| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PolizeitrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.10.2012, 19:37
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Polizeitrojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.10.2012, 10:23
| #17 |
 | Polizeitrojaner Hallo cosinius - war im Urlaub, drum die Verzögerung. Hier ist das Ergebnis vom TDSS-Killer und schöne Grüße:
__________________Code:
ATTFilter 11:12:03.0982 1644 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:12:04.0231 1644 ============================================================
11:12:04.0231 1644 Current date / time: 2012/10/21 11:12:04.0231
11:12:04.0231 1644 SystemInfo:
11:12:04.0231 1644
11:12:04.0231 1644 OS Version: 6.1.7601 ServicePack: 1.0
11:12:04.0231 1644 Product type: Workstation
11:12:04.0231 1644 ComputerName: xxxx-PC
11:12:04.0231 1644 UserName: xxxx
11:12:04.0231 1644 Windows directory: C:\Windows
11:12:04.0231 1644 System windows directory: C:\Windows
11:12:04.0231 1644 Running under WOW64
11:12:04.0231 1644 Processor architecture: Intel x64
11:12:04.0231 1644 Number of processors: 4
11:12:04.0231 1644 Page size: 0x1000
11:12:04.0231 1644 Boot type: Normal boot
11:12:04.0231 1644 ============================================================
11:12:04.0809 1644 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:12:04.0824 1644 ============================================================
11:12:04.0824 1644 \Device\Harddisk0\DR0:
11:12:04.0824 1644 MBR partitions:
11:12:04.0824 1644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:12:04.0824 1644 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E0D3800
11:12:04.0824 1644 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6E106000, BlocksNum 0x6400000
11:12:04.0824 1644 ============================================================
11:12:04.0855 1644 C: <-> \Device\Harddisk0\DR0\Partition2
11:12:04.0887 1644 D: <-> \Device\Harddisk0\DR0\Partition3
11:12:04.0887 1644 ============================================================
11:12:04.0887 1644 Initialize success
11:12:04.0887 1644 ============================================================
11:12:25.0619 3236 ============================================================
11:12:25.0619 3236 Scan started
11:12:25.0619 3236 Mode: Manual; SigCheck; TDLFS;
11:12:25.0619 3236 ============================================================
11:12:26.0274 3236 ================ Scan system memory ========================
11:12:26.0274 3236 System memory - ok
11:12:26.0274 3236 ================ Scan services =============================
11:12:26.0399 3236 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:12:26.0540 3236 1394ohci - ok
11:12:26.0571 3236 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:12:26.0586 3236 ACPI - ok
11:12:26.0618 3236 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:12:26.0696 3236 AcpiPmi - ok
11:12:26.0805 3236 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:12:26.0820 3236 AdobeARMservice - ok
11:12:26.0914 3236 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:12:26.0945 3236 AdobeFlashPlayerUpdateSvc - ok
11:12:26.0976 3236 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:12:26.0992 3236 adp94xx - ok
11:12:27.0023 3236 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:12:27.0039 3236 adpahci - ok
11:12:27.0070 3236 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:12:27.0070 3236 adpu320 - ok
11:12:27.0101 3236 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:12:27.0210 3236 AeLookupSvc - ok
11:12:27.0242 3236 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:12:27.0304 3236 AFD - ok
11:12:27.0351 3236 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:12:27.0382 3236 agp440 - ok
11:12:27.0382 3236 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:12:27.0413 3236 ALG - ok
11:12:27.0444 3236 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:12:27.0444 3236 aliide - ok
11:12:27.0491 3236 [ 3349F39F53993CEE03A6EDCC1F7B8242 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:12:27.0569 3236 AMD External Events Utility - ok
11:12:27.0647 3236 AMD FUEL Service - ok
11:12:27.0678 3236 [ F1A84D67A03F7536EBDA9DB426EF0E00 ] amdhub30 C:\Windows\system32\drivers\amdhub30.sys
11:12:27.0710 3236 amdhub30 - ok
11:12:27.0756 3236 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:12:27.0788 3236 amdide - ok
11:12:27.0819 3236 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\drivers\amdiox64.sys
11:12:27.0819 3236 amdiox64 - ok
11:12:27.0850 3236 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:12:27.0897 3236 AmdK8 - ok
11:12:28.0084 3236 [ 579B3E8C7B599815A4E615FD21E651F0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:12:28.0349 3236 amdkmdag - ok
11:12:28.0380 3236 [ 77E54953A21E9E7CC316006E3DBAA7B9 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:12:28.0412 3236 amdkmdap - ok
11:12:28.0427 3236 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:12:28.0474 3236 AmdPPM - ok
11:12:28.0521 3236 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:12:28.0536 3236 amdsata - ok
11:12:28.0568 3236 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:12:28.0583 3236 amdsbs - ok
11:12:28.0599 3236 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:12:28.0614 3236 amdxata - ok
11:12:28.0646 3236 [ D8C25FF90E2E8FC7CBE26E2203EC4757 ] amdxhc C:\Windows\system32\drivers\amdxhc.sys
11:12:28.0661 3236 amdxhc - ok
11:12:28.0677 3236 [ BB4FE7889DB9CBBE61A308E99697F53C ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
11:12:28.0692 3236 amd_sata - ok
11:12:28.0708 3236 [ 5631CBA53F1CBEA3F9E88348E6723391 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
11:12:28.0724 3236 amd_xata - ok
11:12:28.0770 3236 [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
11:12:28.0817 3236 AntiVirMailService - ok
11:12:28.0864 3236 [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:12:28.0880 3236 AntiVirSchedulerService - ok
11:12:28.0911 3236 [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:12:28.0926 3236 AntiVirService - ok
11:12:28.0958 3236 [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
11:12:28.0973 3236 AntiVirWebService - ok
11:12:29.0020 3236 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:12:29.0192 3236 AppID - ok
11:12:29.0207 3236 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:12:29.0285 3236 AppIDSvc - ok
11:12:29.0316 3236 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:12:29.0363 3236 Appinfo - ok
11:12:29.0394 3236 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:12:29.0410 3236 arc - ok
11:12:29.0441 3236 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:12:29.0441 3236 arcsas - ok
11:12:29.0472 3236 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:12:29.0519 3236 AsyncMac - ok
11:12:29.0550 3236 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:12:29.0566 3236 atapi - ok
11:12:29.0613 3236 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:12:29.0628 3236 AtiHDAudioService - ok
11:12:29.0660 3236 [ 4AEF9EC86818375495FB78CA58DF4E18 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
11:12:29.0691 3236 atksgt ( UnsignedFile.Multi.Generic ) - warning
11:12:29.0691 3236 atksgt - detected UnsignedFile.Multi.Generic (1)
11:12:29.0722 3236 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:12:29.0784 3236 AudioEndpointBuilder - ok
11:12:29.0800 3236 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:12:29.0831 3236 AudioSrv - ok
11:12:29.0894 3236 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:12:29.0909 3236 avgntflt - ok
11:12:29.0925 3236 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:12:29.0940 3236 avipbb - ok
11:12:29.0956 3236 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:12:29.0972 3236 avkmgr - ok
11:12:29.0987 3236 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:12:30.0065 3236 AxInstSV - ok
11:12:30.0112 3236 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:12:30.0143 3236 b06bdrv - ok
11:12:30.0174 3236 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:12:30.0206 3236 b57nd60a - ok
11:12:30.0237 3236 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:12:30.0268 3236 BDESVC - ok
11:12:30.0299 3236 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:12:30.0362 3236 Beep - ok
11:12:30.0393 3236 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:12:30.0440 3236 BFE - ok
11:12:30.0486 3236 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:12:30.0533 3236 BITS - ok
11:12:30.0564 3236 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:12:30.0596 3236 blbdrive - ok
11:12:30.0611 3236 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:12:30.0658 3236 bowser - ok
11:12:30.0689 3236 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:12:30.0720 3236 BrFiltLo - ok
11:12:30.0752 3236 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:12:30.0783 3236 BrFiltUp - ok
11:12:30.0814 3236 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:12:30.0861 3236 Browser - ok
11:12:30.0908 3236 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:12:30.0954 3236 Brserid - ok
11:12:30.0970 3236 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:12:31.0017 3236 BrSerWdm - ok
11:12:31.0048 3236 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:12:31.0095 3236 BrUsbMdm - ok
11:12:31.0110 3236 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:12:31.0157 3236 BrUsbSer - ok
11:12:31.0188 3236 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:12:31.0235 3236 BTHMODEM - ok
11:12:31.0282 3236 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:12:31.0344 3236 bthserv - ok
11:12:31.0376 3236 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:12:31.0422 3236 cdfs - ok
11:12:31.0438 3236 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:12:31.0469 3236 cdrom - ok
11:12:31.0485 3236 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:12:31.0563 3236 CertPropSvc - ok
11:12:31.0594 3236 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:12:31.0625 3236 circlass - ok
11:12:31.0656 3236 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:12:31.0672 3236 CLFS - ok
11:12:31.0719 3236 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:12:31.0719 3236 clr_optimization_v2.0.50727_32 - ok
11:12:31.0766 3236 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:12:31.0797 3236 clr_optimization_v2.0.50727_64 - ok
11:12:31.0859 3236 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:12:31.0890 3236 clr_optimization_v4.0.30319_32 - ok
11:12:31.0922 3236 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:12:31.0937 3236 clr_optimization_v4.0.30319_64 - ok
11:12:31.0953 3236 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:12:32.0000 3236 CmBatt - ok
11:12:32.0031 3236 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:12:32.0062 3236 cmdide - ok
11:12:32.0078 3236 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:12:32.0109 3236 CNG - ok
11:12:32.0124 3236 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:12:32.0140 3236 Compbatt - ok
11:12:32.0156 3236 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:12:32.0202 3236 CompositeBus - ok
11:12:32.0218 3236 COMSysApp - ok
11:12:32.0234 3236 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:12:32.0249 3236 crcdisk - ok
11:12:32.0280 3236 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:12:32.0343 3236 CryptSvc - ok
11:12:32.0436 3236 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:12:32.0499 3236 cvhsvc - ok
11:12:32.0530 3236 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:12:32.0608 3236 DcomLaunch - ok
11:12:32.0639 3236 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:12:32.0686 3236 defragsvc - ok
11:12:32.0702 3236 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:12:32.0748 3236 DfsC - ok
11:12:32.0780 3236 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:12:32.0811 3236 Dhcp - ok
11:12:32.0842 3236 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:12:32.0920 3236 discache - ok
11:12:32.0951 3236 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:12:32.0967 3236 Disk - ok
11:12:32.0998 3236 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:12:33.0045 3236 Dnscache - ok
11:12:33.0076 3236 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:12:33.0154 3236 dot3svc - ok
11:12:33.0185 3236 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:12:33.0232 3236 DPS - ok
11:12:33.0279 3236 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:12:33.0341 3236 drmkaud - ok
11:12:33.0372 3236 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:12:33.0419 3236 DXGKrnl - ok
11:12:33.0435 3236 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:12:33.0466 3236 EapHost - ok
11:12:33.0528 3236 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:12:33.0622 3236 ebdrv - ok
11:12:33.0653 3236 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:12:33.0684 3236 EFS - ok
11:12:33.0731 3236 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:12:33.0778 3236 ehRecvr - ok
11:12:33.0794 3236 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:12:33.0825 3236 ehSched - ok
11:12:33.0856 3236 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:12:33.0887 3236 elxstor - ok
11:12:33.0887 3236 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:12:33.0918 3236 ErrDev - ok
11:12:33.0950 3236 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:12:33.0996 3236 EventSystem - ok
11:12:34.0012 3236 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:12:34.0059 3236 exfat - ok
11:12:34.0090 3236 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:12:34.0199 3236 fastfat - ok
11:12:34.0262 3236 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:12:34.0308 3236 Fax - ok
11:12:34.0340 3236 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:12:34.0371 3236 fdc - ok
11:12:34.0402 3236 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:12:34.0433 3236 fdPHost - ok
11:12:34.0464 3236 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:12:34.0511 3236 FDResPub - ok
11:12:34.0527 3236 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:12:34.0542 3236 FileInfo - ok
11:12:34.0542 3236 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:12:34.0589 3236 Filetrace - ok
11:12:34.0620 3236 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:12:34.0636 3236 flpydisk - ok
11:12:34.0667 3236 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:12:34.0683 3236 FltMgr - ok
11:12:34.0714 3236 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:12:34.0761 3236 FontCache - ok
11:12:34.0808 3236 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:12:34.0808 3236 FontCache3.0.0.0 - ok
11:12:34.0823 3236 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:12:34.0839 3236 FsDepends - ok
11:12:34.0854 3236 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:12:34.0870 3236 Fs_Rec - ok
11:12:34.0886 3236 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:12:34.0901 3236 fvevol - ok
11:12:34.0932 3236 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:12:34.0948 3236 gagp30kx - ok
11:12:34.0964 3236 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:12:35.0010 3236 gpsvc - ok
11:12:35.0073 3236 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:12:35.0088 3236 gupdate - ok
11:12:35.0104 3236 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:12:35.0120 3236 gupdatem - ok
11:12:35.0151 3236 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:12:35.0166 3236 gusvc - ok
11:12:35.0198 3236 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
11:12:35.0198 3236 hamachi - ok
11:12:35.0291 3236 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
11:12:35.0369 3236 Hamachi2Svc - ok
11:12:35.0385 3236 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:12:35.0416 3236 hcw85cir - ok
11:12:35.0447 3236 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:12:35.0478 3236 HdAudAddService - ok
11:12:35.0510 3236 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:12:35.0541 3236 HDAudBus - ok
11:12:35.0556 3236 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:12:35.0588 3236 HidBatt - ok
11:12:35.0619 3236 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:12:35.0666 3236 HidBth - ok
11:12:35.0681 3236 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:12:35.0697 3236 HidIr - ok
11:12:35.0728 3236 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:12:35.0790 3236 hidserv - ok
11:12:35.0806 3236 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:12:35.0837 3236 HidUsb - ok
11:12:35.0853 3236 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:12:35.0900 3236 hkmsvc - ok
11:12:35.0931 3236 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:12:35.0946 3236 HomeGroupListener - ok
11:12:35.0978 3236 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:12:36.0009 3236 HomeGroupProvider - ok
11:12:36.0024 3236 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:12:36.0040 3236 HpSAMD - ok
11:12:36.0071 3236 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:12:36.0118 3236 HTTP - ok
11:12:36.0134 3236 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:12:36.0149 3236 hwpolicy - ok
11:12:36.0180 3236 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:12:36.0196 3236 i8042prt - ok
11:12:36.0212 3236 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:12:36.0227 3236 iaStorV - ok
11:12:36.0274 3236 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:12:36.0290 3236 idsvc - ok
11:12:36.0414 3236 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:12:36.0602 3236 igfx - ok
11:12:36.0633 3236 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:12:36.0648 3236 iirsp - ok
11:12:36.0680 3236 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:12:36.0726 3236 IKEEXT - ok
11:12:36.0867 3236 [ CB7DADEF3D83FE2C12655A0BDCBA99F2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:12:36.0945 3236 IntcAzAudAddService - ok
11:12:36.0960 3236 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:12:36.0976 3236 intelide - ok
11:12:36.0992 3236 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:12:37.0023 3236 intelppm - ok
11:12:37.0038 3236 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:12:37.0116 3236 IPBusEnum - ok
11:12:37.0132 3236 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:12:37.0179 3236 IpFilterDriver - ok
11:12:37.0194 3236 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:12:37.0241 3236 iphlpsvc - ok
11:12:37.0272 3236 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:12:37.0319 3236 IPMIDRV - ok
11:12:37.0335 3236 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:12:37.0397 3236 IPNAT - ok
11:12:37.0413 3236 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:12:37.0444 3236 IRENUM - ok
11:12:37.0475 3236 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:12:37.0491 3236 isapnp - ok
11:12:37.0506 3236 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:12:37.0522 3236 iScsiPrt - ok
11:12:37.0538 3236 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:12:37.0553 3236 kbdclass - ok
11:12:37.0584 3236 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:12:37.0600 3236 kbdhid - ok
11:12:37.0631 3236 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:12:37.0631 3236 KeyIso - ok
11:12:37.0662 3236 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:12:37.0678 3236 KSecDD - ok
11:12:37.0694 3236 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:12:37.0694 3236 KSecPkg - ok
11:12:37.0709 3236 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:12:37.0756 3236 ksthunk - ok
11:12:37.0787 3236 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:12:37.0850 3236 KtmRm - ok
11:12:37.0865 3236 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:12:37.0928 3236 LanmanServer - ok
11:12:37.0959 3236 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:12:38.0037 3236 LanmanWorkstation - ok
11:12:38.0084 3236 [ B658B7076B1ACAA5876524595630F183 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
11:12:38.0099 3236 lirsgt ( UnsignedFile.Multi.Generic ) - warning
11:12:38.0099 3236 lirsgt - detected UnsignedFile.Multi.Generic (1)
11:12:38.0115 3236 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:12:38.0162 3236 lltdio - ok
11:12:38.0193 3236 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:12:38.0240 3236 lltdsvc - ok
11:12:38.0271 3236 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:12:38.0318 3236 lmhosts - ok
11:12:38.0333 3236 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:12:38.0349 3236 LSI_FC - ok
11:12:38.0364 3236 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:12:38.0380 3236 LSI_SAS - ok
11:12:38.0411 3236 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:12:38.0411 3236 LSI_SAS2 - ok
11:12:38.0427 3236 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:12:38.0442 3236 LSI_SCSI - ok
11:12:38.0474 3236 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:12:38.0505 3236 luafv - ok
11:12:38.0552 3236 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:12:38.0583 3236 MBAMProtector - ok
11:12:38.0614 3236 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:12:38.0661 3236 MBAMScheduler - ok
11:12:38.0676 3236 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:12:38.0692 3236 MBAMService - ok
11:12:38.0708 3236 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:12:38.0739 3236 Mcx2Svc - ok
11:12:38.0754 3236 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:12:38.0770 3236 megasas - ok
11:12:38.0786 3236 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:12:38.0786 3236 MegaSR - ok
11:12:38.0848 3236 [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
11:12:38.0864 3236 MemeoBackgroundService - ok
11:12:38.0879 3236 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:12:38.0973 3236 MMCSS - ok
11:12:38.0988 3236 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:12:39.0035 3236 Modem - ok
11:12:39.0066 3236 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:12:39.0113 3236 monitor - ok
11:12:39.0144 3236 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:12:39.0160 3236 mouclass - ok
11:12:39.0207 3236 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:12:39.0238 3236 mouhid - ok
11:12:39.0269 3236 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:12:39.0300 3236 mountmgr - ok
11:12:39.0316 3236 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:12:39.0332 3236 mpio - ok
11:12:39.0347 3236 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:12:39.0394 3236 mpsdrv - ok
11:12:39.0410 3236 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:12:39.0456 3236 MpsSvc - ok
11:12:39.0472 3236 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:12:39.0534 3236 MRxDAV - ok
11:12:39.0566 3236 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:12:39.0612 3236 mrxsmb - ok
11:12:39.0644 3236 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:12:39.0675 3236 mrxsmb10 - ok
11:12:39.0690 3236 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:12:39.0722 3236 mrxsmb20 - ok
11:12:39.0753 3236 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:12:39.0768 3236 msahci - ok
11:12:39.0800 3236 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:12:39.0815 3236 msdsm - ok
11:12:39.0831 3236 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:12:39.0862 3236 MSDTC - ok
11:12:39.0893 3236 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:12:39.0924 3236 Msfs - ok
11:12:39.0956 3236 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:12:39.0987 3236 mshidkmdf - ok
11:12:39.0987 3236 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:12:40.0002 3236 msisadrv - ok
11:12:40.0018 3236 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:12:40.0065 3236 MSiSCSI - ok
11:12:40.0065 3236 msiserver - ok
11:12:40.0096 3236 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:12:40.0127 3236 MSKSSRV - ok
11:12:40.0143 3236 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:12:40.0205 3236 MSPCLOCK - ok
11:12:40.0205 3236 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:12:40.0236 3236 MSPQM - ok
11:12:40.0268 3236 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:12:40.0283 3236 MsRPC - ok
11:12:40.0299 3236 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:12:40.0314 3236 mssmbios - ok
11:12:40.0314 3236 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:12:40.0361 3236 MSTEE - ok
11:12:40.0377 3236 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:12:40.0424 3236 MTConfig - ok
11:12:40.0455 3236 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:12:40.0470 3236 Mup - ok
11:12:40.0486 3236 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:12:40.0533 3236 napagent - ok
11:12:40.0548 3236 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:12:40.0595 3236 NativeWifiP - ok
11:12:40.0642 3236 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:12:40.0658 3236 NDIS - ok
11:12:40.0673 3236 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:12:40.0720 3236 NdisCap - ok
11:12:40.0736 3236 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:12:40.0782 3236 NdisTapi - ok
11:12:40.0814 3236 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:12:40.0876 3236 Ndisuio - ok
11:12:40.0892 3236 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:12:40.0938 3236 NdisWan - ok
11:12:40.0954 3236 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:12:41.0001 3236 NDProxy - ok
11:12:41.0016 3236 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:12:41.0063 3236 NetBIOS - ok
11:12:41.0079 3236 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:12:41.0126 3236 NetBT - ok
11:12:41.0141 3236 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:12:41.0157 3236 Netlogon - ok
11:12:41.0188 3236 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:12:41.0235 3236 Netman - ok
11:12:41.0250 3236 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:12:41.0297 3236 netprofm - ok
11:12:41.0313 3236 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:12:41.0328 3236 NetTcpPortSharing - ok
11:12:41.0360 3236 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:12:41.0375 3236 nfrd960 - ok
11:12:41.0391 3236 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:12:41.0438 3236 NlaSvc - ok
11:12:41.0469 3236 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:12:41.0500 3236 Npfs - ok
11:12:41.0516 3236 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:12:41.0562 3236 nsi - ok
11:12:41.0578 3236 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:12:41.0609 3236 nsiproxy - ok
11:12:41.0640 3236 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:12:41.0703 3236 Ntfs - ok
11:12:41.0703 3236 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:12:41.0734 3236 Null - ok
11:12:41.0765 3236 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
11:12:41.0828 3236 NVENETFD - ok
11:12:42.0077 3236 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:12:42.0420 3236 nvlddmkm - ok
11:12:42.0436 3236 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:12:42.0452 3236 nvraid - ok
11:12:42.0467 3236 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:12:42.0483 3236 nvstor - ok
11:12:42.0498 3236 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:12:42.0514 3236 nv_agp - ok
11:12:42.0514 3236 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:12:42.0545 3236 ohci1394 - ok
11:12:42.0576 3236 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:12:42.0576 3236 ose - ok
11:12:42.0717 3236 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:12:42.0888 3236 osppsvc - ok
11:12:42.0904 3236 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:12:42.0920 3236 p2pimsvc - ok
11:12:42.0951 3236 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:12:42.0966 3236 p2psvc - ok
11:12:42.0998 3236 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:12:43.0013 3236 Parport - ok
11:12:43.0029 3236 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:12:43.0044 3236 partmgr - ok
11:12:43.0060 3236 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:12:43.0091 3236 PcaSvc - ok
11:12:43.0107 3236 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:12:43.0122 3236 pci - ok
11:12:43.0138 3236 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:12:43.0138 3236 pciide - ok
11:12:43.0154 3236 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:12:43.0169 3236 pcmcia - ok
11:12:43.0200 3236 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:12:43.0216 3236 pcw - ok
11:12:43.0232 3236 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:12:43.0294 3236 PEAUTH - ok
11:12:43.0341 3236 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:12:43.0372 3236 PerfHost - ok
11:12:43.0419 3236 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:12:43.0497 3236 pla - ok
11:12:43.0544 3236 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:12:43.0606 3236 PlugPlay - ok
11:12:43.0622 3236 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:12:43.0653 3236 PNRPAutoReg - ok
11:12:43.0668 3236 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:12:43.0684 3236 PNRPsvc - ok
11:12:43.0731 3236 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:12:43.0778 3236 PolicyAgent - ok
11:12:43.0809 3236 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:12:43.0871 3236 Power - ok
11:12:43.0887 3236 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:12:43.0934 3236 PptpMiniport - ok
11:12:43.0965 3236 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:12:43.0996 3236 Processor - ok
11:12:44.0012 3236 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:12:44.0043 3236 ProfSvc - ok
11:12:44.0074 3236 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:12:44.0074 3236 ProtectedStorage - ok
11:12:44.0105 3236 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:12:44.0136 3236 Psched - ok
11:12:44.0168 3236 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:12:44.0199 3236 PSI_SVC_2 - ok
11:12:44.0277 3236 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:12:44.0339 3236 ql2300 - ok
11:12:44.0355 3236 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:12:44.0370 3236 ql40xx - ok
11:12:44.0386 3236 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:12:44.0402 3236 QWAVE - ok
11:12:44.0433 3236 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:12:44.0480 3236 QWAVEdrv - ok
11:12:44.0542 3236 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
11:12:44.0573 3236 RapiMgr - ok
11:12:44.0604 3236 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:12:44.0682 3236 RasAcd - ok
11:12:44.0714 3236 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:12:44.0745 3236 RasAgileVpn - ok
11:12:44.0760 3236 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:12:44.0807 3236 RasAuto - ok
11:12:44.0823 3236 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:12:44.0854 3236 Rasl2tp - ok
11:12:44.0885 3236 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:12:44.0916 3236 RasMan - ok
11:12:44.0932 3236 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:12:44.0979 3236 RasPppoe - ok
11:12:44.0994 3236 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:12:45.0041 3236 RasSstp - ok
11:12:45.0072 3236 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:12:45.0104 3236 rdbss - ok
11:12:45.0119 3236 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:12:45.0135 3236 rdpbus - ok
11:12:45.0166 3236 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:12:45.0228 3236 RDPCDD - ok
11:12:45.0260 3236 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:12:45.0306 3236 RDPENCDD - ok
11:12:45.0306 3236 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:12:45.0338 3236 RDPREFMP - ok
11:12:45.0384 3236 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:12:45.0431 3236 RDPWD - ok
11:12:45.0462 3236 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:12:45.0478 3236 rdyboost - ok
11:12:45.0509 3236 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:12:45.0556 3236 RemoteAccess - ok
11:12:45.0572 3236 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:12:45.0618 3236 RemoteRegistry - ok
11:12:45.0634 3236 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:12:45.0665 3236 RpcEptMapper - ok
11:12:45.0681 3236 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:12:45.0712 3236 RpcLocator - ok
11:12:45.0728 3236 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:12:45.0759 3236 RpcSs - ok
11:12:45.0759 3236 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:12:45.0821 3236 rspndr - ok
11:12:45.0852 3236 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:12:45.0868 3236 RTL8167 - ok
11:12:45.0946 3236 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
11:12:45.0977 3236 RTL8192su - ok
11:12:45.0993 3236 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:12:46.0008 3236 SamSs - ok
11:12:46.0008 3236 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:12:46.0024 3236 sbp2port - ok
11:12:46.0040 3236 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:12:46.0071 3236 SCardSvr - ok
11:12:46.0086 3236 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:12:46.0133 3236 scfilter - ok
11:12:46.0164 3236 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:12:46.0211 3236 Schedule - ok
11:12:46.0242 3236 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:12:46.0274 3236 SCPolicySvc - ok
11:12:46.0274 3236 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:12:46.0305 3236 SDRSVC - ok
11:12:46.0336 3236 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:12:46.0367 3236 secdrv - ok
11:12:46.0383 3236 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:12:46.0430 3236 seclogon - ok
11:12:46.0461 3236 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:12:46.0508 3236 SENS - ok
11:12:46.0523 3236 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:12:46.0539 3236 SensrSvc - ok
11:12:46.0570 3236 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
11:12:46.0601 3236 Serenum - ok
11:12:46.0632 3236 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
11:12:46.0664 3236 Serial - ok
11:12:46.0710 3236 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:12:46.0742 3236 sermouse - ok
11:12:46.0773 3236 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:12:46.0820 3236 SessionEnv - ok
11:12:46.0835 3236 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:12:46.0866 3236 sffdisk - ok
11:12:46.0898 3236 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:12:46.0929 3236 sffp_mmc - ok
11:12:46.0960 3236 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:12:46.0960 3236 sffp_sd - ok
11:12:46.0976 3236 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:12:47.0007 3236 sfloppy - ok
11:12:47.0054 3236 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
11:12:47.0085 3236 Sftfs - ok
11:12:47.0132 3236 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:12:47.0147 3236 sftlist - ok
11:12:47.0163 3236 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:12:47.0178 3236 Sftplay - ok
11:12:47.0178 3236 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:12:47.0194 3236 Sftredir - ok
11:12:47.0194 3236 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
11:12:47.0210 3236 Sftvol - ok
11:12:47.0225 3236 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:12:47.0225 3236 sftvsa - ok
11:12:47.0256 3236 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:12:47.0303 3236 SharedAccess - ok
11:12:47.0334 3236 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:12:47.0381 3236 ShellHWDetection - ok
11:12:47.0397 3236 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:12:47.0412 3236 SiSRaid2 - ok
11:12:47.0444 3236 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:12:47.0459 3236 SiSRaid4 - ok
11:12:47.0568 3236 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:12:47.0646 3236 Skype C2C Service - ok
11:12:47.0662 3236 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:12:47.0678 3236 SkypeUpdate - ok
11:12:47.0709 3236 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:12:47.0771 3236 Smb - ok
11:12:47.0802 3236 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:12:47.0818 3236 SNMPTRAP - ok
11:12:47.0834 3236 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:12:47.0849 3236 spldr - ok
11:12:47.0865 3236 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:12:47.0896 3236 Spooler - ok
11:12:47.0990 3236 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:12:48.0099 3236 sppsvc - ok
11:12:48.0114 3236 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:12:48.0161 3236 sppuinotify - ok
11:12:48.0208 3236 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:12:48.0255 3236 srv - ok
11:12:48.0286 3236 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:12:48.0333 3236 srv2 - ok
11:12:48.0364 3236 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:12:48.0395 3236 srvnet - ok
11:12:48.0411 3236 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:12:48.0473 3236 SSDPSRV - ok
11:12:48.0473 3236 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:12:48.0520 3236 SstpSvc - ok
11:12:48.0536 3236 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:12:48.0551 3236 stexstor - ok
11:12:48.0582 3236 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:12:48.0614 3236 stisvc - ok
11:12:48.0629 3236 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:12:48.0645 3236 swenum - ok
11:12:48.0660 3236 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:12:48.0692 3236 swprv - ok
11:12:48.0754 3236 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:12:48.0832 3236 SysMain - ok
11:12:48.0863 3236 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:12:48.0894 3236 TabletInputService - ok
11:12:48.0910 3236 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:12:48.0957 3236 TapiSrv - ok
11:12:48.0972 3236 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:12:49.0004 3236 TBS - ok
11:12:49.0050 3236 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:12:49.0097 3236 Tcpip - ok
11:12:49.0144 3236 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:12:49.0175 3236 TCPIP6 - ok
11:12:49.0191 3236 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:12:49.0238 3236 tcpipreg - ok
11:12:49.0253 3236 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:12:49.0284 3236 TDPIPE - ok
11:12:49.0300 3236 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:12:49.0316 3236 TDTCP - ok
11:12:49.0347 3236 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:12:49.0378 3236 tdx - ok
11:12:49.0409 3236 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:12:49.0409 3236 TermDD - ok
11:12:49.0440 3236 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:12:49.0487 3236 TermService - ok
11:12:49.0503 3236 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:12:49.0534 3236 Themes - ok
11:12:49.0565 3236 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:12:49.0596 3236 THREADORDER - ok
11:12:49.0612 3236 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:12:49.0659 3236 TrkWks - ok
11:12:49.0690 3236 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:12:49.0784 3236 TrustedInstaller - ok
11:12:49.0799 3236 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:12:49.0846 3236 tssecsrv - ok
11:12:49.0877 3236 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:12:49.0893 3236 TsUsbFlt - ok
11:12:49.0908 3236 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:12:49.0908 3236 TsUsbGD - ok
11:12:49.0940 3236 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:12:49.0986 3236 tunnel - ok
11:12:49.0986 3236 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:12:50.0002 3236 uagp35 - ok
11:12:50.0018 3236 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:12:50.0080 3236 udfs - ok
11:12:50.0111 3236 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:12:50.0142 3236 UI0Detect - ok
11:12:50.0158 3236 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:12:50.0174 3236 uliagpkx - ok
11:12:50.0205 3236 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:12:50.0220 3236 umbus - ok
11:12:50.0252 3236 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:12:50.0283 3236 UmPass - ok
11:12:50.0314 3236 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:12:50.0361 3236 upnphost - ok
11:12:50.0392 3236 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:12:50.0408 3236 usbccgp - ok
11:12:50.0439 3236 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:12:50.0501 3236 usbcir - ok
11:12:50.0532 3236 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:12:50.0579 3236 usbehci - ok
11:12:50.0610 3236 [ B7037444DC5138FC7D3D3968B4DE5C4B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
11:12:50.0626 3236 usbfilter - ok
11:12:50.0657 3236 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:12:50.0688 3236 usbhub - ok
11:12:50.0704 3236 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:12:50.0720 3236 usbohci - ok
11:12:50.0751 3236 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:12:50.0766 3236 usbprint - ok
11:12:50.0798 3236 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:12:50.0813 3236 usbscan - ok
11:12:50.0829 3236 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:12:50.0844 3236 USBSTOR - ok
11:12:50.0860 3236 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:12:50.0891 3236 usbuhci - ok
11:12:50.0922 3236 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:12:50.0969 3236 UxSms - ok
11:12:50.0969 3236 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:12:50.0985 3236 VaultSvc - ok
11:12:51.0000 3236 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:12:51.0032 3236 vdrvroot - ok
11:12:51.0047 3236 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:12:51.0110 3236 vds - ok
11:12:51.0125 3236 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:12:51.0141 3236 vga - ok
11:12:51.0156 3236 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:12:51.0188 3236 VgaSave - ok
11:12:51.0219 3236 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:12:51.0219 3236 vhdmp - ok
11:12:51.0250 3236 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:12:51.0250 3236 viaide - ok
11:12:51.0281 3236 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:12:51.0297 3236 volmgr - ok
11:12:51.0312 3236 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:12:51.0328 3236 volmgrx - ok
11:12:51.0344 3236 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:12:51.0359 3236 volsnap - ok
11:12:51.0375 3236 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:12:51.0390 3236 vsmraid - ok
11:12:51.0453 3236 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:12:51.0546 3236 VSS - ok
11:12:51.0578 3236 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:12:51.0609 3236 vwifibus - ok
11:12:51.0640 3236 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:12:51.0671 3236 vwififlt - ok
11:12:51.0702 3236 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:12:51.0749 3236 W32Time - ok
11:12:51.0765 3236 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:12:51.0780 3236 WacomPen - ok
11:12:51.0812 3236 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:12:51.0858 3236 WANARP - ok
11:12:51.0858 3236 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:12:51.0890 3236 Wanarpv6 - ok
11:12:51.0952 3236 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:12:52.0030 3236 WatAdminSvc - ok
11:12:52.0077 3236 [ 261A725F8ACEDDA695C7FFF6D6EDE6B5 ] watchmi C:\Program Files (x86)\watchmi\TvdService.exe
11:12:52.0108 3236 watchmi ( UnsignedFile.Multi.Generic ) - warning
11:12:52.0108 3236 watchmi - detected UnsignedFile.Multi.Generic (1)
11:12:52.0155 3236 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:12:52.0248 3236 wbengine - ok
11:12:52.0264 3236 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:12:52.0295 3236 WbioSrvc - ok
11:12:52.0326 3236 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
11:12:52.0373 3236 WcesComm - ok
11:12:52.0373 3236 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:12:52.0420 3236 wcncsvc - ok
11:12:52.0436 3236 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:12:52.0482 3236 WcsPlugInService - ok
11:12:52.0498 3236 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:12:52.0514 3236 Wd - ok
11:12:52.0560 3236 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:12:52.0576 3236 Wdf01000 - ok
11:12:52.0592 3236 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:12:52.0623 3236 WdiServiceHost - ok
11:12:52.0623 3236 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:12:52.0638 3236 WdiSystemHost - ok
11:12:52.0670 3236 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:12:52.0685 3236 WebClient - ok
11:12:52.0716 3236 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:12:52.0763 3236 Wecsvc - ok
11:12:52.0779 3236 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:12:52.0826 3236 wercplsupport - ok
11:12:52.0857 3236 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:12:52.0888 3236 WerSvc - ok
11:12:52.0904 3236 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:12:52.0935 3236 WfpLwf - ok
11:12:52.0950 3236 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:12:52.0950 3236 WIMMount - ok
11:12:52.0966 3236 WinDefend - ok
11:12:52.0982 3236 WinHttpAutoProxySvc - ok
11:12:53.0013 3236 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:12:53.0091 3236 Winmgmt - ok
11:12:53.0138 3236 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:12:53.0216 3236 WinRM - ok
11:12:53.0247 3236 [ FE88B288356E7B47B74B13372ADD906D ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS
11:12:53.0294 3236 WINUSB - ok
11:12:53.0325 3236 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:12:53.0372 3236 Wlansvc - ok
11:12:53.0434 3236 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:12:53.0434 3236 wlcrasvc - ok
11:12:53.0543 3236 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:12:53.0621 3236 wlidsvc - ok
11:12:53.0637 3236 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:12:53.0652 3236 WmiAcpi - ok
11:12:53.0668 3236 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:12:53.0699 3236 wmiApSrv - ok
11:12:53.0715 3236 WMPNetworkSvc - ok
11:12:53.0730 3236 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:12:53.0730 3236 WPCSvc - ok
11:12:53.0746 3236 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:12:53.0762 3236 WPDBusEnum - ok
11:12:53.0777 3236 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:12:53.0808 3236 ws2ifsl - ok
11:12:53.0824 3236 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:12:53.0840 3236 wscsvc - ok
11:12:53.0840 3236 WSearch - ok
11:12:53.0871 3236 [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
11:12:53.0886 3236 wsvd - ok
11:12:53.0918 3236 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:12:54.0011 3236 wuauserv - ok
11:12:54.0027 3236 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:12:54.0089 3236 WudfPf - ok
11:12:54.0136 3236 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:12:54.0214 3236 WUDFRd - ok
11:12:54.0230 3236 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:12:54.0261 3236 wudfsvc - ok
11:12:54.0276 3236 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:12:54.0292 3236 WwanSvc - ok
11:12:54.0323 3236 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
11:12:54.0370 3236 xusb21 - ok
11:12:54.0386 3236 ================ Scan global ===============================
11:12:54.0401 3236 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:12:54.0432 3236 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:12:54.0448 3236 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:12:54.0464 3236 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:12:54.0479 3236 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:12:54.0495 3236 [Global] - ok
11:12:54.0495 3236 ================ Scan MBR ==================================
11:12:54.0495 3236 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
11:12:57.0178 3236 \Device\Harddisk0\DR0 - ok
11:12:57.0178 3236 ================ Scan VBR ==================================
11:12:57.0194 3236 [ AD22454585C8B20832E592BB0BD6CF66 ] \Device\Harddisk0\DR0\Partition1
11:12:57.0194 3236 \Device\Harddisk0\DR0\Partition1 - ok
11:12:57.0225 3236 [ 4993626D5E885B3541AE4E9A7F708F20 ] \Device\Harddisk0\DR0\Partition2
11:12:57.0225 3236 \Device\Harddisk0\DR0\Partition2 - ok
11:12:57.0256 3236 [ 8A9F068D45CF78CC93224F17216DC2DE ] \Device\Harddisk0\DR0\Partition3
11:12:57.0256 3236 \Device\Harddisk0\DR0\Partition3 - ok
11:12:57.0256 3236 ============================================================
11:12:57.0256 3236 Scan finished
11:12:57.0256 3236 ============================================================
11:12:57.0272 2604 Detected object count: 3
11:12:57.0272 2604 Actual detected object count: 3
11:15:39.0980 2604 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:39.0980 2604 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:15:39.0980 2604 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:39.0980 2604 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:15:39.0980 2604 watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:39.0980 2604 watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.10.2012, 12:35
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizeitrojaner Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
26.10.2012, 17:20
| #19 |
| | Polizeitrojaner ... hie ist ComboFix.txt: Combofix Logfile: Code:
ATTFilter ComboFix 12-10-26.03 - xxxxx 26.10.2012 18:00:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3576.2092 [GMT 2:00]
ausgeführt von:: c:\users\xxxxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\A1
c:\program files (x86)\A1\A1 Breitband\A1Breitband.chm
c:\program files (x86)\A1\A1 Breitband\A1Breitband.exe
c:\program files (x86)\A1\A1 Breitband\Browser\FF_Setup.exe
c:\program files (x86)\A1\A1 Breitband\inifiles.dat
c:\program files (x86)\A1\A1 Breitband\ipworks6.dll
c:\program files (x86)\A1\A1 Breitband\M2Updater.exe
c:\program files (x86)\A1\A1 Breitband\Setup\Setup_A1Dashboard.exe
c:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm
c:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe
c:\program files (x86)\A1\A1 Servicecenter\Content\broadband.html
c:\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html
c:\program files (x86)\A1\A1 Servicecenter\Content\cd_more.html
c:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf
c:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_down.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_right.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\icon_warning.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_center.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_left.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_right.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_bl.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_br.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tl.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tr.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css
c:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js
c:\program files (x86)\A1\A1 Servicecenter\Content\index.html
c:\program files (x86)\A1\A1 Servicecenter\Content\more.html
c:\program files (x86)\A1\A1 Servicecenter\Content\wlan.html
c:\program files (x86)\A1\A1 Servicecenter\icudt42.dll
c:\program files (x86)\A1\A1 Servicecenter\libcef.dll
c:\program files (x86)\A1\A1 Servicecenter\M2Updater.exe
c:\program files (x86)\A1\A1 Servicecenter\reqdata.cfg
c:\program files (x86)\A1\A1 Servicecenter\Start.exe
c:\program files (x86)\A1\A1 Servicecenter\Start.ini
c:\programdata\lsass.exe
c:\users\Matze\AppData\Roaming\Xygola
c:\users\Matze\AppData\Roaming\Xygola\liolfe.exe
c:\users\Matze\Documents\~WRL3414.tmp
c:\users\Matze\granny2.dll
c:\users\Peter Kriegl\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3D7C118A-99A1-48BE-A963-A101F8530F86}.xps
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-26 bis 2012-10-26 ))))))))))))))))))))))))))))))
.
.
2012-10-26 16:07 . 2012-10-26 16:07 -------- d-----w- c:\users\Stefan\AppData\Local\temp
2012-10-26 16:07 . 2012-10-26 16:07 -------- d-----w- c:\users\Peter Kriegl\AppData\Local\temp
2012-10-26 16:07 . 2012-10-26 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-26 16:07 . 2012-10-26 16:07 -------- d-----w- c:\users\Matze\AppData\Local\temp
2012-10-14 15:02 . 2012-10-14 15:02 -------- d-----w- C:\_OTL
2012-10-13 12:15 . 2012-10-13 12:15 -------- d-----w- c:\users\Stefan\AppData\Local\Unity
2012-10-11 15:37 . 2012-10-11 15:37 -------- d-----w- c:\programdata\3DMGAME
2012-10-11 15:25 . 2012-10-11 15:32 -------- d-----w- c:\program files\Dishonored
2012-10-11 12:35 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 12:35 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-11 12:35 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-11 12:35 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-11 12:34 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-11 12:34 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-11 12:34 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 12:34 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 12:34 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 12:34 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-11 12:34 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-11 12:34 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-06 15:00 . 2012-10-06 15:00 -------- d-----w- c:\users\Matze\AppData\Roaming\Avira
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 13:02 . 2011-07-18 20:31 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 18:12 . 2012-05-15 14:50 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 18:12 . 2011-10-14 12:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2012-09-22 13:06 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 11:15 . 2012-09-22 12:49 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 12:49 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 12:49 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 12:49 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 12:49 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 12:49 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 12:49 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 12:49 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 12:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 12:49 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 12:49 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 12:49 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 12:49 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 12:49 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 12:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 12:49 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 12:49 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 12:49 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 12:49 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 12:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 12:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 12:49 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 11:15 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 11:15 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 11:15 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 11:15 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 11:11 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-11 12:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 11:15 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 11:15 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
c:\users\Peter Kriegl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2012-2-2 300928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-27 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-06-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-06-16 40064]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-15 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-07-18 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-07-18 465360]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2011-10-07 70144]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-07-15 96896]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-15 10206208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-15 317952]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-07-15 214144]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 18:12]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 09:19]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-02 09:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-WinRAR archiver - c:\users\Stefan\Desktop\jo\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-26 18:09:58
ComboFix-quarantined-files.txt 2012-10-26 16:09
.
Vor Suchlauf: 7 Verzeichnis(se), 865.206.374.400 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 867.421.540.352 Bytes frei
.
- - End Of File - - B50469BF3D9812F3BBC9EB919640D14C
|
|
27.10.2012, 13:28
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PolizeitrojanerZitat:
Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Dequarantine::
C:\Qoobox\Quarantine\C\program files (x86)\A1
Quit::
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.10.2012, 15:40
| #21 |
| | Polizeitrojaner Ich wurde nach keinen Neustart gefragt und Combofix.txt wurde auch nich erstellt. Statt dessen wurde "DeQuarantine.txt" erstellt. Habe ich da was falsch gemacht? Code:
ATTFilter C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Breitband\A1Breitband.chm -> C:\program files (x86)\A1\A1 Breitband\A1Breitband.chm
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Breitband\A1Breitband.exe -> C:\program files (x86)\A1\A1 Breitband\A1Breitband.exe
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Breitband\inifiles.dat -> C:\program files (x86)\A1\A1 Breitband\inifiles.dat
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Breitband\ipworks6.dll -> C:\program files (x86)\A1\A1 Breitband\ipworks6.dll
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Breitband\M2Updater.exe -> C:\program files (x86)\A1\A1 Breitband\M2Updater.exe
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Breitband\Browser\FF_Setup.exe -> C:\program files (x86)\A1\A1 Breitband\Browser\FF_Setup.exe
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Breitband\Setup\Setup_A1Dashboard.exe -> C:\program files (x86)\A1\A1 Breitband\Setup\Setup_A1Dashboard.exe
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm -> C:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe -> C:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\icudt42.dll -> C:\program files (x86)\A1\A1 Servicecenter\icudt42.dll
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\libcef.dll -> C:\program files (x86)\A1\A1 Servicecenter\libcef.dll
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\M2Updater.exe -> C:\program files (x86)\A1\A1 Servicecenter\M2Updater.exe
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\reqdata.cfg -> C:\program files (x86)\A1\A1 Servicecenter\reqdata.cfg
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Start.exe -> C:\program files (x86)\A1\A1 Servicecenter\Start.exe
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Start.ini -> C:\program files (x86)\A1\A1 Servicecenter\Start.ini
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\broadband.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\broadband.html
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\cd_more.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\cd_more.html
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\index.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\index.html
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\more.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\more.html
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\wlan.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\wlan.html
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf -> C:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf -> C:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_down.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_down.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_right.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_right.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\icon_warning.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\icon_warning.gif
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_center.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_center.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_left.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_left.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_right.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_right.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\warning_bl.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_bl.gif
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\warning_br.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_br.gif
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tl.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tl.gif
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tr.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tr.gif
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css -> C:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css
C:\Qoobox\Quarantine\C\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js -> C:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js
70 Datei(en) kopiert
|
|
31.10.2012, 18:07
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizeitrojaner Nein das ist richtig so Ok, eine Kontrolle bitte:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.11.2012, 19:35
| #23 |
| | Polizeitrojaner Es wurde nur ein log-File erstellt: Code:
ATTFilter OTL logfile created on: 05.11.2012 19:13:50 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 63,99% Memory free 6,98 Gb Paging File | 5,33 Gb Available in Paging File | 76,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 880,41 Gb Total Space | 807,86 Gb Free Space | 91,76% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 28,18 Gb Free Space | 56,35% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: *****| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****A\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a4345e4ff74ec912a5219576049df7fe\System.ServiceModel.Discovery.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e3ba21dc083837fdc1c8b9f98c5f4bf\System.ServiceModel.Routing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7f49661d0e79763b30e9e99e714409a3\System.ServiceModel.Channels.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\509dab10fd00e66d750ac92101fa3d7b\System.ServiceModel.Activities.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4f8ecf03aa4a4165e6850d1d67dc445f\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2f4ce144f88caf780421d66027355f77\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ac5d04fd61df57da0f9976440a8c6c58\System.Runtime.DurableInstancing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4dd48e938a8834fe950cf0cd11603c71\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8f0cf05d2b1e46a772312143227cb6ed\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\4278bedb3086448c94c1e7f563325052\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3287772728-243862164-1318484208-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3287772728-243862164-1318484208-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-3287772728-243862164-1318484208-1004\..\SearchScopes,DefaultScope = {32984A9A-9AEF-4778-877B-035BDA1960D3} IE - HKU\S-1-5-21-3287772728-243862164-1318484208-1004\..\SearchScopes\{32984A9A-9AEF-4778-877B-035BDA1960D3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393 IE - HKU\S-1-5-21-3287772728-243862164-1318484208-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3287772728-243862164-1318484208-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.03 18:40:35 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012.10.26 17:07:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-3287772728-243862164-1318484208-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3287772728-243862164-1318484208-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3287772728-243862164-1318484208-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E700DAEE-439D-4EE4-962B-7D3507F98C6A}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.31 09:27:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.10.30 15:34:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.30 15:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A1 [2012.10.30 15:27:34 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.10.26 17:10:00 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.23 16:37:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.23 16:37:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.23 16:37:16 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.23 16:36:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.23 16:35:45 | 004,989,568 | R--- | C] (Swearware) -- C:\Users\Selina\Desktop\ComboFix.exe [2012.10.21 10:10:36 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Selina\Desktop\tdsskiller.exe [2012.10.14 16:02:40 | 000,000,000 | ---D | C] -- C:\_OTL [2012.10.11 16:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\3DMGAME [2012.10.11 16:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Dishonored [2012.10.11 13:36:24 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.11 13:36:24 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.11 13:36:24 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.11 13:36:10 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.11 13:36:08 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.11 13:36:08 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.11 13:36:08 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.11 13:36:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.11 13:36:08 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.11 13:36:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.11 13:36:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.11 13:36:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.11 13:36:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.11 13:36:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.11 13:36:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.11 13:36:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.11 13:36:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.11 13:36:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.11 13:36:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.11 13:36:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.11 13:36:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.11 13:36:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.11 13:36:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.11 13:36:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.11 13:36:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.11 13:36:07 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.11 13:36:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.11 13:36:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.11 13:36:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.11 13:36:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.11 13:36:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.11 13:36:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.11 13:36:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.11 13:36:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.11 13:36:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.11 13:35:43 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.11 13:34:47 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.11 13:34:47 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.09 16:45:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Selina\Desktop\OTL.exe ========== Files - Modified Within 30 Days ========== [2012.11.05 19:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.05 19:06:48 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.05 18:45:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.05 18:25:42 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.05 18:25:42 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.05 18:22:31 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.05 18:22:31 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.05 18:22:31 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.05 18:22:31 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.05 18:22:31 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.05 18:18:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.05 18:18:14 | 2812,383,232 | -HS- | M] () -- C:\hiberfil.sys [2012.10.26 17:07:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.10.26 16:57:00 | 004,989,568 | R--- | M] (Swearware) -- C:\Users\Selina\Desktop\ComboFix.exe [2012.10.21 10:10:36 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Selina\Desktop\tdsskiller.exe [2012.10.11 18:48:27 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.10.09 19:12:14 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 19:12:14 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.09 16:47:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Selina\Desktop\OTL.exe ========== Files Created - No Company Name ========== [2012.10.23 16:37:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.23 16:37:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.23 16:37:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.23 16:37:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.23 16:37:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.05.10 12:44:32 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini [2012.02.02 17:57:26 | 000,017,408 | ---- | C] () -- C:\Users\Selina\AppData\Local\WebpageIcons.db [2012.02.02 10:43:02 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.28 00:13:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.27 00:24:52 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.15 21:52:42 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
06.11.2012, 12:13
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizeitrojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.11.2012, 21:51
| #25 |
| | Polizeitrojaner Eset hat einen Virus gefunden: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bef744c0543c634f91dd2b962ce5e2d1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-24 05:25:15
# local_time=2012-09-24 07:25:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 411627 411627 0 0
# compatibility_mode=5893 16776574 100 94 20311584 100131290 0 0
# compatibility_mode=8192 67108863 100 0 175440 175440 0 0
# scanned=185817
# found=1
# cleaned=0
# scan_time=6075
C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GHJN598R\iLividSetupV1.exe Win32/Toolbar.SearchSuite Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bef744c0543c634f91dd2b962ce5e2d1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-06 07:55:22
# local_time=2012-11-06 08:55:22 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 4136373 4136373 0 0
# compatibility_mode=5893 16776574 100 94 24036330 103856036 0 0
# compatibility_mode=8192 67108863 100 0 3900186 3900186 0 0
# scanned=161199
# found=1
# cleaned=0
# scan_time=5536
C:\Qoobox\Quarantine\C\Users\Matze\AppData\Roaming\Xygola\liolfe.exe.vir Win32/Spy.Zbot.AAN trojan (unable to clean) 00000000000000000000000000000000 I
|
|
06.11.2012, 22:33
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizeitrojaner Das ist ein Schädling in der Q von Combofix. Kannst du ignorieren Was ist mit Malwarebytes?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2012, 18:15
| #27 |
| | Polizeitrojaner ... die Malwarebytes hab ich vergessen zu posten, ausgeführt hab ich sie. Hier ist sie & schöne Grüße: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.06.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 **** :: ****L-PC [Administrator] 06.11.2012 19:14:00 mbam-log-2012-11-06 (19-14-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 272806 Laufzeit: 2 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
08.11.2012, 20:27
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizeitrojaner Soweit alles ok Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.11.2012, 12:10
| #29 |
| | Polizeitrojaner Jo, so wie's aussieht, ist das System wieder in Ordnung :-) Tausend Dank für deine Hilfe - ohne dich wäre ich voll aufgeschmissen gewesen. MVPS Hosts File werde ich mir anschauen. Schöne Grüße und Danke nochmals - p.h.k. |
|
11.11.2012, 21:51
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizeitrojaner Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Polizeitrojaner |
| andere, anderen, anleitung, dankeschön, erhalte, erhalten, eurer, großes, größe, hallo zusammen, laufe, laufen, leitung, otl.exe, peter, polizei, polizei-trojaner, polizeitrojaner, super, zusammen |
Linear-Darstellung
