| |
| |||||||
Log-Analyse und Auswertung: Trojan.Phex.THAGen9 - eeePC - Win7Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.09.2012, 12:19
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojan.Phex.THAGen9 - eeePC - Win7 Bitte besser aufpassen und sorgfältiger arbeiten! Du hast ein adwCleaner Log bei OTL eingefügt, das kann so nichts werden!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.09.2012, 13:07
| #17 |
 | Trojan.Phex.THAGen9 - eeePC - Win7 Wie kommt die denn da rein?? Bin verwundert cosinus, habe sie genauso auf den Desktop gelegt bekommen... (Ja ich weiß, kann eigentlich nicht sein...) Mache OTL neu und poste es dann. Sry kkjoky So Cosinus, hier der neue Versuch... Jetzt war ich sorgfältiger (hoffe ich jedenfalls...) muss wohl beim letzten Mal irgendein Durcheinander mit 'Strg-V' + 'Strg-C' fabriziert haben... Aber so spät nachts war es doch eigentlich gar nicht... naja, nächstes Mal bessert. OTL Logfile: Code:
ATTFilter OTL logfile created on: 9/15/2012 2:11:34 PM - Run 2 OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\***\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.18 Mb Total Physical Memory | 384.51 Mb Available Physical Memory | 37.91% Memory free 1.71 Gb Paging File | 0.88 Gb Available in Paging File | 51.34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 80.00 Gb Total Space | 2.06 Gb Free Space | 2.57% Space Free | Partition Type: NTFS Drive D: | 54.03 Gb Total Space | 0.82 Gb Free Space | 1.52% Space Free | Partition Type: NTFS Drive F: | 1.84 Gb Total Space | 0.60 Gb Free Space | 32.48% Space Free | Partition Type: FAT Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\CapsHook\CapsHook.exe (ASUS) PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe () PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) PRC - C:\Windows\System32\AsusService.exe () PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL () MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll () MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.PropSheetExtensionHelper.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Samsung UPD Service2) -- C:\Windows\System32\SUPDSvc2.exe (Samsung Electronics) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.) SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.) SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (tmxpflt) -- C:\Windows\System32\drivers\tmxpflt.sys (Trend Micro Inc.) DRV - (tmpreflt) -- C:\Windows\System32\drivers\tmpreflt.sys (Trend Micro Inc.) DRV - (vsapint) -- C:\Windows\System32\drivers\vsapint.sys (Trend Micro Inc.) DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.) DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.) DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 12:52:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/25 20:30:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 12:52:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/25 20:30:55 | 000,000,000 | ---D | M] [2010/11/25 14:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012/08/19 13:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions [2012/07/28 10:19:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010/12/17 14:32:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/11/12 18:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012/07/29 12:52:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/16 12:54:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/02/16 12:54:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/16 12:54:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/02/16 12:54:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/02/16 12:54:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/16 12:54:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAF9D302-BA4D-4E91-A8BF-03F81B5296BD}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2030/01/01 14:31:55 | 000,000,000 | -HSD | C] -- C:\Boot [2012/09/14 21:30:47 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012/09/14 00:39:47 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012/09/14 00:36:02 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2012/09/14 00:35:33 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2012/09/14 00:35:33 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe [2012/09/14 00:35:33 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2012/09/14 00:31:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\RNDISMP.sys [2012/09/14 00:31:38 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys [2012/09/14 00:31:38 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS [2012/09/14 00:31:35 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll [2012/09/11 07:12:33 | 000,000,000 | ---D | C] -- C:\_OTL [2012/09/07 10:22:33 | 000,000,000 | ---D | C] -- C:\trojaner [2012/09/07 08:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/09/07 08:02:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012/09/07 08:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/07 08:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/07 08:01:52 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/09/07 08:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/09/06 14:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\pcdjxalmprhtcbs [2012/09/05 21:38:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012/09/05 21:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/09/05 21:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/08/29 20:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012/08/25 20:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012/08/25 20:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/08/25 20:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012/08/25 20:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012/08/19 13:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/08/19 13:27:06 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll ========== Files - Modified Within 30 Days ========== [2012/09/15 14:00:50 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/09/15 14:00:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/09/14 21:30:54 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012/09/14 12:30:46 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/14 12:30:46 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/14 12:23:10 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys [2012/09/14 03:24:17 | 000,654,824 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/09/14 03:24:17 | 000,616,666 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/09/14 03:24:17 | 000,130,406 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/09/14 03:24:17 | 000,106,788 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/09/14 00:40:28 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012/09/14 00:39:32 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/09/14 00:35:15 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2012/09/14 00:35:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2012/09/14 00:35:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe [2012/09/14 00:35:15 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2012/09/14 00:35:14 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll [2012/09/14 00:35:14 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/09/07 15:24:24 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012/09/06 14:30:49 | 000,076,347 | ---- | M] () -- C:\ProgramData\ouzgshjjxcyeruo [2012/08/29 20:31:49 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012/08/29 20:31:49 | 000,002,040 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012/08/26 15:58:02 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012/08/26 15:58:02 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012/08/24 11:31:10 | 002,468,247 | ---- | M] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Bengang HD.mp3 [2012/08/24 11:20:04 | 003,118,185 | ---- | M] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Revolte.mp3 [2012/08/24 11:19:03 | 006,160,974 | ---- | M] () -- C:\Users\***\Desktop\Atzepeng - Paul Kalkbrenner.mp3 [2012/08/24 11:14:01 | 007,576,010 | ---- | M] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Gebrünn Gebrünn [Berlin Calling Edits] [HQ].mp3 [2012/08/24 11:08:21 | 006,135,995 | ---- | M] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Mango.mp3 [2012/08/22 19:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys [2012/08/22 19:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS [2012/08/20 19:47:06 | 000,002,431 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Word Starter 2010.lnk [2012/08/17 13:27:54 | 000,076,754 | ---- | M] () -- C:\Users\***\Desktop\283889_4488110409710_1412415631_n.jpg [2012/08/17 12:40:07 | 000,284,200 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/09/14 06:12:33 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2012/09/07 15:24:24 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012/09/07 08:01:54 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/09/06 14:30:37 | 000,076,347 | ---- | C] () -- C:\ProgramData\ouzgshjjxcyeruo [2012/08/25 20:31:16 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012/08/25 20:31:16 | 000,002,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012/08/24 11:30:26 | 002,468,247 | ---- | C] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Bengang HD.mp3 [2012/08/24 11:19:05 | 003,118,185 | ---- | C] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Revolte.mp3 [2012/08/24 11:16:56 | 006,160,974 | ---- | C] () -- C:\Users\***\Desktop\Atzepeng - Paul Kalkbrenner.mp3 [2012/08/24 11:12:00 | 007,576,010 | ---- | C] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Gebrünn Gebrünn [Berlin Calling Edits] [HQ].mp3 [2012/08/24 11:06:40 | 006,135,995 | ---- | C] () -- C:\Users\***\Desktop\Paul Kalkbrenner - Mango.mp3 [2012/08/20 19:47:06 | 000,002,431 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Word Starter 2010.lnk [2012/08/17 13:27:39 | 000,076,754 | ---- | C] () -- C:\Users\***\Desktop\283889_4488110409710_1412415631_n.jpg [2012/04/24 21:48:10 | 000,349,264 | ---- | C] () -- C:\windows\System32\UPDIO2.dll [2012/04/24 21:48:09 | 000,024,064 | ---- | C] () -- C:\windows\System32\spd__l.dll [2012/04/24 21:48:07 | 000,261,712 | ---- | C] () -- C:\windows\SUPDRun.exe [2012/04/24 21:48:07 | 000,151,552 | ---- | C] () -- C:\windows\System32\spd__ci.exe [2012/04/15 19:05:04 | 000,007,609 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011/02/05 23:02:24 | 000,000,859 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010/11/24 20:54:39 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2010/11/24 20:54:39 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat [2010/11/24 19:47:09 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini [2010/11/24 19:45:44 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012/07/23 19:23:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012/08/14 21:22:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer [2011/01/04 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Asus [2012/05/26 15:24:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage [2010/11/23 21:23:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1 [2012/09/14 12:41:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011/09/24 20:23:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011/02/08 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010/11/24 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\E-Cam [2011/02/05 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2012/06/05 09:50:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2009/07/14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2010/06/24 18:00:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2010/06/24 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012/09/07 08:02:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011/07/25 18:48:18 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2010/11/25 14:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2011/02/06 18:14:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012/09/06 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2012/07/29 17:39:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM [2012/09/11 07:12:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2010/11/25 16:16:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2011/08/27 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2012/07/03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012/07/03 03:21:40 | 000,874,424 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012/07/03 03:21:46 | 000,181,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009/06/05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > Hoffe es stimmt jetzt? Danke jedenfalls für die Geduld. Lässt sich eigentlich mein früherer Thread von mir noch editieren/bearbeiten? Vermutlich nicht, oder? Lg kkjoky |
|
16.09.2012, 14:16
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Phex.THAGen9 - eeePC - Win7 So isses nun richtig - du kannst deine Postings nur max. 1h nach nach Erstellung editieren
__________________Was willst du genau editieren und warum?
__________________ |
|
16.09.2012, 17:19
| #19 |
| | Trojan.Phex.THAGen9 - eeePC - Win7 Ja gut, die 1Stunde ist natürlich schon um... Cosinuns, ich hätte gerne noch drei Sternchen eingefügt. Wie könnte es nun weitergehen? Der Vorgang ist vermutlich noch nicht fertig, oder? Danke für den nächsten Tipp. Gruß kkjoky |
|
17.09.2012, 09:21
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Phex.THAGen9 - eeePC - Win7 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
[2012/07/28 10:19:49 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\Program Files\ICQ6Toolbar
C:\ProgramData\ouzgshjjxcyeruo
C:\ProgramData\pcdjxalmprhtcbs
C:\Users\All Users\pcdjxalmprhtcbs
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 09:39
| #21 |
| | Trojan.Phex.THAGen9 - eeePC - Win7 Hallo und danke für die Weiterbegleitung: OTL.EXE ausgeführt - Neustart des eeePC. Beim Start kam die Sicherheitswarnung, ob OTL.EXE (unbekannter Herausgeber) ausgheführt werden soll. 'Ausführen' geklickt. Hier der Log-file: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-3367599154-1114224893-2574791284-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "" removed from browser.search.defaultengine
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "" removed from browser.search.order.1
Prefs.js: "" removed from browser.search.selectedEngine
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w4o5j7xp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
C:\Program Files\ICQ6Toolbar folder moved successfully.
C:\ProgramData\ouzgshjjxcyeruo moved successfully.
C:\ProgramData\pcdjxalmprhtcbs folder moved successfully.
File\Folder C:\Users\All Users\pcdjxalmprhtcbs not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: ***
->Temp folder emptied: 1246464 bytes
->Temporary Internet Files folder emptied: 497382 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 83716619 bytes
->Flash cache emptied: 864 bytes
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1017286 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 82.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.4 log created on 09172012_102903
Files\Folders moved on Reboot...
C:\windows\temp\HS.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
- alles läuft prima im normalen Modus; - keine leeren (Programm-)Ordner. Gruß kkjoky Geändert von kkjoky (17.09.2012 um 09:46 Uhr) Grund: normaler Modus und Co. |
|
17.09.2012, 09:44
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Phex.THAGen9 - eeePC - Win7 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 10:07
| #23 |
| | Trojan.Phex.THAGen9 - eeePC - Win7 So, Cosinus. Auch das lief weitgehenst nach Plan. TDSSKiller wollte von Version 2.8.8.0 (dein Link) auf 2.8.9.0 updaten. Hat aber nicht geklappt... daher dieser Log: Code:
ATTFilter 10:57:59.0044 4740 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:58:01.0384 4740 ============================================================
10:58:01.0384 4740 Current date / time: 2012/09/17 10:58:01.0384
10:58:01.0384 4740 SystemInfo:
10:58:01.0384 4740
10:58:01.0384 4740 OS Version: 6.1.7601 ServicePack: 1.0
10:58:01.0384 4740 Product type: Workstation
10:58:01.0384 4740 ComputerName: ***-PC
10:58:01.0384 4740 UserName: ***
10:58:01.0384 4740 Windows directory: C:\windows
10:58:01.0384 4740 System windows directory: C:\windows
10:58:01.0384 4740 Processor architecture: Intel x86
10:58:01.0384 4740 Number of processors: 2
10:58:01.0384 4740 Page size: 0x1000
10:58:01.0384 4740 Boot type: Normal boot
10:58:01.0384 4740 ============================================================
10:58:02.0445 4740 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:58:02.0460 4740 Drive \Device\Harddisk1\DR1 - Size: 0x75A00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xEF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:58:02.0460 4740 ============================================================
10:58:02.0460 4740 \Device\Harddisk0\DR0:
10:58:02.0460 4740 MBR partitions:
10:58:02.0460 4740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000800
10:58:02.0460 4740 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBE01000, BlocksNum 0x6C0E800
10:58:02.0460 4740 \Device\Harddisk1\DR1:
10:58:02.0460 4740 MBR partitions:
10:58:02.0460 4740 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3ACF79
10:58:02.0460 4740 ============================================================
10:58:02.0507 4740 C: <-> \Device\Harddisk0\DR0\Partition1
10:58:02.0554 4740 D: <-> \Device\Harddisk0\DR0\Partition2
10:58:02.0554 4740 ============================================================
10:58:02.0554 4740 Initialize success
10:58:02.0554 4740 ============================================================
10:58:49.0900 4720 ============================================================
10:58:49.0900 4720 Scan started
10:58:49.0900 4720 Mode: Manual; SigCheck; TDLFS;
10:58:49.0900 4720 ============================================================
10:58:50.0587 4720 ================ Scan system memory ========================
10:58:50.0587 4720 System memory - ok
10:58:50.0602 4720 ================ Scan services =============================
10:58:50.0836 4720 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
10:58:51.0117 4720 1394ohci - ok
10:58:51.0164 4720 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
10:58:51.0242 4720 ACPI - ok
10:58:51.0289 4720 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
10:58:51.0413 4720 AcpiPmi - ok
10:58:51.0585 4720 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:58:51.0632 4720 AdobeARMservice - ok
10:58:51.0757 4720 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:58:51.0819 4720 AdobeFlashPlayerUpdateSvc - ok
10:58:51.0897 4720 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
10:58:51.0975 4720 adp94xx - ok
10:58:52.0053 4720 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
10:58:52.0131 4720 adpahci - ok
10:58:52.0162 4720 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
10:58:52.0209 4720 adpu320 - ok
10:58:52.0256 4720 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
10:58:52.0381 4720 AeLookupSvc - ok
10:58:52.0459 4720 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
10:58:52.0583 4720 AFD - ok
10:58:52.0630 4720 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
10:58:52.0677 4720 agp440 - ok
10:58:52.0739 4720 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
10:58:52.0802 4720 aic78xx - ok
10:58:52.0880 4720 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
10:58:52.0989 4720 ALG - ok
10:58:53.0067 4720 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
10:58:53.0129 4720 aliide - ok
10:58:53.0145 4720 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
10:58:53.0207 4720 amdagp - ok
10:58:53.0223 4720 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
10:58:53.0270 4720 amdide - ok
10:58:53.0332 4720 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
10:58:53.0410 4720 AmdK8 - ok
10:58:53.0426 4720 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
10:58:53.0504 4720 AmdPPM - ok
10:58:53.0551 4720 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
10:58:53.0597 4720 amdsata - ok
10:58:53.0629 4720 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
10:58:53.0691 4720 amdsbs - ok
10:58:53.0738 4720 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
10:58:53.0785 4720 amdxata - ok
10:58:53.0847 4720 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
10:58:54.0081 4720 AppID - ok
10:58:54.0159 4720 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
10:58:54.0284 4720 AppIDSvc - ok
10:58:54.0362 4720 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
10:58:54.0487 4720 Appinfo - ok
10:58:54.0674 4720 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:58:54.0705 4720 Apple Mobile Device - ok
10:58:54.0767 4720 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
10:58:54.0814 4720 arc - ok
10:58:54.0845 4720 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
10:58:54.0892 4720 arcsas - ok
10:58:54.0955 4720 [ 561D6B76C045311691B870F6B3F19EAB ] AsUpIO C:\windows\system32\drivers\AsUpIO.sys
10:58:55.0064 4720 AsUpIO - ok
10:58:55.0111 4720 [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService C:\Windows\System32\AsusService.exe
10:58:55.0157 4720 AsusService ( UnsignedFile.Multi.Generic ) - warning
10:58:55.0173 4720 AsusService - detected UnsignedFile.Multi.Generic (1)
10:58:55.0220 4720 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
10:58:55.0407 4720 AsyncMac - ok
10:58:55.0485 4720 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
10:58:55.0532 4720 atapi - ok
10:58:55.0641 4720 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\windows\system32\DRIVERS\athr.sys
10:58:55.0797 4720 athr - ok
10:58:55.0875 4720 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
10:58:56.0031 4720 AudioEndpointBuilder - ok
10:58:56.0093 4720 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
10:58:56.0203 4720 Audiosrv - ok
10:58:56.0281 4720 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
10:58:56.0405 4720 AxInstSV - ok
10:58:56.0483 4720 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
10:58:56.0593 4720 b06bdrv - ok
10:58:56.0655 4720 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
10:58:56.0733 4720 b57nd60x - ok
10:58:56.0827 4720 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
10:58:56.0889 4720 BBSvc - ok
10:58:56.0967 4720 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
10:58:57.0061 4720 BBUpdate - ok
10:58:57.0139 4720 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
10:58:57.0248 4720 BDESVC - ok
10:58:57.0295 4720 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
10:58:57.0435 4720 Beep - ok
10:58:57.0497 4720 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
10:58:57.0653 4720 BFE - ok
10:58:57.0716 4720 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
10:58:57.0872 4720 BITS - ok
10:58:57.0919 4720 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
10:58:57.0997 4720 blbdrive - ok
10:58:58.0090 4720 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:58:58.0137 4720 Bonjour Service - ok
10:58:58.0199 4720 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
10:58:58.0309 4720 bowser - ok
10:58:58.0355 4720 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
10:58:58.0480 4720 BrFiltLo - ok
10:58:58.0511 4720 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
10:58:58.0589 4720 BrFiltUp - ok
10:58:58.0652 4720 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
10:58:58.0745 4720 Browser - ok
10:58:58.0792 4720 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
10:58:58.0870 4720 Brserid - ok
10:58:58.0886 4720 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
10:58:58.0964 4720 BrSerWdm - ok
10:58:58.0979 4720 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
10:58:59.0073 4720 BrUsbMdm - ok
10:58:59.0104 4720 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
10:58:59.0167 4720 BrUsbSer - ok
10:58:59.0229 4720 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
10:58:59.0338 4720 BthEnum - ok
10:58:59.0385 4720 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
10:58:59.0463 4720 BTHMODEM - ok
10:58:59.0494 4720 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
10:58:59.0572 4720 BthPan - ok
10:58:59.0650 4720 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
10:58:59.0744 4720 BTHPORT - ok
10:58:59.0806 4720 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
10:58:59.0947 4720 bthserv - ok
10:58:59.0993 4720 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
10:59:00.0087 4720 BTHUSB - ok
10:59:00.0134 4720 [ 92C5B845803F3662637EB691AC0B250F ] btusbflt C:\windows\system32\drivers\btusbflt.sys
10:59:00.0165 4720 btusbflt - ok
10:59:00.0243 4720 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
10:59:00.0290 4720 btwaudio - ok
10:59:00.0337 4720 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
10:59:00.0383 4720 btwavdt - ok
10:59:00.0524 4720 [ 13F2E3BF60FC1EB4E02912582C0B1E3E ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:59:00.0617 4720 btwdins - ok
10:59:00.0680 4720 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
10:59:00.0711 4720 btwl2cap - ok
10:59:00.0773 4720 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
10:59:00.0805 4720 btwrchid - ok
10:59:00.0867 4720 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
10:59:00.0992 4720 cdfs - ok
10:59:01.0085 4720 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys
10:59:01.0163 4720 cdrom - ok
10:59:01.0226 4720 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
10:59:01.0351 4720 CertPropSvc - ok
10:59:01.0397 4720 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
10:59:01.0460 4720 circlass - ok
10:59:01.0507 4720 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
10:59:01.0569 4720 CLFS - ok
10:59:01.0678 4720 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:59:01.0725 4720 clr_optimization_v2.0.50727_32 - ok
10:59:01.0834 4720 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:59:01.0912 4720 clr_optimization_v4.0.30319_32 - ok
10:59:01.0959 4720 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
10:59:02.0037 4720 CmBatt - ok
10:59:02.0115 4720 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
10:59:02.0146 4720 cmdide - ok
10:59:02.0224 4720 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
10:59:02.0349 4720 CNG - ok
10:59:02.0411 4720 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
10:59:02.0458 4720 Compbatt - ok
10:59:02.0521 4720 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
10:59:02.0599 4720 CompositeBus - ok
10:59:02.0614 4720 COMSysApp - ok
10:59:02.0661 4720 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
10:59:02.0708 4720 crcdisk - ok
10:59:02.0770 4720 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\windows\system32\cryptsvc.dll
10:59:02.0864 4720 CryptSvc - ok
10:59:03.0020 4720 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:59:03.0160 4720 cvhsvc - ok
10:59:03.0238 4720 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
10:59:03.0379 4720 DcomLaunch - ok
10:59:03.0425 4720 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
10:59:03.0566 4720 defragsvc - ok
10:59:03.0628 4720 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
10:59:03.0737 4720 DfsC - ok
10:59:03.0815 4720 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
10:59:03.0956 4720 Dhcp - ok
10:59:04.0003 4720 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
10:59:04.0159 4720 discache - ok
10:59:04.0205 4720 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
10:59:04.0268 4720 Disk - ok
10:59:04.0299 4720 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
10:59:04.0393 4720 Dnscache - ok
10:59:04.0455 4720 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
10:59:04.0595 4720 dot3svc - ok
10:59:04.0642 4720 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
10:59:04.0783 4720 DPS - ok
10:59:04.0845 4720 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
10:59:04.0923 4720 drmkaud - ok
10:59:05.0001 4720 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
10:59:05.0126 4720 DXGKrnl - ok
10:59:05.0204 4720 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
10:59:05.0329 4720 EapHost - ok
10:59:05.0500 4720 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
10:59:05.0781 4720 ebdrv - ok
10:59:05.0828 4720 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
10:59:05.0953 4720 EFS - ok
10:59:06.0031 4720 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
10:59:06.0124 4720 elxstor - ok
10:59:06.0155 4720 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
10:59:06.0233 4720 ErrDev - ok
10:59:06.0327 4720 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
10:59:06.0467 4720 EventSystem - ok
10:59:06.0499 4720 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
10:59:06.0655 4720 exfat - ok
10:59:06.0701 4720 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
10:59:06.0842 4720 fastfat - ok
10:59:06.0920 4720 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
10:59:07.0045 4720 Fax - ok
10:59:07.0107 4720 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
10:59:07.0169 4720 fdc - ok
10:59:07.0216 4720 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
10:59:07.0357 4720 fdPHost - ok
10:59:07.0388 4720 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
10:59:07.0513 4720 FDResPub - ok
10:59:07.0544 4720 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
10:59:07.0591 4720 FileInfo - ok
10:59:07.0637 4720 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
10:59:07.0747 4720 Filetrace - ok
10:59:07.0762 4720 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
10:59:07.0840 4720 flpydisk - ok
10:59:07.0887 4720 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
10:59:07.0949 4720 FltMgr - ok
10:59:08.0012 4720 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
10:59:08.0184 4720 FontCache - ok
10:59:08.0262 4720 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:59:08.0340 4720 FontCache3.0.0.0 - ok
10:59:08.0387 4720 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
10:59:08.0434 4720 FsDepends - ok
10:59:08.0465 4720 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
10:59:08.0512 4720 Fs_Rec - ok
10:59:08.0574 4720 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
10:59:08.0637 4720 fvevol - ok
10:59:08.0715 4720 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
10:59:08.0762 4720 gagp30kx - ok
10:59:08.0808 4720 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
10:59:08.0840 4720 GEARAspiWDM - ok
10:59:08.0918 4720 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
10:59:09.0105 4720 gpsvc - ok
10:59:09.0184 4720 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:59:09.0231 4720 gusvc - ok
10:59:09.0262 4720 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
10:59:09.0340 4720 hcw85cir - ok
10:59:09.0418 4720 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
10:59:09.0511 4720 HdAudAddService - ok
10:59:09.0558 4720 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
10:59:09.0636 4720 HDAudBus - ok
10:59:09.0683 4720 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
10:59:09.0730 4720 HidBatt - ok
10:59:09.0761 4720 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
10:59:09.0839 4720 HidBth - ok
10:59:09.0855 4720 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
10:59:09.0933 4720 HidIr - ok
10:59:09.0979 4720 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
10:59:10.0120 4720 hidserv - ok
10:59:10.0199 4720 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\drivers\hidusb.sys
10:59:10.0261 4720 HidUsb - ok
10:59:10.0324 4720 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
10:59:10.0448 4720 hkmsvc - ok
10:59:10.0495 4720 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
10:59:10.0589 4720 HomeGroupListener - ok
10:59:10.0651 4720 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
10:59:10.0745 4720 HomeGroupProvider - ok
10:59:10.0807 4720 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
10:59:10.0854 4720 HpSAMD - ok
10:59:10.0932 4720 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
10:59:11.0119 4720 HTTP - ok
10:59:11.0166 4720 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
10:59:11.0213 4720 hwpolicy - ok
10:59:11.0306 4720 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
10:59:11.0384 4720 i8042prt - ok
10:59:11.0478 4720 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:59:11.0540 4720 IAANTMON - ok
10:59:11.0587 4720 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
10:59:11.0634 4720 iaStor - ok
10:59:11.0696 4720 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
10:59:11.0759 4720 iaStorV - ok
10:59:11.0806 4720 ICQ Service - ok
10:59:11.0899 4720 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:59:12.0040 4720 idsvc - ok
10:59:12.0305 4720 [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
10:59:12.0679 4720 igfx - ok
10:59:12.0726 4720 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
10:59:12.0757 4720 iirsp - ok
10:59:12.0835 4720 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
10:59:12.0960 4720 IKEEXT - ok
10:59:13.0132 4720 [ BF9866875EDF86AAE24DD8BD9418DEFF ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
10:59:13.0350 4720 IntcAzAudAddService - ok
10:59:13.0381 4720 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
10:59:13.0412 4720 intelide - ok
10:59:13.0475 4720 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
10:59:13.0522 4720 intelppm - ok
10:59:13.0568 4720 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
10:59:13.0693 4720 IPBusEnum - ok
10:59:13.0724 4720 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
10:59:13.0849 4720 IpFilterDriver - ok
10:59:13.0943 4720 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
10:59:14.0114 4720 iphlpsvc - ok
10:59:14.0161 4720 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
10:59:14.0255 4720 IPMIDRV - ok
10:59:14.0286 4720 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
10:59:14.0411 4720 IPNAT - ok
10:59:14.0489 4720 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:59:14.0582 4720 iPod Service - ok
10:59:14.0645 4720 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
10:59:14.0754 4720 IRENUM - ok
10:59:14.0801 4720 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
10:59:14.0863 4720 isapnp - ok
10:59:14.0894 4720 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
10:59:14.0957 4720 iScsiPrt - ok
10:59:15.0019 4720 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
10:59:15.0082 4720 kbdclass - ok
10:59:15.0144 4720 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
10:59:15.0206 4720 kbdhid - ok
10:59:15.0269 4720 [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr C:\windows\system32\DRIVERS\kbfiltr.sys
10:59:15.0300 4720 kbfiltr - ok
10:59:15.0331 4720 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
10:59:15.0378 4720 KeyIso - ok
10:59:15.0425 4720 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
10:59:15.0472 4720 KSecDD - ok
10:59:15.0534 4720 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
10:59:15.0596 4720 KSecPkg - ok
10:59:15.0628 4720 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
10:59:15.0768 4720 KtmRm - ok
10:59:15.0846 4720 [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C C:\windows\system32\DRIVERS\L1C62x86.sys
10:59:15.0940 4720 L1C - ok
10:59:15.0986 4720 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
10:59:16.0174 4720 LanmanServer - ok
10:59:16.0236 4720 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
10:59:16.0330 4720 LanmanWorkstation - ok
10:59:16.0408 4720 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
10:59:16.0517 4720 lltdio - ok
10:59:16.0564 4720 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
10:59:16.0688 4720 lltdsvc - ok
10:59:16.0720 4720 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
10:59:16.0844 4720 lmhosts - ok
10:59:16.0891 4720 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
10:59:16.0954 4720 LSI_FC - ok
10:59:16.0969 4720 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
10:59:17.0032 4720 LSI_SAS - ok
10:59:17.0078 4720 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
10:59:17.0125 4720 LSI_SAS2 - ok
10:59:17.0141 4720 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
10:59:17.0203 4720 LSI_SCSI - ok
10:59:17.0250 4720 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
10:59:17.0359 4720 luafv - ok
10:59:17.0468 4720 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\windows\system32\drivers\mbamswissarmy.sys
10:59:17.0500 4720 MBAMSwissArmy - ok
10:59:17.0640 4720 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
10:59:17.0702 4720 McComponentHostService - ok
10:59:17.0749 4720 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
10:59:17.0796 4720 megasas - ok
10:59:17.0858 4720 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
10:59:17.0936 4720 MegaSR - ok
10:59:17.0968 4720 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
10:59:18.0124 4720 MMCSS - ok
10:59:18.0155 4720 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
10:59:18.0281 4720 Modem - ok
10:59:18.0374 4720 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
10:59:18.0452 4720 monitor - ok
10:59:18.0499 4720 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\drivers\mouclass.sys
10:59:18.0546 4720 mouclass - ok
10:59:18.0608 4720 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
10:59:18.0686 4720 mouhid - ok
10:59:18.0733 4720 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
10:59:18.0780 4720 mountmgr - ok
10:59:18.0858 4720 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:59:18.0905 4720 MozillaMaintenance - ok
10:59:18.0936 4720 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
10:59:18.0998 4720 mpio - ok
10:59:19.0029 4720 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
10:59:19.0154 4720 mpsdrv - ok
10:59:19.0232 4720 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
10:59:19.0388 4720 MpsSvc - ok
10:59:19.0435 4720 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
10:59:19.0529 4720 MRxDAV - ok
10:59:19.0591 4720 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
10:59:19.0685 4720 mrxsmb - ok
10:59:19.0731 4720 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
10:59:19.0825 4720 mrxsmb10 - ok
10:59:19.0872 4720 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
10:59:19.0950 4720 mrxsmb20 - ok
10:59:19.0997 4720 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
10:59:20.0075 4720 msahci - ok
10:59:20.0153 4720 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
10:59:20.0199 4720 msdsm - ok
10:59:20.0231 4720 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
10:59:20.0324 4720 MSDTC - ok
10:59:20.0387 4720 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
10:59:20.0496 4720 Msfs - ok
10:59:20.0511 4720 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
10:59:20.0636 4720 mshidkmdf - ok
10:59:20.0652 4720 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
10:59:20.0714 4720 msisadrv - ok
10:59:20.0792 4720 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
10:59:20.0917 4720 MSiSCSI - ok
10:59:20.0933 4720 msiserver - ok
10:59:20.0979 4720 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
10:59:21.0135 4720 MSKSSRV - ok
10:59:21.0167 4720 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
10:59:21.0276 4720 MSPCLOCK - ok
10:59:21.0323 4720 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
10:59:21.0447 4720 MSPQM - ok
10:59:21.0479 4720 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
10:59:21.0541 4720 MsRPC - ok
10:59:21.0603 4720 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
10:59:21.0650 4720 mssmbios - ok
10:59:21.0681 4720 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
10:59:21.0775 4720 MSTEE - ok
10:59:21.0806 4720 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
10:59:21.0869 4720 MTConfig - ok
10:59:21.0915 4720 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
10:59:21.0962 4720 Mup - ok
10:59:22.0025 4720 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
10:59:22.0196 4720 napagent - ok
10:59:22.0259 4720 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
10:59:22.0337 4720 NativeWifiP - ok
10:59:22.0399 4720 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
10:59:22.0508 4720 NDIS - ok
10:59:22.0539 4720 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
10:59:22.0664 4720 NdisCap - ok
10:59:22.0711 4720 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
10:59:22.0820 4720 NdisTapi - ok
10:59:22.0883 4720 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
10:59:22.0992 4720 Ndisuio - ok
10:59:23.0070 4720 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
10:59:23.0210 4720 NdisWan - ok
10:59:23.0257 4720 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
10:59:23.0382 4720 NDProxy - ok
10:59:23.0460 4720 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
10:59:23.0491 4720 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:59:23.0491 4720 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:59:23.0553 4720 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
10:59:23.0663 4720 NetBIOS - ok
10:59:23.0787 4720 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
10:59:23.0912 4720 NetBT - ok
10:59:23.0943 4720 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
10:59:23.0990 4720 Netlogon - ok
10:59:24.0084 4720 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
10:59:24.0240 4720 Netman - ok
10:59:24.0302 4720 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
10:59:24.0458 4720 netprofm - ok
10:59:24.0505 4720 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:59:24.0552 4720 NetTcpPortSharing - ok
10:59:24.0614 4720 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
10:59:24.0661 4720 nfrd960 - ok
10:59:24.0723 4720 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\windows\System32\nlasvc.dll
10:59:24.0864 4720 NlaSvc - ok
10:59:24.0911 4720 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
10:59:25.0067 4720 Npfs - ok
10:59:25.0145 4720 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
10:59:25.0269 4720 nsi - ok
10:59:25.0301 4720 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
10:59:25.0410 4720 nsiproxy - ok
10:59:25.0503 4720 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\windows\system32\drivers\Ntfs.sys
10:59:25.0644 4720 Ntfs - ok
10:59:25.0737 4720 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
10:59:25.0862 4720 Null - ok
10:59:26.0003 4720 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
10:59:26.0315 4720 nvraid - ok
10:59:26.0361 4720 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
10:59:26.0408 4720 nvstor - ok
10:59:26.0471 4720 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
10:59:26.0517 4720 nv_agp - ok
10:59:26.0564 4720 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
10:59:26.0611 4720 ohci1394 - ok
10:59:26.0689 4720 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:59:26.0736 4720 ose - ok
10:59:26.0954 4720 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:59:27.0391 4720 osppsvc - ok
10:59:27.0453 4720 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
10:59:27.0516 4720 p2pimsvc - ok
10:59:27.0547 4720 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
10:59:27.0641 4720 p2psvc - ok
10:59:27.0672 4720 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
10:59:27.0719 4720 Parport - ok
10:59:27.0765 4720 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
10:59:27.0797 4720 partmgr - ok
10:59:27.0828 4720 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
10:59:27.0890 4720 Parvdm - ok
10:59:27.0937 4720 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
10:59:28.0031 4720 PcaSvc - ok
10:59:28.0109 4720 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
10:59:28.0155 4720 pci - ok
10:59:28.0218 4720 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
10:59:28.0265 4720 pciide - ok
10:59:28.0296 4720 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
10:59:28.0343 4720 pcmcia - ok
10:59:28.0389 4720 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
10:59:28.0436 4720 pcw - ok
10:59:28.0499 4720 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
10:59:28.0670 4720 PEAUTH - ok
10:59:28.0826 4720 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
10:59:29.0045 4720 pla - ok
10:59:29.0138 4720 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
10:59:29.0263 4720 PlugPlay - ok
10:59:29.0325 4720 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
10:59:29.0357 4720 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:59:29.0357 4720 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:59:29.0403 4720 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
10:59:29.0466 4720 PNRPAutoReg - ok
10:59:29.0513 4720 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
10:59:29.0575 4720 PNRPsvc - ok
10:59:29.0637 4720 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
10:59:29.0778 4720 PolicyAgent - ok
10:59:29.0840 4720 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
10:59:29.0965 4720 Power - ok
10:59:30.0027 4720 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
10:59:30.0168 4720 PptpMiniport - ok
10:59:30.0199 4720 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
10:59:30.0277 4720 Processor - ok
10:59:30.0339 4720 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
10:59:30.0449 4720 ProfSvc - ok
10:59:30.0480 4720 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
10:59:30.0527 4720 ProtectedStorage - ok
10:59:30.0605 4720 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
10:59:30.0729 4720 Psched - ok
10:59:30.0807 4720 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
10:59:30.0979 4720 ql2300 - ok
10:59:31.0010 4720 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
10:59:31.0073 4720 ql40xx - ok
10:59:31.0135 4720 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
10:59:31.0244 4720 QWAVE - ok
10:59:31.0275 4720 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
10:59:31.0338 4720 QWAVEdrv - ok
10:59:31.0369 4720 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
10:59:31.0478 4720 RasAcd - ok
10:59:31.0541 4720 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
10:59:31.0634 4720 RasAgileVpn - ok
10:59:31.0681 4720 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
10:59:31.0790 4720 RasAuto - ok
10:59:31.0821 4720 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
10:59:31.0946 4720 Rasl2tp - ok
10:59:32.0024 4720 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
10:59:32.0180 4720 RasMan - ok
10:59:32.0211 4720 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
10:59:32.0367 4720 RasPppoe - ok
10:59:32.0430 4720 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
10:59:32.0555 4720 RasSstp - ok
10:59:32.0601 4720 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
10:59:32.0711 4720 rdbss - ok
10:59:32.0742 4720 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
10:59:32.0789 4720 rdpbus - ok
10:59:32.0851 4720 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
10:59:32.0960 4720 RDPCDD - ok
10:59:33.0007 4720 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
10:59:33.0147 4720 RDPENCDD - ok
10:59:33.0194 4720 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
10:59:33.0272 4720 RDPREFMP - ok
10:59:33.0335 4720 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
10:59:33.0397 4720 RDPWD - ok
10:59:33.0459 4720 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
10:59:33.0522 4720 rdyboost - ok
10:59:33.0553 4720 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
10:59:33.0693 4720 RemoteAccess - ok
10:59:33.0740 4720 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
10:59:33.0881 4720 RemoteRegistry - ok
10:59:33.0943 4720 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
10:59:34.0021 4720 RFCOMM - ok
10:59:34.0115 4720 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
10:59:34.0239 4720 RpcEptMapper - ok
10:59:34.0302 4720 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
10:59:34.0380 4720 RpcLocator - ok
10:59:34.0427 4720 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
10:59:34.0551 4720 RpcSs - ok
10:59:34.0614 4720 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
10:59:34.0754 4720 rspndr - ok
10:59:34.0785 4720 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
10:59:34.0832 4720 SamSs - ok
10:59:34.0910 4720 [ 2A54EFF79B03A8C2389F2BB0F2264F1E ] Samsung UPD Service2 C:\Windows\system32\SUPDSvc2.exe
10:59:34.0973 4720 Samsung UPD Service2 - ok
10:59:35.0019 4720 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
10:59:35.0097 4720 sbp2port - ok
10:59:35.0144 4720 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
10:59:35.0285 4720 SCardSvr - ok
10:59:35.0331 4720 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
10:59:35.0425 4720 scfilter - ok
10:59:35.0503 4720 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
10:59:35.0690 4720 Schedule - ok
10:59:35.0737 4720 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
10:59:35.0846 4720 SCPolicySvc - ok
10:59:35.0893 4720 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
10:59:35.0987 4720 SDRSVC - ok
10:59:36.0080 4720 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
10:59:36.0205 4720 secdrv - ok
10:59:36.0252 4720 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
10:59:36.0392 4720 seclogon - ok
10:59:36.0423 4720 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
10:59:36.0548 4720 SENS - ok
10:59:36.0579 4720 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
10:59:36.0642 4720 Serenum - ok
10:59:36.0673 4720 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
10:59:36.0735 4720 Serial - ok
10:59:36.0782 4720 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
10:59:36.0845 4720 sermouse - ok
10:59:36.0923 4720 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
10:59:37.0047 4720 SessionEnv - ok
10:59:37.0172 4720 [ E372ADC14BB40A2C2A55AC754CE87A8C ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
10:59:37.0281 4720 SfCtlCom - ok
10:59:37.0328 4720 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
10:59:37.0391 4720 sffdisk - ok
10:59:37.0437 4720 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
10:59:37.0484 4720 sffp_mmc - ok
10:59:37.0531 4720 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
10:59:37.0609 4720 sffp_sd - ok
10:59:37.0656 4720 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
10:59:37.0718 4720 sfloppy - ok
10:59:37.0812 4720 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
10:59:37.0921 4720 Sftfs - ok
10:59:37.0983 4720 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
10:59:38.0093 4720 sftlist - ok
10:59:38.0139 4720 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
10:59:38.0202 4720 Sftplay - ok
10:59:38.0233 4720 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
10:59:38.0264 4720 Sftredir - ok
10:59:38.0295 4720 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
10:59:38.0327 4720 Sftvol - ok
10:59:38.0373 4720 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
10:59:38.0405 4720 sftvsa - ok
10:59:38.0467 4720 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
10:59:38.0592 4720 SharedAccess - ok
10:59:38.0654 4720 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:59:38.0795 4720 ShellHWDetection - ok
10:59:38.0841 4720 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
10:59:38.0888 4720 sisagp - ok
10:59:38.0935 4720 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
10:59:38.0966 4720 SiSRaid2 - ok
10:59:39.0013 4720 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
10:59:39.0075 4720 SiSRaid4 - ok
10:59:39.0138 4720 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:59:39.0185 4720 SkypeUpdate - ok
10:59:39.0231 4720 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
10:59:39.0341 4720 Smb - ok
10:59:39.0434 4720 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
10:59:39.0512 4720 SNMPTRAP - ok
10:59:39.0559 4720 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
10:59:39.0606 4720 spldr - ok
10:59:39.0684 4720 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
10:59:39.0777 4720 Spooler - ok
10:59:39.0949 4720 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
10:59:40.0292 4720 sppsvc - ok
10:59:40.0339 4720 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
10:59:40.0479 4720 sppuinotify - ok
10:59:40.0542 4720 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
10:59:40.0635 4720 srv - ok
10:59:40.0682 4720 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
10:59:40.0745 4720 srv2 - ok
10:59:40.0791 4720 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
10:59:40.0869 4720 srvnet - ok
10:59:40.0932 4720 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
10:59:41.0072 4720 SSDPSRV - ok
10:59:41.0135 4720 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
10:59:41.0275 4720 SstpSvc - ok
10:59:41.0322 4720 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
10:59:41.0369 4720 stexstor - ok
10:59:41.0431 4720 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
10:59:41.0540 4720 StiSvc - ok
10:59:41.0603 4720 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
10:59:41.0649 4720 swenum - ok
10:59:41.0696 4720 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
10:59:41.0868 4720 swprv - ok
10:59:41.0946 4720 [ BD8E7F87DE409A745A132A8812DE5A96 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
10:59:41.0993 4720 SynTP - ok
10:59:42.0117 4720 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
10:59:42.0273 4720 SysMain - ok
10:59:42.0336 4720 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
10:59:42.0414 4720 TabletInputService - ok
10:59:42.0461 4720 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
10:59:42.0554 4720 TapiSrv - ok
10:59:42.0585 4720 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
10:59:42.0711 4720 TBS - ok
10:59:42.0820 4720 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\windows\system32\drivers\tcpip.sys
10:59:42.0945 4720 Tcpip - ok
10:59:43.0039 4720 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
10:59:43.0132 4720 TCPIP6 - ok
10:59:43.0179 4720 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
10:59:43.0288 4720 tcpipreg - ok
10:59:43.0335 4720 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
10:59:43.0413 4720 TDPIPE - ok
10:59:43.0460 4720 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
10:59:43.0507 4720 TDTCP - ok
10:59:43.0554 4720 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
10:59:43.0632 4720 tdx - ok
10:59:43.0678 4720 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
10:59:43.0710 4720 TermDD - ok
10:59:43.0788 4720 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
10:59:43.0897 4720 TermService - ok
10:59:43.0944 4720 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
10:59:44.0053 4720 Themes - ok
10:59:44.0084 4720 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
10:59:44.0178 4720 THREADORDER - ok
10:59:44.0240 4720 [ CA9E9C2C04A198ED345C1752222A5F3E ] tmactmon C:\windows\system32\DRIVERS\tmactmon.sys
10:59:44.0271 4720 tmactmon - ok
10:59:44.0302 4720 [ B365E817E398FF2AC5706EAB232EF6C1 ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
10:59:44.0380 4720 TMBMServer - ok
10:59:44.0412 4720 [ A3D20789B3FF0576A29462BEF25BCFCC ] tmcomm C:\windows\system32\DRIVERS\tmcomm.sys
10:59:44.0458 4720 tmcomm - ok
10:59:44.0536 4720 [ 21F215E54770C4BF93EFAF63F58FE57E ] tmevtmgr C:\windows\system32\DRIVERS\tmevtmgr.sys
10:59:44.0583 4720 tmevtmgr - ok
10:59:44.0646 4720 [ AC88B1E97A3EADE322EDA84E69967341 ] tmlwf C:\windows\system32\DRIVERS\tmlwf.sys
10:59:44.0692 4720 tmlwf - ok
10:59:44.0739 4720 [ 255328CF08D602368B69FF1F55EBD93E ] TmPfw C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
10:59:44.0848 4720 TmPfw - ok
10:59:44.0895 4720 [ 9CBBE54780770FDB7AAA73BE530E4D80 ] tmpreflt C:\windows\system32\DRIVERS\tmpreflt.sys
10:59:44.0926 4720 tmpreflt - ok
10:59:44.0973 4720 [ 0FEC6C50B2BE07C57651573CDD1C721F ] TmProxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
10:59:45.0082 4720 TmProxy - ok
10:59:45.0145 4720 [ 44C262C1B2412DED35078B6166D2ACC2 ] tmtdi C:\windows\system32\DRIVERS\tmtdi.sys
10:59:45.0176 4720 tmtdi - ok
10:59:45.0223 4720 [ 95DC30A928F5FCEE5D30A191BF058146 ] tmwfp C:\windows\system32\DRIVERS\tmwfp.sys
10:59:45.0270 4720 tmwfp - ok
10:59:45.0316 4720 [ 6CC393305BD60056CA09A4C8032A169A ] tmxpflt C:\windows\system32\DRIVERS\tmxpflt.sys
10:59:45.0379 4720 tmxpflt - ok
10:59:45.0426 4720 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
10:59:45.0566 4720 TrkWks - ok
10:59:45.0644 4720 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
10:59:45.0753 4720 TrustedInstaller - ok
10:59:45.0816 4720 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
10:59:45.0940 4720 tssecsrv - ok
10:59:46.0003 4720 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
10:59:46.0096 4720 TsUsbFlt - ok
10:59:46.0159 4720 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
10:59:46.0284 4720 tunnel - ok
10:59:46.0330 4720 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
10:59:46.0377 4720 uagp35 - ok
10:59:46.0440 4720 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
10:59:46.0580 4720 udfs - ok
10:59:46.0658 4720 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
10:59:46.0736 4720 UI0Detect - ok
10:59:46.0783 4720 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
10:59:46.0830 4720 uliagpkx - ok
10:59:46.0892 4720 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
10:59:46.0954 4720 umbus - ok
10:59:47.0001 4720 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
10:59:47.0079 4720 UmPass - ok
10:59:47.0142 4720 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
10:59:47.0298 4720 upnphost - ok
10:59:47.0360 4720 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
10:59:47.0438 4720 USBAAPL - ok
10:59:47.0500 4720 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
10:59:47.0594 4720 usbccgp - ok
10:59:47.0641 4720 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
10:59:47.0703 4720 usbcir - ok
10:59:47.0734 4720 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\drivers\usbehci.sys
10:59:47.0797 4720 usbehci - ok
10:59:47.0828 4720 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
10:59:47.0890 4720 usbhub - ok
10:59:47.0922 4720 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\drivers\usbohci.sys
10:59:47.0968 4720 usbohci - ok
10:59:48.0046 4720 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
10:59:48.0109 4720 usbprint - ok
10:59:48.0140 4720 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
10:59:48.0234 4720 USBSTOR - ok
10:59:48.0265 4720 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
10:59:48.0327 4720 usbuhci - ok
10:59:48.0390 4720 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
10:59:48.0468 4720 usbvideo - ok
10:59:48.0514 4720 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
10:59:48.0624 4720 UxSms - ok
10:59:48.0655 4720 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
10:59:48.0702 4720 VaultSvc - ok
10:59:48.0733 4720 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
10:59:48.0780 4720 vdrvroot - ok
10:59:48.0842 4720 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
10:59:48.0982 4720 vds - ok
10:59:49.0045 4720 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
10:59:49.0170 4720 vga - ok
10:59:49.0201 4720 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
10:59:49.0310 4720 VgaSave - ok
10:59:49.0357 4720 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
10:59:49.0435 4720 vhdmp - ok
10:59:49.0497 4720 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
10:59:49.0544 4720 viaagp - ok
10:59:49.0606 4720 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
10:59:49.0684 4720 ViaC7 - ok
10:59:49.0716 4720 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
10:59:49.0778 4720 viaide - ok
10:59:49.0809 4720 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
10:59:49.0856 4720 volmgr - ok
10:59:49.0887 4720 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
10:59:49.0950 4720 volmgrx - ok
10:59:49.0981 4720 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
10:59:50.0059 4720 volsnap - ok
10:59:50.0168 4720 [ BBDD84CA629C1F7C8172B4405867F196 ] vsapint C:\windows\system32\DRIVERS\vsapint.sys
10:59:50.0308 4720 vsapint - ok
10:59:50.0371 4720 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
10:59:50.0433 4720 vsmraid - ok
10:59:50.0527 4720 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
10:59:50.0745 4720 VSS - ok
10:59:50.0776 4720 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
10:59:50.0854 4720 vwifibus - ok
10:59:50.0886 4720 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
10:59:50.0979 4720 vwififlt - ok
10:59:51.0026 4720 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
10:59:51.0120 4720 vwifimp - ok
10:59:51.0166 4720 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
10:59:51.0369 4720 W32Time - ok
10:59:51.0432 4720 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
10:59:51.0494 4720 WacomPen - ok
10:59:51.0541 4720 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
10:59:51.0650 4720 WANARP - ok
10:59:51.0666 4720 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
10:59:51.0775 4720 Wanarpv6 - ok
10:59:51.0853 4720 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
10:59:52.0056 4720 wbengine - ok
10:59:52.0149 4720 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
10:59:52.0258 4720 WbioSrvc - ok
10:59:52.0305 4720 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
10:59:52.0430 4720 wcncsvc - ok
10:59:52.0461 4720 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
10:59:52.0539 4720 WcsPlugInService - ok
10:59:52.0586 4720 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
10:59:52.0617 4720 Wd - ok
10:59:52.0664 4720 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
10:59:52.0758 4720 Wdf01000 - ok
10:59:52.0789 4720 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
10:59:52.0960 4720 WdiServiceHost - ok
10:59:52.0976 4720 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
10:59:53.0070 4720 WdiSystemHost - ok
10:59:53.0163 4720 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
10:59:53.0241 4720 WebClient - ok
10:59:53.0288 4720 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
10:59:53.0444 4720 Wecsvc - ok
10:59:53.0491 4720 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
10:59:53.0600 4720 wercplsupport - ok
10:59:53.0662 4720 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
10:59:53.0740 4720 WerSvc - ok
10:59:53.0803 4720 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
10:59:53.0896 4720 WfpLwf - ok
10:59:53.0912 4720 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
10:59:53.0959 4720 WIMMount - ok
10:59:54.0052 4720 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:59:54.0162 4720 WinDefend - ok
10:59:54.0193 4720 WinHttpAutoProxySvc - ok
10:59:54.0271 4720 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
10:59:54.0396 4720 Winmgmt - ok
10:59:54.0489 4720 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
10:59:54.0739 4720 WinRM - ok
10:59:54.0817 4720 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
10:59:54.0895 4720 WinUsb - ok
10:59:54.0973 4720 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
10:59:55.0129 4720 Wlansvc - ok
10:59:55.0176 4720 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
10:59:55.0254 4720 WmiAcpi - ok
10:59:55.0316 4720 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
10:59:55.0394 4720 wmiApSrv - ok
10:59:55.0519 4720 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:59:55.0690 4720 WMPNetworkSvc - ok
10:59:55.0737 4720 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
10:59:55.0831 4720 WPCSvc - ok
10:59:55.0893 4720 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
10:59:55.0987 4720 WPDBusEnum - ok
10:59:56.0034 4720 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
10:59:56.0158 4720 ws2ifsl - ok
10:59:56.0190 4720 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
10:59:56.0283 4720 wscsvc - ok
10:59:56.0299 4720 WSearch - ok
10:59:56.0424 4720 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
10:59:56.0642 4720 wuauserv - ok
10:59:56.0658 4720 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
10:59:56.0782 4720 WudfPf - ok
10:59:56.0829 4720 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
10:59:56.0938 4720 WUDFRd - ok
10:59:57.0016 4720 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\windows\System32\WUDFSvc.dll
10:59:57.0157 4720 wudfsvc - ok
10:59:57.0188 4720 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
10:59:57.0297 4720 WwanSvc - ok
10:59:57.0375 4720 ================ Scan global ===============================
10:59:57.0422 4720 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
10:59:57.0469 4720 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
10:59:57.0531 4720 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
10:59:57.0578 4720 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
10:59:57.0609 4720 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
10:59:57.0640 4720 [Global] - ok
10:59:57.0640 4720 ================ Scan MBR ==================================
10:59:57.0672 4720 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:59:58.0062 4720 \Device\Harddisk0\DR0 - ok
10:59:58.0093 4720 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:59:58.0452 4720 \Device\Harddisk1\DR1 - ok
10:59:58.0467 4720 ================ Scan VBR ==================================
10:59:58.0467 4720 [ 86BB7DBAB286368AC9E85F7F33A0E3D3 ] \Device\Harddisk0\DR0\Partition1
10:59:58.0483 4720 \Device\Harddisk0\DR0\Partition1 - ok
10:59:58.0561 4720 [ 512744C0235B96621820344228FA735E ] \Device\Harddisk0\DR0\Partition2
10:59:58.0561 4720 \Device\Harddisk0\DR0\Partition2 - ok
10:59:58.0576 4720 [ 9A17773264CD8111E7E4369AE7BDC6FE ] \Device\Harddisk1\DR1\Partition1
10:59:58.0592 4720 \Device\Harddisk1\DR1\Partition1 - ok
10:59:58.0592 4720 ============================================================
10:59:58.0592 4720 Scan finished
10:59:58.0592 4720 ============================================================
10:59:58.0639 5116 Detected object count: 3
10:59:58.0639 5116 Actual detected object count: 3
11:00:47.0577 5116 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:47.0577 5116 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:00:47.0577 5116 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:47.0577 5116 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:00:47.0593 5116 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:47.0593 5116 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:01:41.0476 1260 Deinitialize success
kkjoky |
|
17.09.2012, 12:17
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Phex.THAGen9 - eeePC - Win7 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 16:08
| #25 |
| | Trojan.Phex.THAGen9 - eeePC - Win7 Hier der nächste Post, habe ComboFix durchlaufen lassen und der LOg-File sieht wie folgt aus: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-09-16.01 - *** 17.09.2012 16:31:06.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.245 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\service
c:\windows\system32\service\01052012_TIS17_SfFniAU.log
c:\windows\system32\service\02062012_TIS17_SfFniAU.log
c:\windows\system32\service\10012011_TIS17_SfFniAU.log
c:\windows\system32\service\13062012_TIS17_SfFniAU.log
c:\windows\system32\service\14092012_TIS17_SfFniAU.log
c:\windows\system32\service\14122011_TIS17_SfFniAU.log
c:\windows\system32\service\15082012_TIS17_SfFniAU.log
c:\windows\system32\service\17012011_TIS17_SfFniAU.log
c:\windows\system32\service\18082011_TIS17_SfFniAU.log
c:\windows\system32\service\23102011_TIS17_SfFniAU.log
c:\windows\system32\service\24112010_TIS17_SfFniAU.log
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-17 bis 2012-09-17 ))))))))))))))))))))))))))))))
.
.
2030-01-01 12:31 . 2011-06-28 20:25 -------- d-----w- C:\Boot
2012-09-17 14:49 . 2012-09-17 14:49 -------- d-----w- c:\users\***\AppData\Local\temp
2012-09-17 14:49 . 2012-09-17 14:49 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-09-17 14:49 . 2012-09-17 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-14 19:41 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8912A15F-766B-4673-91CC-87F8CC4167B7}\mpengine.dll
2012-09-13 22:39 . 2012-09-13 22:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-13 22:35 . 2012-09-13 22:35 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 22:31 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-13 22:31 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 22:31 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-13 22:31 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-13 22:31 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-13 22:31 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 05:12 . 2012-09-11 05:12 -------- d-----w- C:\_OTL
2012-09-07 08:22 . 2012-09-15 18:27 -------- d-----w- C:\trojaner
2012-09-07 06:25 . 2012-09-07 06:25 -------- d-----w- c:\program files\ESET
2012-09-07 06:02 . 2012-09-07 06:02 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-09-07 06:01 . 2012-09-07 06:01 -------- d-----w- c:\programdata\Malwarebytes
2012-09-07 06:01 . 2012-09-13 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-07 06:01 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-05 19:38 . 2012-09-05 19:38 -------- d-----w- c:\program files\Common Files\Skype
2012-09-05 19:38 . 2012-09-05 19:38 -------- d-----r- c:\program files\Skype
2012-08-25 18:31 . 2012-08-25 18:31 -------- d-----w- c:\programdata\McAfee Security Scan
2012-08-25 18:31 . 2012-08-25 18:31 -------- d-----w- c:\programdata\McAfee
2012-08-25 18:31 . 2012-08-29 18:31 -------- d-----w- c:\program files\McAfee Security Scan
2012-08-19 11:27 . 2012-08-19 11:27 -------- d-----w- c:\program files\Common Files\Java
2012-08-19 11:27 . 2012-09-13 22:35 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 22:35 . 2011-08-06 15:22 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-26 13:58 . 2012-06-07 08:23 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-26 13:58 . 2011-05-20 10:58 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-18 17:47 . 2012-08-15 17:01 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 19:23 . 2012-08-16 15:11 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:14 . 2012-08-15 17:01 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 17:01 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-27 05:53 . 2012-08-15 17:01 981504 ----a-w- c:\windows\system32\wininet.dll
2012-06-27 04:10 . 2012-08-15 17:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-07-29 10:52 . 2012-01-08 18:16 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"LiveUpdate"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-03-29 415920]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1024368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9177632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-13 1594664]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-24 2429]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-04-13 83240]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-06-24 2018032]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 795936]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\system32\SUPDSvc2.exe [x]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
R3 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [x]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [x]
R3 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 25857604
*NewlyCreated* - 86407300
*Deregistered* - 25857604
*Deregistered* - 86407300
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 13:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\w4o5j7xp.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE - c:\progra~1\DIFX\7F01D4C0B2897E27\DPInst.exe
AddRemove-B5C82F3814F82FB37F1513B3185399BD88892B08 - c:\progra~1\DIFX\7F01D4C0B2897E27\DPInst.exe
AddRemove-BF20603967CFDCB2BBF91950E8A56DFBC5C833FE - c:\progra~1\DIFX\7F01D4C0B2897E27\DPInst.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3367599154-1114224893-2574791284-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3367599154-1114224893-2574791284-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-17 16:56:42
ComboFix-quarantined-files.txt 2012-09-17 14:56
.
Vor Suchlauf: 1.672.663.040 Bytes frei
Nach Suchlauf: 1.575.870.464 Bytes frei
.
- - End Of File - - CC09E089EED99A03CC3395B51E01F45E
hoffe doch, dass alles richtig geworden ist und alles 'gut' aussieht. gab nach dem Hinweis "...Die Scanzeit...verdoppeln." zwischendurch die Meldung: "R6025 -pure virtual function call" Lief aber problemlos bis zum Schluß. Programme laufen auch ohne Probleme. gruß kkjoky |
|
17.09.2012, 20:25
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Phex.THAGen9 - eeePC - Win7 Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.09.2012, 06:35
| #27 |
| | Trojan.Phex.THAGen9 - eeePC - Win7 Puuhh, vor allem GMER hat ganz schön lange gedauert. Hoffe, dass ich alles korrekt durchgeführt habe. Es gab jedenfalls keine Fehlermeldungen oder 'Holper' in der Durchführung. Hier nun die Log-Files. GMER: [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-18 01:07:52
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0002
Running: wqf9mfn3.exe; Driver: C:\Users\***~1\AppData\Local\Temp\uxdiyuoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81E8F3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EC8D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\***~1\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtClose 775754C8 5 Bytes JMP 5C02FFC0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtCreateFile 775755C8 5 Bytes JMP 5C02EC96 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtCreateKey 77575608 5 Bytes JMP 5C02B6DC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtDeleteFile 77575808 5 Bytes JMP 5C02EAB3 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtDeleteKey 77575818 5 Bytes JMP 5C02AF5D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtDeleteValueKey 77575848 5 Bytes JMP 5C02B220 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtDuplicateObject 77575898 5 Bytes JMP 5C030096 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtEnumerateKey 775758E8 5 Bytes JMP 5C02B001 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtEnumerateValueKey 77575918 5 Bytes JMP 5C02B17A C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtFlushKey 77575988 5 Bytes JMP 5C02AFAF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtNotifyChangeKey 77575C68 5 Bytes JMP 5C02B2CE C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtNotifyChangeMultipleKeys 77575C78 5 Bytes JMP 5C02B35C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtOpenFile 77575CD8 5 Bytes JMP 5C02EE21 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtOpenKey 77575D08 5 Bytes JMP 5C02B5ED C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtOpenKeyEx 77575D18 5 Bytes JMP 5C02B660 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryAttributesFile 77575F38 5 Bytes JMP 5C02EB1E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryDirectoryFile 77575F98 5 Bytes JMP 5C02D81E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryFullAttributesFile 77575FE8 5 Bytes JMP 5C02EB8E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryKey 775760E8 5 Bytes JMP 5C02B054 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryMultipleValueKey 77576108 5 Bytes JMP 5C02B27B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryObject 77576128 5 Bytes JMP 5C0300EC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQuerySecurityObject 775761A8 5 Bytes JMP 5C030030 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtQueryValueKey 77576248 5 Bytes JMP 5C02B127 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtRenameKey 775763C8 5 Bytes JMP 5C02B751 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtSetInformationFile 77576638 5 Bytes JMP 5C02EBFE C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtSetInformationKey 77576658 5 Bytes JMP 5C02B0BA C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtSetSecurityObject 77576758 5 Bytes JMP 5C030149 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ntdll.dll!NtSetValueKey 77576808 5 Bytes JMP 5C02B1CD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!CreateProcessW 7767204D 5 Bytes JMP 5C008C27 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!CreateProcessA 77672082 5 Bytes JMP 5C008D65 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!CreateProcessAsUserW 776A59AF 5 Bytes JMP 5C008F9B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!SetDllDirectoryW 776FD773 5 Bytes JMP 5C00977C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!SetDllDirectoryA 776FD81C 5 Bytes JMP 5C009AAF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!WinExec 776FEDB2 5 Bytes JMP 5C00931E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!AllocConsole 7771C67D 5 Bytes JMP 5C031210 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] kernel32.dll!AttachConsole 7771C74B 5 Bytes JMP 5C031222 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] USER32.dll!CreateWindowExA 762FBF40 5 Bytes JMP 5C0311E0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] USER32.dll!CreateWindowExW 762FEC7C 5 Bytes JMP 5C0311F8 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] GDI32.dll!AddFontResourceW 75A8EC13 5 Bytes JMP 5C016800 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] GDI32.dll!AddFontResourceA 75A8EFA7 5 Bytes JMP 5C0167E4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!EnumDependentServicesW 75FF1E3A 7 Bytes JMP 5C01956C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!EnumServicesStatusExW 75FFB466 7 Bytes JMP 5C01A48D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!GetServiceKeyNameW 760178FF 7 Bytes JMP 5C019C13 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!GetServiceDisplayNameW 760179BB 7 Bytes JMP 5C019DC4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!EnumServicesStatusExA 7601A3E2 7 Bytes JMP 5C01A553 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!CreateProcessAsUserA 76032538 5 Bytes JMP 5C0090DD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!GetServiceKeyNameA 76051B94 7 Bytes JMP 5C019CCB C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!GetServiceDisplayNameA 76051C31 7 Bytes JMP 5C019E7C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!EnumServicesStatusA 76052021 7 Bytes JMP 5C01A3CF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!EnumDependentServicesA 76052104 7 Bytes JMP 5C019623 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ADVAPI32.dll!EnumServicesStatusW 76052221 5 Bytes JMP 5C01A311 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoRegisterPSClsid 75E9C56E 5 Bytes JMP 5C01FFF5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoResumeClassObjects + 7 75E9EA09 7 Bytes JMP 5C0205C6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!OleRun 75EA07DE 5 Bytes JMP 5C020481 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoRegisterClassObject 75EA21E1 5 Bytes JMP 5C0210F6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!OleUninitialize 75EAEBA1 6 Bytes JMP 5C0203A0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!OleInitialize 75EAEFD7 5 Bytes JMP 5C020330 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoGetPSClsid 75EB26B9 5 Bytes JMP 5C02016D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoGetClassObject 75EC54AD 5 Bytes JMP 5C021684 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoInitializeEx 75ED09AD 5 Bytes JMP 5C0201E0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoUninitialize 75ED86D3 5 Bytes JMP 5C020262 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoCreateInstance 75ED9D0B 5 Bytes JMP 5C022952 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoCreateInstanceEx 75ED9D4E 5 Bytes JMP 5C020A8D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoSuspendClassObjects + 7 75EFBB09 7 Bytes JMP 5C0204F1 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoRevokeClassObject 75F1EACF 5 Bytes JMP 5C01FA52 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!CoGetInstanceFromFile 75F5340B 5 Bytes JMP 5C021B44 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[3840] ole32.dll!OleRegEnumFormatEtc 75F9CFD9 5 Bytes JMP 5C02040B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\windows\System32\rundll32.exe[684] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\windows\System32\rundll32.exe[684] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\windows\System32\rundll32.exe[684] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\windows\System32\rundll32.exe[684] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2564] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2564] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2564] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2564] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2564] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2564] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [755BFFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6048c8d
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6048c8d (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=8D01C00 CLICK & LEARN DiDi 360\xb0\ComponentInstall.exe 1
---- EOF - GMER 1.0.15 ----
und jetzt OSAM: Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 01:39:35
-----------------------------
01:39:35.701 OS Version: Windows 6.1.7601 Service Pack 1
01:39:35.701 Number of processors: 2 586 0x1C0A
01:39:35.716 ComputerName: ***-PC UserName: ***
01:39:44.452 Initialize success
01:42:29.363 AVAST engine defs: 12091400
01:42:46.586 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:42:46.586 Disk 0 Vendor: ST916031 0002 Size: 152627MB BusType: 3
01:42:46.742 Disk 0 MBR read successfully
01:42:46.757 Disk 0 MBR scan
01:42:46.882 Disk 0 Windows 7 default MBR code
01:42:46.960 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81921 MB offset 2048
01:42:47.069 Disk 0 Partition 2 00 1B Hidd FAT32 MSDOS5.0 15360 MB offset 167776256
01:42:47.100 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 55325 MB offset 199233536
01:42:47.210 Disk 0 Partition 4 00 EF EFI FAT 20 MB offset 312539136
01:42:47.303 Disk 0 scanning sectors +312581808
01:42:47.771 Disk 0 scanning C:\windows\system32\drivers
01:44:40.234 Service scanning
01:45:30.604 Modules scanning
01:48:22.251 Disk 0 trace - called modules:
01:48:22.361 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
01:48:22.376 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c62030]
01:48:22.392 3 CLASSPNP.SYS[86b9059e] -> nt!IofCallDriver -> [0x8426f388]
01:48:22.407 5 ACPI.sys[864bb3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83e5b028]
01:48:23.156 AVAST engine scan C:\windows
01:49:24.386 AVAST engine scan C:\windows\system32
02:28:10.673 AVAST engine scan C:\windows\system32\drivers
02:33:01.450 AVAST engine scan C:\Users\***
04:06:41.722 AVAST engine scan C:\ProgramData
04:16:36.848 Scan finished successfully
07:20:10.395 Disk 0 MBR has been saved successfully to "C:\trojaner\MBR.dat"
07:20:10.582 The log file has been saved successfully to "C:\trojaner\aswMBR 2012-09-18.txt"
und?? Stimmt alles? Ich hoffe es? Nachtrag: Startet normal und ohne Fehler. Keine Unregelmäßigkeiten, leere Ordner o.ä. zu finden. Gruß und Danke kkjoky Geändert von kkjoky (18.09.2012 um 06:42 Uhr) Grund: Startverhalten |
|
19.09.2012, 11:16
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Phex.THAGen9 - eeePC - Win7 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2012, 20:21
| #29 |
| | Trojan.Phex.THAGen9 - eeePC - Win7 Hier kommen sie, die beiden Scan-Logs. Malware ist hier: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.19.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 *** :: ***-PC [Administrator] 19.09.2012 14:53:18 mbam-log-2012-09-19 (14-53-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 382273 Laufzeit: 2 Stunde(n), 7 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/19/2012 at 09:01 PM
Application Version : 5.5.1016
Core Rules Database Version : 9252
Trace Rules Database Version: 7064
Scan type : Complete Scan
Total Scan Time : 02:54:07
Operating System Information
Windows 7 Starter 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 774
Memory threats detected : 0
Registry items scanned : 33990
Registry threats detected : 0
File items scanned : 159477
File threats detected : 50
Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[2].txt [ /content.yieldmanager ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[4].txt [ /content.yieldmanager ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[1].txt [ /tradedoubler ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zbox.zanox[1].txt [ /zbox.zanox ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\11PYC73U.txt [ /tradedoubler.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1BVVGULN.txt [ /ads.creative-serving.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\TXZSCROH.txt [ /ad.ad-srv.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\HJ18AUOL.txt [ /ad.yieldmanager.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\SYJA2QEG.txt [ /atdmt.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\H0E9R5BD.txt [ /apmebf.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\IGMJTZ57.txt [ /adfarm1.adition.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\T2S7I35J.txt [ /webmasterplan.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WSWT1Z1J.txt [ /serving-sys.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\13VM8B6T.txt [ /invitemedia.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\7EQ133AI.txt [ /ad3.adfarm1.adition.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\U180J257.txt [ /doubleclick.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\293BAPQF.txt [ /fastclick.net ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\2C53EH54.txt [ /eyewonder.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\GU043UMW.txt [ /ad2.adfarm1.adition.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\WGUYHSSA.txt [ /dyntracker.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\ZSJ6JUYC.txt [ /c.atdmt.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\IU4BRWPL.txt [ /imrworldwide.com ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\J84IXXM5.txt [ /revsci.net ]
C:\USERS\***\Cookies\11PYC73U.txt [ Cookie:***@tradedoubler.com/ ]
C:\USERS\***\Cookies\HJ18AUOL.txt [ Cookie:***@ad.yieldmanager.com/ ]
C:\USERS\***\Cookies\H0E9R5BD.txt [ Cookie:***@apmebf.com/ ]
C:\USERS\***\Cookies\IGMJTZ57.txt [ Cookie:***@adfarm1.adition.com/ ]
C:\USERS\***\Cookies\***@ad.yieldmanager[1].txt [ Cookie:***@ad.yieldmanager.com/ ]
C:\USERS\***\Cookies\13VM8B6T.txt [ Cookie:***@invitemedia.com/ ]
C:\USERS\***\Cookies\7EQ133AI.txt [ Cookie:***@ad3.adfarm1.adition.com/ ]
C:\USERS\***\Cookies\U180J257.txt [ Cookie:***@doubleclick.net/ ]
C:\USERS\***\Cookies\293BAPQF.txt [ Cookie:***@fastclick.net/ ]
C:\USERS\***\Cookies\GU043UMW.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]
C:\USERS\***\Cookies\WGUYHSSA.txt [ Cookie:***@dyntracker.com/ ]
C:\USERS\***\Cookies\ZSJ6JUYC.txt [ Cookie:***@c.atdmt.com/ ]
C:\USERS\***\Cookies\J84IXXM5.txt [ Cookie:***@revsci.net/ ]
.apmebf.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W4O5J7XP.DEFAULT\COOKIES.SQLITE ]
Danke für den Tipp wie es weitergeht, Cosinus. Gruß und  kkjoky |
|
20.09.2012, 11:22
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Phex.THAGen9 - eeePC - Win7 Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan.Phex.THAGen9 - eeePC - Win7 |
| abgesicherten, administrator, adobe, adobe flash player, anti-malware, autostart, bho, bingbar, bonjour, bundestrojaner, bundestrojaner eingefangen, code, converter, dateien, defender, download, eeepc, eset-online, explorer, file, firefox, flash player, folge, format, google, helper, icq, index, kurze, logfile, malwarebytes, microsoft, mozilla, mp3, plug-in, quarantäne, registry, registry value, scan, scanner, security, service, software, speicher, starten, trojan.phex.thagen, version, win, win7, word starter |
Linear-Darstellung
