Scan finished successfully
13:02:10.941 Disk 0 MBR has been saved successfully to "C:\Users\Reinhard\Desktop\MBR.dat"
13:02:10.945 The log file has been saved successfully to "C:\Users\Reinhard\Desktop\aswMBR.txt"
|
|
13.09.2012, 20:13
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Trojaner - PC gesperrt Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Polizei Trojaner - PC gesperrt |
| ad-aware, antivir, avira, bho, canon, entfernen, error, euro, failed, firefox, flash player, google earth, helper, home, iexplore.exe, install.exe, limewire, logfile, nvidia update, object, office 2007, plug-in, prozess, realtek, registry, richtlinie, scan, senden, software, svchost.exe, trojaner, vista |
Linear-Darstellung
